A Review of Data Encryption of Protected Healthcare Information as it Relates to HIPAA and HITECH Compliance

Contributed by Mike Richter

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 laid the framework for the privacy and security of Protected Health Information (PHI). The original law focused on three main provisions, “(1) the portability provisions, (2) the tax provisions, and (3) the administrative simplification provision” (Nass SJ, 2009) It is the third provisions which covered electronic medical record and the need to secure the data and maintain the privacy of the patients. According to Nass, “The primary purpose of these provisions was to standardize the use of electronic health information, but Congress also recognized that advances in electronic technology could endanger the privacy of health information” (Nass SJ, 2009). It was this fear that lead to provisions that would become known as the Security Rule. According to the Department of Health and Human Services website, “The HIPAA Security Rule establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a covered entity” (hhs.gov, 2014) The purpose of this paper is to look at how different types of data encryption can be used to enforce the standards found in the original HIPAA law as well as the laws that came after it, HITECH and the HIPAA omnibus final rule of 2013.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet