As the United States healthcare system continues to move toward Electronic Health Records (EHR) in compliance with the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, questions about security of information continue to be addressed. The US Health Insurance Portability and Accountability Act (HIPAA) require rigorous care in the handling of protected health information (PHI). |
One of the benefits of electronic records is the ability to quickly transmit data across the country or around the world. Whenever protected health information (PHI) is being transmitted electronically to a third party via email, FTP or other form of communication, it is considered "data in motion." The National Institute of Standards and Technology (NIST) and HIPAA mandate that the movement of PHI via electronic means must comply with their standards for security. Unfortunately, it is far too easy for unsecure lines to be breached and identifying information used in malicious ways. HIPAA and NIST are concerned that good practices are observed and that important patient information is protected.
Further, the HITECH Act (ARRA) of 2009 under the guidance of the Department of Health and Human Services (HHS) has outlined a "safe harbor" in which breached information does not need to be reported. Essentially, if PHI is unusable, unreadable or indecipherable to unauthorized individuals, covered physicians and hospitals will not be subject to HITECH's breach notification requirements. Encryption and destruction are two options for rendering PHI unusable, unreadable or indecipherable to unauthorized individuals.
PHI is considered encrypted if an algorithmic process has been used to render the contents essentially meaningless without the use of a confidential process or key. For "data at rest" (stored on databases and file systems), the NIST has different requirements and guidelines than for "data in motion."
Some companies offer a customizable application for hospitals and private practices that meets and exceeds the NIST standards for protecting "data in motion." They also offer encryption that allows your metropolitan hospital or rural community clinic to take advantage of the Safe Harbor Rule and exempts your organization from having to report a breach to HHS.
Currently, the biggest threat to HITECH compliance is protection of PHI en route across the country or around the world via email, FTP or other electronic form of communication. A large percentage of breaches that have already occurred involve some type of information moving from one entity to another. Protect your healthcare organization with software such as Encrypt-A-Note and ensure your "data in motion" needs are met.
Protect your data in motion with Encrypt-A-Note, our HITECH compliant and industry leading software as a service secure messaging portal. Non technical users find it's easy, non-threatening, and feature packed. To know more, visit http://www.manage-trak.com
Related Articles -
data in motion, hipaa data, hipaa data security,