Do You Need Encryption to be HIPAA Compliant?

One way for a software solution to help you be HIPAA compliant is to offer you HIPAA encryption as part of the package. But is that something you need to be HIPAA compliant? Technically, no, it’s not mandatory.

The rules state you should use encryption if it would be needed to safeguard electronic Protected Health Information (PHI). But, they do say if you don’t use encryption, you need to have an alternative to encryption that will safeguard as well as encrypting would. Or you need to have documentation with justifiable cause, as to why have taken a different tact with regard to safeguarding PHI.

What would constitute justifiable reason to not have encryption? It could be something like having all your communication regarding PHI happen within your organization’s server which is protected by a secure firewall. But if this information ever leaves the protection of your firewall, it needs to have encryption level protection. This would include all electronic communication (email, texting, instant message, etc.) unless the client has given express written permission for their PHI to be shared without encryption.

The Case for HIPAA Encryption

The process of encryption is to convert regular text into an encoded message that only users with the proper key will be able to decrypt and read. Encrypting your digital data and records tends to be the most effective way to deny unauthorized access to PHI – especially in the case of your caseworkers’ devices being lost or stolen. There are many instances of security breaches resulting in loss of HIPAA compliance merely because a laptop was stolen and the sensitive data on it wasn’t encrypted.

In a previous post we talked about six common ways HIPAA violations occur. In three of those ways, having encrypted electronic files could mitigate those risks, if not eliminate them entirely. In most cases, making sure your case management software includes an encrypting process is the easiest, most effective way to institute HIPAA encryption in your organization and remain HIPAA compliant.

How FAMCare Provides HIPAA Encryption

We know how important it is for you to remain HIPAA compliant. That’s why we maintain both in-house staff and external relationships to enable HIPAA compliance regarding security. All our software solutions are built with our 129-bit encryption and password encryption. Individual field level encryption is done at a platform level to ensure confidentiality of your most sensitive data. And all data changes are tracked with full audit records so they are kept at the ready, when it comes time for your data audit.

All data access from browsers must go through our application platform. This effectively disconnects your data server directly from the internet, adding another layer of security. FAMCare helps make sure you have all the necessary requirements to give your agency the power to be HIPAA compliant as it relates to data security, client privacy and system access.

Make Sure You’re HIPAA Compliant

Making sure your record keeping and communications are protected with HIPAA encryption will go a long way towards ensuring your organization stays HIPAA compliant. If you’d like to know more about how to avoid HIPAA violations, check out our earlier posts on how to keep caseworkers HIPAA compliant and the proper computer etiquette for remaining HIPAA complaint.