MUSC Policy MUSC-xx: Information Security - Encryption
Definitions:
- Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.
Policy:
If an MUSC System is used to create, store, process or transmit Protected Information, then the designated Owner of the System is responsible for ensuring that the System's mechanisms for encrypting data are sufficient to meet all legal, ethical and business requirements.
The process of determining whether encryption is necessary, and the type(s) of encryption to be used within the System, should be guided by the System Owner's Risk Assessment. It may be necessary to encrypt Protected Information during storage, during processing, and/or during transmission over electronic communication networks.
Sanctions:
- Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.
See Also:
- MUSC Policy MUSC-xx: Information Security
- MUSC Policy MUSC-xx: Information Security - Risk Management
- MUSC Policy MUSC-xx: Information Security - Access Control
References:
- HIPAA Security 164.312(a)(1) Standard: Access control
- HIPAA Security 164.312(a)(2)(iv) Encryption and decryption
- HIPAA Security 164.312(e)(1) Standard: Transmission security
- HIPAA Security 164.312(e)(2)(ii) Encryption
$Id: encryption.html,v 1.1 2004/10/25 13:59:17 gadsden Exp $