Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Health care data encryption is a form of data security whereby electronic medical records (EHR) are disguised so that unauthorized users may not read or make sense of them. Personal health information (PHI) including medical diagnoses, surgeries and other sensitive health data needs to be secured to guard against malicious motives as well as confidentiality breaches that can result in huge fines.
Before the Health Information Technology for Economic Clinical Health (HITECH) Act was enacted in 2009, only two states in the U.S. implemented data breach requirements in patient health data. California was one of the two states, but 800 reports of personal health information (PHI) data breaches still occurred there in the first five months after HITECH was enacted. This points to the importance of PHI data security, especially in light of the fact that health care providers can now be fined for breaches of their electronic data. When the Health Insurance Portability and Accountability Act (HIPAA) was implemented in 2003, it did not mandate PHI data encryption. But much has changed since then.
Consideration of EHR data encryption is wise for health care providers, administrators, IT personnel and health facilities. Although encryption is not foolproof, it's better than plain text records. And although much attention has been paid to national laws such as HITECH as far as paper medical records conversion and guidelines for EHRs, less attention has been given to Department of Health and Human Services (HHS) regulations in which data destruction or data encryption are the only two forms of protection for patient health data. In addition, should one or the other of these forms of protection be enlisted, the mandate to notify patients of data breaches is waived. However, critics feel that any breach should be reported, whether data has been encrypted or not.