On 10/21/2014 09:52 AM, Verhagen, Laurel A wrote:
After writing the agenda, I received the following from Steve Fennel:
1)How will GPC data in motion be protected? /All data in motion will
be encrypted. Specially, data files will be sent via SCP.
Alternatively, if the application involves REDCap, it will utilize SSL./
Do we really want to commit ourselves to a sweeping statement like "all
data in motion"? Perhaps saying "all EMR-derived data" or earlier on
defining what is meant by data for the purpose of this discussion (or
perhaps specific several classes of data with distinct protection
requirements)?
2)Will data at rest be encrypted up to NIST standards/? Yes, data at
rest will use a NIST approved encryption algorithm (specifically AES).
/
Actually, there's a lot more to NIST guidelines for HIPAA protected data
than just choice of encryption algorithm. The good news it's all on one
convenient site, with accompanying software:
http://scap.nist.gov/hipaa/
_______________________________________________
Gpc-dev mailing list
Gpc-dev@listserv.kumc.edu
http://listserv.kumc.edu/mailman/listinfo/gpc-dev
