{1 - 24} GreyGrey
{25 - 49} GreenGreen
{50 - 499} BlueBlue
{500 - 4999} OrangeOrange
{5000 - 24999} RedRed
{25000+} BlackBlack

Please confirm that you would like to report this for an admin to review.


Does HIPAA require encryption of patient information (ePHI)?



Confirm that you would like to Remove Email Alerts for your question. You cant undo this and you will not be able to re-subscribe.


1 Answer

HIPAA is largely a call to a strong control environment, with a focus on the necessary security safeguards to ensure the security of patients. Contrary to prevailing opinion, the achievement of HIPAA Security compliance is not reliant on complex technology solutions and strategies, but rather on simpler people and process-oriented control environment issues.
A key tenet of HIPAA compliance is ensuring the confidentiality of patient information – most notably electronic patient health information (EPHI). As most security practitioners are all too familiar with a surprisingly large percentage of data breach notifications are triggered by the theft or loss of data in a mobile form. Accordingly most mobile security protection schemes are centered on good physical security of the mobile devices, good logical access control to the device, and encryption of all sensitive data on the device.

There are many ways a business can comply with HIPAA requirements, but more healthcare providers are moving toward HITRUST or ISO 27001 Certification. You can read more about it at https://www.defensorum.com/hipaa-encryption/

Confirm that you would like to select this answer as the "Best Answer" to your question. This will bring this answer to to top and be highlighted as "Best Answer". You can always change this if a better answer is given.


You must be Logged In to Answer this Question

Already a Member, Log In
Not a member yet? Sign Up
happy wheels