Data Security & Confidentiality
The HIPAA Security Rule
Protecting patients’ health care information has always been important. However, when the U.S. Department of Health and Human Services (HHS) adopted its Security Rule pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA Security Rule), protecting patients’ health care information became a critical compliance issue for every physician practice. The HIPAA Security Rule initially became effective in 2005, and continues to be amended.
The HIPAA Security Rule requires physicians to adopt safeguards to protect the confidentiality, integrity and availability of patient’s protected health information that is transmitted by, or maintained in, electronic media. These safeguards are divided into administrative, physical and technical safeguards.
Encrypting electronic PHI ("ePHI") is one of the best ways of complying with the requirements of the HIPAA Security Rule and otherwise safeguarding the confidentiality of ePHI. All physician practices that store or transmit ePHI should encrypt that information.
To assist physician practices, the AMA has made available its document, "HIPAA Security Rule: Frequently asked questions regarding encryption of personal health information." This resource explains the importance of encrypting ePHI in the physician practice, helps physicians determine what information his or her practice should encrypt, and provides points the physician should consider when selecting an encryption method.
The AMA has developed extensive resources designed to help physicians maintain compliance with the HIPAA Security Rule and its ongoing changes.
The AMA has compiled excerpts from the Handbook for HIPAA Security Implementation, a 256-page AMPress publication, into an interactive online resource to help physicians and their practice staff understand what HIPAA requires with respect to keeping their patients’ medical information secure.
The resource, "What you need to know about the new health privacy and security requirements," outlines the newly expanded requirements for protection of patient health information, patient rights to this information and administrative protections physicians must have in place. Learn about the compliance deadlines and where you can find more information to ensure your practice is fully protecting your patients' health information.