Whether you're a tech aficionado or not, you've probably heard of encryption before. Major tech companies like Google, Microsoft and Apple all use this technology to secure their users' data. But what exactly is encryption? And is it a requirement by the Health Insurance Portability and Accountability Act (HIPAA)?
Encryption is a technology used in digital communications which converts plain text messages into encoded text; thus, making it difficult, although not impossible, for someone other than intended recipient to intercept and interpret the message.
Encryption involves the use of a special algorithm (formula) to convert the original message into a new message. The actual content of the message remains the same, but rather than the characters are converted for the purpose of concealing its true nature. Once the encrypted message reaches the recipient, he or she can decode it. The process is simple and requires no additional steps on behalf of the recipient.
Encryption and HIPAA
We live in an ever-connected digital day and age in which nearly every doctor and healthcare provider uses some form of digital communications. Whether it's email, instant messaging, cloud storage, etc., digital communications has become an integral part of our daily lives. But with the convenience of sending and receiving messages in the blink of an eye comes new security risks, which is where encryption comes into play. Covered entities can reduce the risk of data breaches by taking the necessary steps to encrypt their data.
If you are wondering whether or not encryption is a requirement pertaining to HIPAA, you might be surprised to learn that is not. According to the Department of Health and Human Services (HHS), the Security Rule makes encryption an “addressable specification,” meaning covered entities must only implement it deemed to be a reasonable and appropriate safeguard in mitigating the risk of confidentiality, integrity and availability of Electronic Protected Health Information (EPHI).
Although the HIPAA Security Rule doesn't specifically state that covered entities must encrypt their data, it's still a good idea to get into the habit of doing so nonetheless. Encryption is relatively easy to implement, with many cloud-based storage services using it by default. Rather than “hoping” that your digital messages end up the hands of the intended recipient, you can rest assured knowing they are safe and protected by having them encrypted.