Hipaa Encryption Compliance

Author: Barry Goodknight

Every business owner in the country knows about HIPAA and HIPAA Encryption Compliance. A law introduced in the 1990s and updated in 2003 to cover the use and protection of protected medical information or PHI. Although the legislation has been around for a while, a 2006 survey of healthcare providers found only half were completely compliant with the requirements of HIPAA.



With personal information being traded across the world for both legal and nefarious reasons, you need to protect your details as much as possible. You dont have to be a well-known figure, celebrity or top businessman to want to protect your information, company or otherwise.



Of course if you run a company that has employees with medical insurance, or process or any way deal with medical records or insurance, you have no choice but to protect yourself. HIPAA encryption compliance specifies that any electronic correspondence that has PHI included in it must be encrypted. It also specifies that the correspondence should also be securely archived, time-stamped, indexed, tamper-proof and be available when requested.



Many hospitals, doctors and clinics consult by email. Medical records are also transmitted via email, as are insurance details. We do most of our business over the internet and email, medicine too. This can make people a little uncomfortable, knowing their information is out there somewhere floating around the ether. Even on a short trip, an email is copied at least a couple of times by each email server it transits. Someone with the access and ability could easily get that information and use it for their own gain, which is why HIPAA specifically mentions it.



HIPAA encryption compliance isnt voluntary, its mandatory, and there are stiff penalties for transgression. There are two pertinent parts of the HIPAA that relates to email encryption, The Privacy Rule and the Security Rule.



The Privacy Rule gives individuals the right to request that a covered entity correct any inaccurate PHI. It also requires covered entities to take reasonable steps to ensure the confidentiality of communications with individuals.



This Rule specifies that every effort must be taken to protect PHI when its stored, used, viewed and transmitted. The use of email encryption is mandatory for any body that has access to or deals with PHI.

The security rule is very specific.



Covered Entities must maintain reasonable and appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of their EPHI against any reasonably anticipated risks.



This includes the use of email encryption. Fortunately it isnt as difficult, or as cumbersome as it used to be. There are now specific programs that sit alongside, or within email clients and servers that encrypt email before its sent. This automatic process allows companies to fully comply with HIPAA while not having to spend extra time administering it.



There is now no real excuse for a business that deals in PHI to not be fully compliant. The means are there, the cost has reduced, it just takes the will of business to adopt it.

Article Source: http://www.articlesbase.com/law-articles/hipaa-encryption-compliance-1968799.html

About the Author

Written by PC Pro Schools. More info on the laws surrounding HIPPA please visit hhs.gov or HIPAA Email.