Encryption

The last item under the Transmission Security task of the Technical Section is Encryption. This is an addressable item that requires that agencies implement a mechanism to encrypt EPHI whenever deemed appropriate.

Unfortunately, there is no guideline given for the type of encryption to use. In order to use encryption both the sender and receiver must agree upon an encryption method and share parts of the encryption keys. This process would only come into play when transmitting EPHI. For the most part agencies are tied to the methods of transmission required by Medicare, Medicaid, etc. If you are transmitting EPHI to other locations you may need to develop an encryption mechanism.

This is the last item in the HIPAA Security Rule. My next post will detail some documentation requirements that fall outside of the Administrative, Physical, and Technical sections of the rule.