HHS releases guidance on securing electronic health data

To expand the use of electronic health records (EHRs), the Health and Human Services Department (HHS) has issued guidance on technologies and methods to protect personal electronic health care data.

This 20-page guidance document released April 17 by HHS describes encryption and destruction as the means to protect personal health data by making the data “unusable, unreadable or indecipherable” to unauthorized individuals.

Entities that comply with the guidance will not be subjected to upcoming breach notification provisions for unsecured data. “The specified technologies and methodologies, if used, create the functional equivalent of a safe harbor,” the document states.

The guidelines were developed through a joint effort by the HHS Office for Civil Rights, Office of the National Coordinator for Health Information Technology, and the Centers for Medicare and Medicaid Services.

This guidance is linked to two sets of breach notification regulations required by Congress as part of the economic stimulus law.

HHS will release a breach notification regulation for hospitals, physicians, health plans, health providers and other covered entities under the Health Insurance Portability and Accountability Act of 1996. The Federal Trade Commission will release another breach regulation for vendors of personal health records and other non-HIPAA-covered entities.

Entities that comply with the guidance will not be subject to the upcoming breach notification provisions for unsecured data.

The public is invited to comment on the guidance until May 21.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.