Where HIPAA and your website meet
Data submitted through your website is secure when...
- It is encrypted in transit AND at rest
- It is encrypted at a minimum strength, currently AES 128-bit
- The encryption keys are stored in a different location than the data
Does your data meet these requirements? Do you know what can happen if these three requirements are not met?
HIPAA's punishing new rules for breach notification
If your website has a preregistration form, physician appointment request, event registration or any interaction involving user-submitted data and it becomes compromised affecting 500 or more people:
- Your organization is COMPELLED to report it to the Department of Health and Human Services, and have it posted online
- Your organization is COMPELLED to contact each person affected
- Your organization is COMPELLED to advertise the breach in local media outlets
The good news is that if your data is properly secured, it doesn't matter if you lose custody of it. It is not considered a breach and is exempt from the breach notification rules. That's why it is important to know and understand the current level of security on web-submitted data.
The following is an excerpt from the HIPAA Breach Notification Rule, specifically "Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals"
Electronic PHI has been encrypted as specified in the HIPAA Security Rule by “the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key” (45 CFR 164.304 definition of encryption) and such confidential process or key that might enable decryption has not been breached. To avoid a breach of the confidential process or key, these decryption tools should be stored on a device or at a location separate from the data they are used to encrypt or decrypt.
How we can help?
- We can answer your questions.
- We can assess your current compliance.
- We can guide you through the process of proper encryption.
Drop up a quick contact form (on the left) or give us a call toll-free at (877) 275-9144 and we can help.
Where HIPAA and your website collide
from the Imaginary Landscape Blog
About Imaginary Landscape
Imaginary Landscape is a diverse group of talented individuals with a passion for the Web. We’ve kept pace with extraordinary changes since we began helping hospital clients in 1995 and continue to do so as the industry evolves and adapts with astonishing speed. Our hospital and healthcare clients all benefit from our depth of knowledge on Web-based security.