And I know it's "poor form" to reply to one's own post, but....
This new rule, especially as it applies to Business Associate's has GOT TO
HAVE EVERYONE THINKING...
"If I have health data stored either in the cloud or with a third party
service provider and it's a streamed backup from servers, possible
commingled with other data, HOW DO I comply with the new HHS requirements
specifically related to encryption of this HIPAA related data?" and....
"Do I have a Business Associates Agreement on file with my data storage
companies?" http://bit.ly/IaVkF
Yeah, it DOES get more complex, and organizations are going to have to start
thinking of the need to separate out data streams to ensure backups isolate
information based on it's value or function and encrypt it based on what it
is, not on a single algorithm.
Larry
[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]