Popular
BlogNEW
CompaniesNEW
Finance
Technology
Banking
Information Technology
Oil and Energy
Internet
Mining and Metals
Communications
Real Estate
Biotechnology
Automotive
Medical
Retail
Energy
Investor Presentaiton slide image

Investor Presentaiton

Number 16 July 2010 Strong Encryption Information and Privacy Commissioner of Ontario Fact Sheet Health-Care Requirement for Strong Encryption Introduction The Office of the Information and Privacy Strong Encryption Commissioner (IPC), in Order HO-004, and most recently in Order HO-007, required that health information be safeguarded at all times, specifically by ensuring that any personal health information stored on any mobile devices (e.g., laptops, memory sticks, PDAs) be strongly encrypted.' The Order did not otherwise define what constitutes "strong encryption" in the context of protecting the confidentiality, integrity, and availability of personal health information. Accordingly, this paper provides a working definition of strong encryption and discusses the minimum functional and technical requirements of what may be considered to be strong encryption in a health-care environment. These, in turn, will provide procurement criteria that, if met, will ensure that personal health information stored on encrypted mobile devices or storage media will remain accessible to authorized users, but no one else. Special thanks go to Dr. Robert Kyle, Durham Region Commissioner and Medical Officer of Health, for supporting the production of this paper. The term 'strong encryption' does not refer to a particular technical or design specification, or even to a specific encryption feature that could be inserted into a procurement or audit specification. No particular encryption technology no matter how "strong" it may be can ever, by itself, ensure that information remains secure. Instead, avariety of circumstances and factors need to be taken into account to ensure that personal information is protected against access by unauthorized parties. To begin with, a good encryption algorithm must be used-one that has been subjected to rigorous peer review. Next, the algorithm must be properly implemented. This may only be confirmed if the encryption system is tested by an independent security testing lab. Once the encryption system is deployed, the encryption keys must be protected and managed effectively. Users who are authorized to decrypt data must be securely authenticated by means of passwords, biometrics, or security tokens. Other IPC Publications No. 12 - Encrypting Personal Health Information on Mobile Devices Provides guidance to health information custodians on how to securely retain personal health information on mobile devices through encryption. No.13 - Wireless Communication Technologies: Video Surveillance Systems Addresses privacy issues that arise from the use of wireless video surveillance technologies to transmit personal information and the proactive security measures required to protect the privacy of individuals. No.16 Health-Care Requirement for Strong Encryption Discusses the minimum functional and technical requirements of what may be considered strong encryption, thus ensuring that personal health information stored on mobile devices is protected. No.18 - Secure Transfer of Personal Health Information Provides guidance for health information custodians on the secure transfer of records of personal health information. www.ipc.on.ca Information and Privacy Commissioner of Ontario Commissaire à l'information et à la protection de la vie privée de l'Ontario
View entire presentation

Product

HomeSearchAccount

Categories

Finance PresentationsTechnology PresentationsBanking PresentationsInformation Technology PresentationsOil and Energy PresentationsInternet PresentationsMining and Metals PresentationsCommunications PresentationsReal Estate PresentationsBiotechnology PresentationsAutomotive PresentationsMedical PresentationsRetail PresentationsEnergy Presentations

Company

InsightsContactSupport

Legal

Terms of ServicePrivacy Policy

Connect

TwitterLinkedInInstagramYouTube