I'm looking for some advice on a rather challenging issue to encrypt PHI. My plan was to use a secure HIPAA compliant web hosting service as the infrastructure for a medical application. My organization does not have a data center. The application that we were intending to use does not encrypt the data. I had planned to use a full disk encryption agent to address any concerns with the data center on visibility to private health information. When I discussed this with the hosting center they mentioned that they would need the encryption key to maintain the system and that the backup robots would decrypt the information for storage. This was not an acceptable solution for the data center.
Other than modifing the application to encrypt the data prior to storing the information is there an agent that I can install to protect the file or folder that will prevent the data center for having access to the information or having the backup system decrypt the information. Modifying the application is not feasible at this time.
Thanks for any advice in advance.
Use Endpoint Encryption for File / Folder?
There are too many variables, you don't say how your application stores data, whether it's shared, why the hosting center needs access to the data at all etc? Best to contact your McAfee partner and discuss I think.