9

Nov

Encrypt EHR — Else HIPAA Violations Need Be Reported To Government & Media

Posted by Steven F. Palter, MD  Published in Uncategorized

Ensure Patient Info is Encrypted to Be Exempt from Breach Regs

New regulations issued by the US Department of Health and Human Services (DHHS) require physicians and other individuals and entities covered under the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information has been breached. A “breach” means the “acquisition, access, use or disclosure of protected health information in a manner not permitted . . . which comprises the security or privacy of the protected health information.” Depending upon the number of patients whose health information may have been breached, a medical practice may be required to notify the DHHS and the statewide media in addition to notifying patients.For example, if a physician maintains patient information in a laptop computer containing the unsecured information of more than 500 patients and the laptop is stolen, the physician would be required to notify not only the patients affected by the breach, but would likely need to also notify the DHHS and the media. A medical practice need not report a breach if the patient information has been properly encrypted – because information that is encrypted is not considered “unsecure.”

 
NYS Med Society strongly recommended that if a medical practice maintains or stores patient information in electronic form, the medical practice should consider encryption. The Breach Notification requirements are very onerous and encryption will enable a medical practice to avoid the Breach Notification Requirements.  The problem is most commercially available electronic medical records don’t yet offer encryption as an option!!!
 
For more information click here.

Related Articles

4 users responded in this post

Subscribe to this post comment rss or trackback url
mygif
Identity Resolution Daily Links 2009-11-09 - Identity Resolution Daily said in November 9th, 2009 at 1:29 pm

[…] docinthemachine: Encrypt EHR — Else HIPAA Violations Need Be Reported To Government & Media “For example, if a physician maintains patient information in a laptop computer containing the unsecured information of more than 500 patients and the laptop is stolen, the physician would be required to notify not only the patients affected by the breach, but would likely need to also notify the DHHS and the media. A medical practice need not report a breach if the patient information has been properly encrypted – because information that is encrypted is not considered ‘unsecure.’” […]

mygif
Interim Final Rule on Enforcement Issued | Avoid Breach Notification - Experior helps with Encryption said in November 17th, 2009 at 5:04 pm

[…] Encrypt EHR – Else HIPAA Violations Need Be Reported To Government & Media (docinthemachine.com) […]

mygif
Do your tablet, laptop, and desktop PCs need encryption if you use web-based EMR/EHR/PHR? | Avoid Breach Notification - Experior helps with Encryption said in November 19th, 2009 at 11:02 am

[…] Encrypt EHR – Else HIPAA Violations Need Be Reported To Government & Media (docinthemachine.com) […]

mygif
Las Vegas Sun: UMC Privacy lapses are the norm | Avoid Breach Notification - Experior helps with Encryption said in November 24th, 2009 at 10:54 am

[…] Encrypt EHR – Else HIPAA Violations Need Be Reported To Government & Media (docinthemachine.com) […]

Leave A Reply

 Username (*required)

 Email Address (*private)

 Website (*optional)

Please Note: Comment moderation maybe active so there is no need to resubmit your comments