HHS releases guidance on securing electronic health data

To expand the use of electronic health records (EHRs), the Health and Human Services Department (HHS) has issued guidance on technologies and methods to protect personal electronic health care data.

This 20-page guidance document released April 17 by HHS describes encryption and destruction as the means to protect personal health data by making the data “unusable, unreadable or indecipherable” to unauthorized individuals.

Entities that comply with the guidance will not be subjected to upcoming breach notification provisions for unsecured data. “The specified technologies and methodologies, if used, create the functional equivalent of a safe harbor,” the document states.

The guidelines were developed through a joint effort by the HHS Office for Civil Rights, Office of the National Coordinator for Health Information Technology, and the Centers for Medicare and Medicaid Services.

This guidance is linked to two sets of breach notification regulations required by Congress as part of the economic stimulus law.

HHS will release a breach notification regulation for hospitals, physicians, health plans, health providers and other covered entities under the Health Insurance Portability and Accountability Act of 1996. The Federal Trade Commission will release another breach regulation for vendors of personal health records and other non-HIPAA-covered entities.

Entities that comply with the guidance will not be subject to the upcoming breach notification provisions for unsecured data.

The public is invited to comment on the guidance until May 21.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.