Table 5. Security Methods to Protect Data
Security Method
Description
Ensure data are encrypted when resident on file systems.
Encrypt data at rest
Encrypt data in transit
Data retention and destruction
Scrub production data from test and development environments
Mask sensitive data within applications
Ensure that secure transport methods are used for both internal and external movement.
Ensure that reten�on policies are set. Contractually bind third par�es to destroy data when termina�ng contracts. Ensure that iden�fiable informa�on is removed when replica�ng produc�on environments for tes�ng. Restrict users from accessing highly sensi�ve informa�on, such as SSNs, by masking it unless authorized.
Considerations
When using the cloud-based services, enable native encryption capabilities to prevent exposures if the cloud provider is hacked.
Ensure that full disk encryption is enabled on all workstations and laptops.
Ensure that websites containing sensitive data use encrypted transport methods, such as Hypertext Transfer Protocol Secure (HTTPS).
Enable internal encryp�on methods when moving data in the organiza�on.
Never send unencrypted sensitive data outside of the organization.
Use standard destruction forms and require vendors to attest that data have been destroyed pursuant to those forms.
Set reten�on policies and quotas on e-mail systems to reduce the amount of data that can be exposed. Ensure that legal reten�on requirements are met.
Establish a purge strategy that includes purge mechanisms.
Leverage specialized tools to deidentify data elements within large systems (such as EMRs).
Regularly audit data elements within test and production environments to ensure that they are clean.
Permit SSN access only to members who require it (e.g., registration desks, admitting desks, payor processing).
45
