Is Encryption Required by HIPAA?


If your organization handles Protected Health Information (PHI) in any ability – you’re compelled by the Health Insurance Portability and Accountability Act (HIPAA) to secure its privacy and confidentiality. The HIPAA oblige that medical providers, called Covered Entities, execute data protection to secure patient information from disclosure. Sensitive patient data or ePHI, includes information like patient names, addresses, social security numbers, bank account details, birth dates, and much more. By the HIPAA law, if the covered entity not succeeds to secure the patient information and go through a loss or data breach of that data must make a formal data breach report to the US Department of Health and Human Services.


If you’re a covered entity, HIPAA includes everyone within your organization as well as exterior vendors – including business associates, email service providers, and subcontractors. So, ensure that you have a business associate agreement (BAA) with any email service provider you use, but having one doesn’t guarantee your emails are fully HIPAA compliant. 


The two most efficient technologies for complying with the HIPAA Security Rule are encryption and lock messaging. Encryption technologies encrypt messages before they are sent, making them unfeasible for unauthorized individuals to read them if intercepted or accidentally leaked. The most ordinary breach of HIPAA encryption requirements is the failure to implement appropriate end-to-end protections for PHI. Use End-to-end encryption for secure messaging solutions. It gives a platform where users may login to transfer and accept encrypted information, by accumulating a further layer of access control to persuade HIPAA encryption requirements. A few recommendations when it comes to data encryption:

  • Don’t utilize public FTP (File Transfer Protocol) if you require transferring patient data to and from payers or other business associates.
  • Working from remote locations, use a VPN (Virtual Private Network).
  • Use SSL (Secure Sockets Layer) for web-based access to any sensitive data.
  • Accumulate your data in an offsite location with a protected environment
  • For the encryption of transportable devices to stored sensitive data locally, use file level encryption and full disk encryption (FDE) method.
  • Following the NIST (National Institute of Standards and Technology) standard
  • Use the HIPAA risk assessment method for securing the current environment.


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *