Online encryption guide launched by AMA
■ The resource is meant to assist physicians in satisfying revised HIPAA laws.
By Pamela Lewis Dolan — Posted April 7, 2010
- WITH THIS STORY:
- » Related content
The American Medical Association has launched an online guide that helps physician practices understand encryption and how to implement it. The guide consists of frequently asked questions that cover common questions and concerns regarding the process of data encryption.
The Health Information Technology for Economic and Clinical Health Act, part of the American Recovery and Reinvestment Act of 2009, updated Health Insurance Portability and Accountability Act laws to include a notification requirement in the event of a breach. Practices are required to notify affected patients and the Dept. of Health and Human Services, and in some cases the media, when a breach occurs. The maximum civil penalty from HHS for a data breach occurring after Feb. 18, 2009, rose from $25,000 to $1.5 million.
But practices are exempt from the notification requirement if the data are encrypted.
The AMA's guide details what encryption is, how it works and the types of keys that can be used. The resource also directs practices to the different types of encryption programs available and what data practices should encrypt. The guide is available online (link).
Another online resource details the revised HIPAA laws and the corresponding penalties for noncompliance (link).
Both resources are available to all physicians.
The "20th Annual HIMSS Security Survey," released by the Healthcare Information and Management Systems Society in November 2009, found that 67% of organizations encrypt data in transmission and 44% encrypt data in storage. HIMSS also found that only 39% use mobile device encryption.