On Friday, the Dept of Health and Human Services released new details on breach notification and the protection of personal health information.

There are two acceptable methods: encryption and destruction.

Encryption is the obvious method provided for securing ePHI, and the acceptable encryption methods were expectedly referencing NIST standards.

Using encryption may help organizations prevent public embarrassment and costly settlements

Breach notifications only need to be made for what falls under "unsecured" PHI. So, if someone gets hold of PHI that is encrypted using the referenced NIST encryption standards, then notification is not required.

Written by Kanguru — October 31, 2012

Today's Schedule

The Very Latest From Kanguru

Stay informed about the most up-to-date Kanguru products, services, special events and insights on IT technology from leaders in the secure data storage and duplication industry.

visit Kanguru News visit GuruBlog