Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation for 28 OEs and Receives Certificate #4781! Read the blog post!
The SafeLogic Blog
The Cryptographic Construction of Medicine
June 7, 2013 •Walt Paley
Today, we published a whitepaper here at SafeLogic, discussing the role of cryptographic technology in meeting HIPAA regulations. There may not be any other use case in which more average Americans are affected every day by encryption, and it is a vital piece of the legislation.
Most of us have had an experience in which HIPAA rules were a thorn in our side. Sometimes tasks that appear simple end up being a giant pain, such as transferring health records to a new physician. After countless hours and a dozen phone calls, 'HIPAA' no longer sounds like an animal at the zoo and may as well be a four-letter word. I've been there.
Luckily, that is largely a function of manual processing that is rapidly becoming a thing of the past. Modern software providers are working hard on the problem from various angles. Assessing physician demands and the needs of the patients, adding user interface improvements and technological innovations, the doctors of the future will be able to do so much more. Real-time collaboration with specialists and colleagues, instant feedback on prescriptions and medicine interactions, leveraging monitoring devices paired with mobile platforms… this is the stuff from sci-fi movies when I was a kid!
Medical software solutions, combined with the exponential growth of diagnostic data being collected, create potentially explosive situations if the data is not encrypted to the highest level. Connected devices have access to massive amounts of sensitive and personal health information and HIPAA acknowledges that it must be encrypted. A single compromised laptop or tablet can lead to hundreds of thousands of patients’ files. Unlike enterprise data, where proprietary data represents the lifeblood of innovative companies, this is quite literally our lives. Imagine the threats that could plague us if our medical records were vulnerable – everything from embarrassment and bullying to maliciously altered medical prescriptions and targeted biological weapons.
Maintaining the integrity of our health records is crucial, and the reality is that it would be impossible without validated cryptography. The idea of unencrypted medical records, even stored locally, gives me the absolute creeps. Luckily for the American public, it is an ironclad requirement. Serious penalties are in effect for healthcare providers who are not compliant with HIPAA and fail to encrypt Protected Health Information.
Now that I have made you completely paranoid about electronic health records and how dangerous it would be to ignore encryption, read our whitepaper. SafeLogic addresses each cryptographic requirement of HIPAA with CryptoComply. By integrating our FIPS 140-2 validated module, software vendors are able to deliver the highest level of encryption and data assurance to your doctor with every update, version, and release of their solution. Innovation will lead the way to a stronger, more efficient health care system, and waiting for FIPS validation hinders that evolution. CryptoComply brings instant compliance to the table, which means the best software, with the best encryption, can be deployed as soon as possible with full HIPAA compliance.
Stay informed about the protection of your medical records, and stay healthy out there.
Walt Paley
Walter Paley is the VP of Communications for SafeLogic. He is responsible for strategy, content, marketing, and outreach. Walt has worked with a series of start-ups and companies in growth stages, including Nukona (acquired by Symantec), Qubole, Bitzer Mobile (acquired by Oracle), and TigerText, among others. An Alumnus of the psychology program at UC San Diego, Walt lives in Southern California with his wife, kids, and their black lab, Echo.
Popular Posts
Search for posts
Tags
- FIPS 140 (111)
- FIPS validation (85)
- Encryption (70)
- cryptography (68)
- NIST (62)
- CryptoComply (60)
- SafeLogic (58)
- Industry News (54)
- cryptographic module (51)
- Conversations (49)
- CMVP (48)
- RapidCert (46)
- compliance (41)
- Ray Potter (33)
- SafeLogic News (33)
- Event (27)
- federal (27)
- CAVP (23)
- Cybersecurity (23)
- FIPS 140-3 (18)
- OpenSSL (16)
- government (14)
- FedRAMP (13)
- CryptoCompact (12)
- Cryptology (12)
- DoD (12)
- RSA (12)
- healthcare (12)
- partners (12)
- NSA (11)
- post-quantum cryptography (11)
- Cloud (9)
- PQC (9)
- security (9)
- CMMC (8)
- Suite B (8)
- testing (8)
- whitepaper (8)
- Approved Products List (APL) (6)
- HITECH (6)
- ICMC (6)
- lab (6)
- CEO (5)
- NIST 800-171 (5)
- NIST 800-53 (5)
- OpenSSL 3.0 (5)
- iOS (5)
- procurement (5)
- C3PAO (4)
- Common Criteria (4)
- HITECH Act (4)
- deadline (4)
- encrypt (4)
- innovation (4)
- procure (4)
- public sector (4)
- Air Force (3)
- BSAFE (3)
- DFARS (3)
- HIPAA Safe Harbor (3)
- HITECH Safe Harbor (3)
- OpenSSL 1.1.1 (3)
- OpenSSL 3.x (3)
- POA&M (3)
- TLS 1.3 (3)
- magazine (3)
- queue (3)
- transition (3)
- 3PAO (2)
- ACVP (2)
- BAA (2)
- CIO (2)
- CSP (2)
- Cyber Defense Magazine (2)
- Defense Industrial Base (2)
- HIPAA security controls (2)
- Historical Status (2)
- MFA (2)
- OpenSSL 1.0.2 (2)
- SPRS (2)
- StateRAMP (2)
- entropy (2)
- excellence (2)
- finance (2)
- founder (2)
- gold (2)
- leader (2)
- maturity (2)
- overlap (2)
- pilot (2)
- rsa conference (2)
- solution (2)
- sponsors (2)
- sunset (2)
- vendor (2)
- year (2)
- Active Status (1)
- Alliance for Digital Innovation (1)
- Android (1)
- CIO Prime Views (1)
- DHS (1)
- DIU (1)
- DIUx (1)
- DOJ (1)
- DoDIN APL (1)
- Entropy Source Validation (1)
- FCA (1)
- FIPS Compliance (1)
- FISMA (1)
- GSA (1)
- HITRUST (1)
- Matt Cornelius (1)
- Matthew Cornelius (1)
- Maturity Model (1)
- NCCoE (1)
- OMB (1)
- SLED (1)
- SP800-131A (1)
- SP800-90A (1)
- TLS 1.1 (1)
- background (1)
- best (1)
- co-founder (1)
- codies (1)
- congress (1)
- cybertech (1)
- education (1)
- elliptic curve cryptography (1)
- extended (1)
- faq (1)
- fintech (1)
- fiscal (1)
- fiscal year (1)
- fraud (1)
- globee (1)
- hill (1)
- interview (1)
- kratos (1)
- libgcrypt (1)
- national cybersecurity strategy (1)
- opportunities (1)
- parallel (1)
- profile (1)
- public (1)
- representatives (1)
- reseller (1)
- senate (1)
- senators (1)
- simplify (1)
- state (1)
- stealth mode (1)
- story (1)
- terminology (1)
- trophy (1)
- whistleblower (1)
- whistleblowing (1)