HHS releases guidance on securing electronic health data

To expand the use of electronic health records (EHRs), the Health and Human Services Department (HHS) has issued guidance on technologies and methods to protect personal electronic health care data.

This 20-page guidance document released April 17 by HHS describes encryption and destruction as the means to protect personal health data by making the data “unusable, unreadable or indecipherable” to unauthorized individuals.

Entities that comply with the guidance will not be subjected to upcoming breach notification provisions for unsecured data. “The specified technologies and methodologies, if used, create the functional equivalent of a safe harbor,” the document states.

The guidelines were developed through a joint effort by the HHS Office for Civil Rights, Office of the National Coordinator for Health Information Technology, and the Centers for Medicare and Medicaid Services.

This guidance is linked to two sets of breach notification regulations required by Congress as part of the economic stimulus law.

HHS will release a breach notification regulation for hospitals, physicians, health plans, health providers and other covered entities under the Health Insurance Portability and Accountability Act of 1996. The Federal Trade Commission will release another breach regulation for vendors of personal health records and other non-HIPAA-covered entities.

Entities that comply with the guidance will not be subject to the upcoming breach notification provisions for unsecured data.

The public is invited to comment on the guidance until May 21.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.