12-07-15 | Blog Post
To address the question of whether or not to use data encryption when it comes to meeting HIPAA compliance and keeping patient health information (PHI) protected, let’s revisit the Health Insurance Portability and Accountability Act of 1996 (HIPAA):
A covered entity must, in accordance with §164.306… Implement a mechanism to encrypt and decrypt electronic protected health information.” (45 CFR § 164.312(a)(2)(iv))
If you choose not to encrypt data, the HIPAA Security Rule states you must implement an equivalent solution to meet the regulatory requirement. The law leaves encryption open to interpretation since covered entities vary when it comes to network and network usage, depending on the type and size of business.
While HIPAA and HITECH address the security and privacy of PHI with more of a policy and procedures-oriented approach with no strict parameters for what type of technology to use, encryption is typically considered a best practice when it comes to protecting sensitive data.
A few recommendations when it comes to data encryption:
Find out more about the Benefits of HIPAA Compliant Hosting and basic definitions in our HIPAA Glossary of Terms. Get examples of HIPAA training, privacy policies, procedures and forms from established HIPAA compliant medical centers and universities in our HIPAA Resources section.
Looking for more information on HIPAA IT requirements, recommendations, and the foundation of a secure HIPAA compliant data center?
Download our HIPAA Compliant Data Centers white paper now for a complete guide to HIPAA hosting with IT vendors.
Read more on HIPAA and encryption in:
HIPAA Encryption in the Cloud: Don’t Sacrifice Performance for Security
Earlier this year, OCR (Office for Civil Rights) Director Leon Rodriguez was quoted on the topic of HIPAA encryption: “…regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information. Encryption is an … Continue reading →
Get Ready for HIPAA Audits with Encryption & A Risk Analysis
Remember the pilot HIPAA audit program conducted by the OCR (Office for Civil Rights) last year? HealthCareInfoSecurity.com reports on the findings, as revealed in an interview with an OCR attorney. About 44 percent had issues with their uses and disclosures … Continue reading →
High-Capacity, Encrypted HIPAA Clouds for Medical Imaging Data Security
A recent healthcare data breach was reported by HealthDataManagement.com as a result of a stolen unencrypted laptop, a component of a diagnostic imaging machine. Retinal Consultant Medical Group notified patients that their names, DOBs, gender, race and optical coherence tomography … Continue reading →
Advanced Encryption Standard (AES)