Regardless of the level of security provided for both facilities access, and for electronic access, if the data being accessed is not encrypted, then there’s a gaping hole in security. Encryption, both of data in transit and at rest fills this hole.
Welcome to the ActivePrime Blog
In our blog, you’ll find helpful and informative posts dedicated to improving CRM performance and usability. Our topics include deep dives on the technical aspects of CRMs like searching and data quality. You’ll also find insightful posts about user productivity and adoption.
START WITH ASSET CLASSIFICATION
Not all CRM data falls under HIPAA guidelines. The purpose of asset classification is to ensure a clear policy is in place for classifying data. Classifications are not defined by HIPAA, they are company specific. For instance, an organization may decide to classify CRM data into public data, private data, critical data, and protected data. In this definition protected data would be actual data requiring protection under HIPAA. Each CRM system data asset within an organization would be classified by the security team and typically assigned an owner. The owner is an individual responsible for ensuring the private data is appropriately protected.