Is Fire Vault HIPAA compliant?
I'm a therapist, and I am searching for HIPAA-compliant storage and software to use in my practice. Does FireVault fit the criteria?
MacBook Pro, Mac OS X (10.6.4)
I'm a therapist, and I am searching for HIPAA-compliant storage and software to use in my practice. Does FireVault fit the criteria?
MacBook Pro, Mac OS X (10.6.4)
File vault is more than sufficient, actually. So long as physical access is controlled. The data doesn't actually have to be encrypted locally to meet HIPAA standards. HIPAA only requires encryption for data in transit via a public network.
The HIPAA regulations are incredibly vague and at the same time, very complex. As an IT manager in health-care, I've learned more about HIPAA than I ever wanted to know.
File vault is more than sufficient, actually. So long as physical access is controlled. The data doesn't actually have to be encrypted locally to meet HIPAA standards. HIPAA only requires encryption for data in transit via a public network.
The HIPAA regulations are incredibly vague and at the same time, very complex. As an IT manager in health-care, I've learned more about HIPAA than I ever wanted to know.
FileVault only encrypts the file system. Any HIPAA protected information would still need to be encrypted on the file system to meet HIPAA compliance requirements of controlling who on the computer can access the information.
This Apple document describes what File Vault encrypts: OS X: About FileVault 2 - Apple Support.
However, it only works on the boot drive. So if your patient data is on EHDS then you would need to look for a 3rd party disk encryption scheme.
This is from that document:
FileVault 2 uses full disk, XTS-AES 128 encryption to help keep your data secure. Using FileVault 2, you can encrypt the contents of your entire drive.
I'm actually using 10.10.2. So if I password protect each file and use Fire Vault, then password protect my user account, I should be covered, right?
I had read that document, but thank you for reposting. I am one who needs reassurance of the assurance, just in case :-)
Is iCloud HIPAA compliant then, if I have used FireVault on my Mac, password protected each document and the Mac, but save to iCloud?
No. iCloud is not HIPAA compliant. The only HIPAA compliant cloud service provider is Microsoft. Storage and mail systems included with office 365 (business, not personal) and Azure are HIPAA compliant and Microsoft will sign the necessary paperwork to certify that.
Is Fire Vault HIPAA compliant?