OCR Urges Covered Entities and Business Associates to Use HTTPS

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities.

According to OCR, the vulnerability can be introduced by the use of products that inspect HTTPS traffic. These products are used to detect malware or unsafe connections, which could allow an interception of the communication. These are called man-in-the-middle attacks.

The OCR advises that covered entities and business associates follow US-CERT guidelines and verify that their HTTPS inspection product validates certificate chains and passes warnings to the entity, and is properly installed.

According to the OCR, evaluation of an entity’s HTTPS inspection tool should be included in the entity’s risk assessment and analysis to determine whether the products should be used.

OCR further refers covered entities to refer to NIST publications on end-to-end communications and encryption processes to use when transmitting ePHI.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide