A workgroup of the HIT Policy Committee, a federal advisory body, is recommending mandated data encryption for one-to-one exchanges of patient data between providers.

One-to-one exchange from one provider to another for treatment purposes--even with no facilitator--must be governed by policies that at least include encryption, limits on identifiable or potentially identifiable information in the message, and identification and authorization of those exchanging the data, according to the privacy and security workgroup recommendations.

Encryption ideally should be required when there is potential for transmitted data to be exposed. The workgroup recommends an encryption mandate through meaningful use/certification criteria or modification of the HIPAA security rule.

"If strong policies such as the above are in place and enforced, we don't think the above scenario needs any additional individual consent beyond what is already required by current law," according to the recommendations.

For more information, click here.

--Joseph Goedert


Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access