Home / Blogs

Three Reasons Why Encryption Is the Surest Way to Secure Your Practice Information

How secure is your medical practice?

Download Practice Security Management Guide


There’s a raging debate going on between the FBI and the legislature on whether or not to allow “backdoors” in encrypted systems for the benefit of law enforcement. To the FBI, this is a no-brainer. If criminals are using encryption to sidestep law enforcement, then it follows that encryption system providers must be compelled to build in backdoors for law enforcement to catch said criminals. This debate is instructive in one particular thing: encryption works.

In fact, it works so well that encryption software providers warn that if you encrypt something and forget the password, it’s as good as lost. For medical practices, this means being able to meet HIPAA information security requirements beyond a satisfactory level.

So how exactly can encryption help secure your medical practice information?

Security starts with login credentials. Employees use a credential token to gain access to the system and this keeps prying eyes at bay. But on the off-chance that someone is able to gain access to the system by bypassing these login gates, what happens? All your practice data is laid bare to them to do as they please with it – but not if the most sensitive information, such as patient billing information and medical records, are encrypted.

Modern EHR systems store data in different clusters, with some being data being more secure than others. For example, all billing and patient health records may be stored in hyper-secure clusters while scheduling information may not. If there was a data breach, hackers would find a formidable challenge in gaining access to the most sensitive information, even if they already have access to the less sensitive information. In this case, encryption stops the hackers in their tracks.

Another reason why encryption is your best line of defense is secure web access. When using HTTP access (as opposed to HTTPS), information is sent over the internet unencrypted. This means if that web traffic is intercepted, the interceptor can plainly see all the information that is being sent and received. HTTPS, which stands for Hypertext Transfer Protocol Secure, encrypts all the data being communicated to and from the receiving server, thus ensuring any outside parties cannot decipher what is being transmitted. To this end, practices must ensure that any systems they use are accessed only through a HTTPS address and not a HTTP (unencrypted) address.

The key takeaway is that encryption works. All security experts concur on this one fact: in the face of unethical hackers crawling the Internet for targets, only encryption can win. Other methods of securing data such as using passwords, separating data, using offline systems, etc., all have vulnerabilities.

Embrace encryption in your medical practice and demand a secure online connection from your EHR provider because nothing less will do if you want to keep your practice data safe from snoopers.