The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
Featured on the ACEDS blog.
Follow me on Twitter and see How-To Videos on my YouTube channel.
New tips for paralegals and litigation support profesionals are posted to this site each night. Click on the blog headings for better detail.
The Security Rule for the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA), does not require that Electronic Protected Health Information (EPHI) be encrypted. Encryption of personal health is not mandatory, but may be an addressable specification - meaning that an entity must assess if it's a reasonably required in particular circumstances. The HIPAA Security Rule is codified under 45 CFR 164.312, which sets down four guidelines for the security of patient data.
1. User IDs must track who accesses EPHI. Implementing this measure is required.
2. There must be a way to access EPHI in an emergency. Implementing this measure is required.
3. Automatic logoffs can terminate access to EPHI. Entities must address whether or not this measure is necessary.
4. Encryption is an addressable measure.
It also necessary to address if security audits are needed to detect the improper alteration or disposal of EPHI.