The HHS Office of the National Coordinator for Health Information Technology (ONC) recently released Version 2.0 of its Guide to Privacy and Security of Electronic Health Information (Guide). The Guide is primarily applicable to physician groups and smaller health care providers and businesses, but it provides a good overview of HIPAA for any covered entity. It also provides information on issues such as cyber security and electronic health records and gives practical advice and examples. Excerpted below is an example from the Guide on Encryption:
Encryption is a method of converting an original message of regular text into encoded text. The text is encrypted by means of an algorithm (a type of formula). If information is encrypted, there is a low probability that anyone other than the receiving party who has the key to the code or access to another confidential process would be able to decrypt (translate) the text and convert it into plain, comprehensible text. For more information about encryption, review the National Institute of Standards and Technology (NIST) Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices.
While the Guide is an excellent resource, please heed its final bit of advice:
This Guide is not intended to serve as legal advice or as recommendations based on a provider or professional’s specific circumstances. We encourage providers and professionals to seek expert advice when evaluating the use of this Guide.