Archive for July 3rd, 2009

Encryption and decryption from security law perspective (Part II)

Friday, July 3rd, 2009

In my previous post I suggested several variants of computer security translated by different laws. Now I’d like to get to ciphers…again viewed by law.

So, how does the law see encryption and decryption issues through glasses of security standard? First of all, it says there simply should be encryption/decryption tools available.

ENCRYTION AND DECRYPTION (A) – § 164.312(a)(2)(iv)
Where this implementation specification is a reasonable and appropriate safeguard for a covered entity, the covered entity must:
“Implement a mechanism to encrypt and decrypt electronic protected health information.”

(more…)