Healthcare Information Security Podcast

Widespread implementation of encryption is a top priority at Stanford Hospital and Clinics, thanks, in large part, to the "safe harbor" in the HITECH breach notification rule, says Michael Mucha, information security officer. He notes that organizations that use the proper form of encryption don't have to report data breaches under the HITECH Act. He says this safe harbor instantly created an obvious return on investment for encryption. In an in-depth interview, Mucha discusses Stanford's risk management projects, including: Using data loss protection, or DLP, as an extension of encryption; Implementing an event correlation system that aggregates logs and uses business rules to monitor who is accessing information and detect potential internal breaches; and Updating role-based access to systems. Palo Alto, Calif.-based Stanford Hospital and Clinics, part of Stanford University Medical Center, recently received a Stage 7 award from HIMSS Analytics. It's one of only a handful of organizations to receive t