Proving HIPAA Encryption Is As Important As Encryption Itself

Share Article

HIPAA covered entities and business associates must provide proof that encryption was used for Safe Harbor to be applicable. AlertBoot's web-based console, recently updated to reflect the Omnibus Final rule that became effective on September 23, 2013, makes the procurement of such documentation fast and easy.

AlertBoot Square Logo
[People] looking to take advantage of HIPAA Safe Harbor benefits need to do more than encrypt PHI. They need to provide documentation that encryption was used.

AlertBoot, a leading provider of mobile device management and full disk encryption managed services, is reminding HIPAA covered entities and business associates that the use of PHI encryption software and smartphone security solutions alone is not enough to provide Safe Harbor in the event of a PHI data loss.

"The data security industry, the Office of Civil Rights at HHS, and medical associations and organizations have done a great job of spreading the word about encryption," said Tim Maliyil, CEO and founder of AlertBoot. "The use of encryption is an important step in ensuring patient data confidentiality. However, those looking to take advantage of HIPAA Safe Harbor benefits need to do more than encrypt PHI. They need to provide documentation that encryption was used."

The HIPAA Final Omnibus Rule makes it clear that Safe Harbor from data breaches is conditional on certain elements. Encryption software provides Safe Harbor but only as long as it complies with NIST's requirements. Complying with these requirements is easy because myriad data security vendors provide NIST-validated encryption.

More problematic is the often overlooked requirement that a covered entity or business associate provide proof of encryption. Unless an organization produces unimpeachable documentation that a laptop was encrypted at the time of the breach, covered entities will be unable to enjoy Safe Harbor.

Users of AlertBoot's data security solutions, Full Disk Encryption and Mobile Device Management, are protected in this respect because of its unique centralized cloud-based encryption management. The deployment process requires the registration of an endpoint before it is encrypted, ensuring that administrators are able to keep track of a computer's encryption status at any time, in real time.

In addition, AlertBoot's newest security tool, the password manager application – which enforces strong HIPAA password management and is designed to provide a comprehensive corporate network level of end-user control to BYOD environments – strengthens the services overall security by spotlighting non-compliance with policies, endpoint password changes, and user logon events.

These features, along with AlertBoot's customizable audit reports, have already been used by clients to prove that missing laptops are encrypted to the authorities and regulators, showing the completeness of the AlertBoot solution.

HIPAA covered entities and business associates interested in HIPAA Safe Harbor benefits must also take into consideration the above factors when looking for a PHI data protection solution. To learn more about AlertBoot PHI security solutions, please visit

About AlertBoot
AlertBoot Data Security offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a secure web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe and lock, device auditing, USB drive and hard disk encryption managed services.

Headquartered in Las Vegas, AlertBoot is trusted by thousands of companies worldwide as part of their bring your own device (BYOD) and mobile information management (MIM) strategy.

For more information on AlertBoot Mobile Security solutions, please visit

Contact Information
Media Contact:
Sang Lee
VP Communications
+1 702-659-8890 x3734

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Sang Lee
+1 702-659-8890 Ext: x3734
Email >
Visit website