Health Information Compliance Alert
Does The HIPAA Security Rule Require You To Use Encryption?
PDF
Question: Is the use of encryption mandatory under the HIPAA Security Rule?
Answer: Some people believe that encryption is a required security implementation specification and that all covered entities (CEs) must implement encryption for transmitting and storing electronic protected health information (ePHI), but this is wrong, according to a Nov. 20 blog posting by attorney Mary Beth Gettins of Gettins’ Law.
In fact, the HIPAA Security Rule does not mandate the use of encryption. If you determine in your risk analysis that encryption is not reasonable or appropriate, or if alternative measures are in place, you do not need to implement encryption, Gettins explained. But you must document the decision not to implement encryption and your rationale for that decision.
Health Information Compliance Alert
- Protect Yourself:
Mobile & Medical Devices Are Ripe For HIPAA Breaches
Know what specific policies and procedures the OCR is looking for you to have in [...] - Breaches:
When Self-Reporting A Breach Leads To An Even More Serious Investigation
HIPAA compliance practices practically non-existent? That’ll cost you millions. Your organization suffers a HIPAA breach, [...] - Checklist:
Follow 10 Critical Steps For An Effective Breach Response
Remember to record breach incidents in your accounting of disclosures log. With several self-reported breaches [...] - Reader Question:
Does The HIPAA Security Rule Require You To Use Encryption?
Question: Is the use of encryption mandatory under the HIPAA Security Rule?
Answer: Some [...] - Reader Question:
Can You Disclose Exam/Test Results To Employers?
Question: When an employer pays our medical office to perform drug tests, fitness-for-duty or return-to-work [...] - Enforcement News:
Why Hospital Isn't Liable For Employee's Facebook Posting Of Patient's PHI
Plus: Senators want HHS to clear up confusion over medical identity theft and HIPAA. Yet [...]