Encryption: Protect Your Patient Data

What is Encryption

Encryption: “The process of converting information or data into a code, especially to prevent unauthorized access.”

Encryption is a very important line of defense when it comes to protecting your patient data. Along with good physical security and following other security best practices, it will help protect both you and your patients by making it nearly impossible for someone to read data that they are not entitled to read, even if they are able to access it.

In practical terms, you will use a software application that seamlessly encrypts your data when at rest and decrypts it when the system is in use.

Why You Need It

Encrypting data is considered an “Addressable” implementation specification in the HIPAA Security Rule. This means that while encrypting data is not strictly required, it is required where “reasonable and appropriate”. Given the relative ease of encrypting data with modern technology, it is nearly always reasonable and appropriate to encrypt your data. If an entity chooses not to encrypt their data at rest or during transmission, they must have a solid reason, backed up by documentation, as to why they chose not to do so.

For more information on encryption and other technical safeguards in the HIPAA Security Rule please refer to the Security Rule Guidance Material, specifically the Technical Safeguards document.

How to Use It