Question: How can we make sure encryption is part of our HIPAA compliance?
Codify Subscriber
Answer: Encryption is a mechanism that obscures information from unauthorized users and needs to be part of your multi-layered lab security protocols.
When: You should encrypt electronic protected health information (ePHI) when stored and during transmission. Encryption is not expensive, but it can require some expertise to properly apply it.
Who: You should implement access control so that only authorized individuals can get to ePHI.
How: It’s a good idea to include encryption in security training and give anecdotal evidence to show staff what can happen when data is not encrypted.