Encryption requires decryption prior to use which is computationally expensive, so you can’t just encrypt everything on the server. The best tools and methods depend on the application, operating system and usage patterns.
A few things clients should consider:
- Always use SSL for web-based access of any sensitive data (personally identifying or medical information)
- Name, SSN, diagnosis, addresses, prognosis etc. and other sensitive information within an EMR system should be encrypted in the database using techniques and mechanisms known only to a select few.
- Content such as images or scans should be encrypted and contain no personally identifying information.