Your healthcare organization is deploying a business-intelligence dashboard that pulls electronic protected health information (ePHI) from its on-premises EHR into a cloud data warehouse. Compliance policy states that the ePHI must remain unreadable to unauthorized individuals while it moves across the network and while it is stored in any database file, snapshot, or backup. Which control BEST satisfies this requirement?
Enable data masking on patient identifiers before loading records into the warehouse
Configure role-based access control in the cloud warehouse to limit query permissions
Schedule nightly exports of the warehouse to an encrypted offline tape library
Implement end-to-end encryption using TLS 1.2+ for transport and AES-256 or equivalent for data at rest
Encrypting the data in transit with protocols such as TLS and encrypting it at rest with strong algorithms like AES means the information is converted to ciphertext everywhere it lives or travels. Without the proper keys, intercepted or stolen data remains unintelligible, meeting HIPAA transmission-security and storage-security expectations. Access control, data masking, or single-purpose encrypted backups each mitigate risk, but none alone guarantee protection across both states.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between encryption in transit and encryption at rest?
Open an interactive chat with Bash
Why is AES-256 encryption considered a strong algorithm for securing data at rest?
Open an interactive chat with Bash
What role does TLS 1.2+ play in meeting HIPAA compliance for secure data transmission?