HHS issues guidance on electronic health data
June 25, 2009
The U.S. Department of Health and Human Services issued guidance in May on how to protect electronic health care data.
The American Recovery and Reinvestment Act of 2009 required the agency to issue guidance for entities covered by HIPAA and their business associates. (Other entities will receive guidance from the Federal Trade Commission.)
The guidance identifies two methods, encryption and destruction, by which to render protected health information “unusable, unreadable, or indecipherable to unauthorized individuals.”
Several states have recently passed similar laws. But the HHS guidelines are more specific and instruct covered entities to use processes of encryption tested and approved by the National Institute of Standards and Technology.
The agency emphasizes that the guidance is “not intended to instruct covered entities and business associates on how to prevent” a data breach, however.
And while covered entities are not required to follow the guidance, those that do will be protected by a safe harbor in the case of a data breach, and would not be forced to provide notification of the breach under HIPAA.
![[Print]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/print.png)
![[Email]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/email_2.png)
![[del.icio.us]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/delicious.png)
![[Digg]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/digg.png)
![[Facebook]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/facebook.png)
![[Furl]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/furl.png)
![[Reddit]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/reddit.png)
![[StumbleUpon]](http://mamedicallaw.com/wp-content/plugins/dmc_sociable_toolbar/stumbleupon.png)
Loading ...
Comments
Got something to say?