Fed Advisors: Mandate Encryption

A workgroup of the HIT Policy Committee, a federal advisory body, is recommending mandated data encryption for one-to-one exchanges of patient data between providers.

One-to-one exchange from one provider to another for treatment purposes--even with no facilitator--must be governed by policies that at least include encryption, limits on identifiable or potentially identifiable information in the message, and identification and authorization of those exchanging the data, according to the privacy and security workgroup recommendations.

Encryption ideally should be required when there is potential for transmitted data to be exposed. The workgroup recommends an encryption mandate through meaningful use/certification criteria or modification of the HIPAA security rule.

"If strong policies such as the above are in place and enforced, we don't think the above scenario needs any additional individual consent beyond what is already required by current law," according to the recommendations.

For more information, click here.

--Joseph Goedert