Question: How can we make sure encryption is part of our HIPAA compliance? Codify Subscriber Answer: Encryption is a mechanism that obscures information from unauthorized users and needs to be part of your multi-layered lab security protocols. When: You should encrypt electronic protected health information (ePHI) when stored and during transmission. Encryption is not expensive, but it can require some expertise to properly apply it. Who: You should implement access control so that only authorized individuals can get to ePHI. How: It’s a good idea to include encryption in security training and give anecdotal evidence to show staff what can happen when data is not encrypted.