HHS releases guidance on securing electronic health data

To expand the use of electronic health records (EHRs), the Health and Human Services Department (HHS) has issued guidance on technologies and methods to protect personal electronic health care data.

This 20-page guidance document released April 17 by HHS describes encryption and destruction as the means to protect personal health data by making the data “unusable, unreadable or indecipherable” to unauthorized individuals.

Entities that comply with the guidance will not be subjected to upcoming breach notification provisions for unsecured data. “The specified technologies and methodologies, if used, create the functional equivalent of a safe harbor,” the document states.

The guidelines were developed through a joint effort by the HHS Office for Civil Rights, Office of the National Coordinator for Health Information Technology, and the Centers for Medicare and Medicaid Services.

This guidance is linked to two sets of breach notification regulations required by Congress as part of the economic stimulus law.

HHS will release a breach notification regulation for hospitals, physicians, health plans, health providers and other covered entities under the Health Insurance Portability and Accountability Act of 1996. The Federal Trade Commission will release another breach regulation for vendors of personal health records and other non-HIPAA-covered entities.

Entities that comply with the guidance will not be subject to the upcoming breach notification provisions for unsecured data.

The public is invited to comment on the guidance until May 21.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Acquisition
    Shutterstock ID 169474442 By Maxx-Studio

    The growing importance of GWACs

    One of the government's most popular methods for buying emerging technologies and critical IT services faces significant challenges in an ever-changing marketplace

  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

Stay Connected