Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• June 2011
• May 2011
• April 2011
• March 2011
• January 2011
• December 2010
• November 2010
• October 2010
• September 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

HIPAA Experts: Mandatory Encryption Overdue - June 14, 2010

Orlando Florida --
Dom Nicastro, for HealthLeaders Media, June 11, 2010
HIPAA compliance experts call the recommendation to mandate encryption on exchanges of electronic protected health information (ePHI) "overdue," "inevitable," and a necessary step toward ensuring a successful transition to electronic health records (EHR).

A privacy/security workgroup for the Office of the National Coordinator for Health Information Technology (ONC) reported last month that encryption should be mandatory for one-on-one exchanges between providers regarding treatments.

The workgroup of the monthly HIT Policy Committee in its May 19 meeting suggested that those exchanges should include:

•Encryption (no ability for facilitator to access content)
◦Encryption ideally should be required when potential for transmitted data to be exposed (mandate through meaningful use/certification criteria or HIPAA Security Rule modification)
•Limits on identifiable (or potentially identifiable) information in the message
•Identification and authentication
"I'd say it's long overdue," says Kate Borten, CISSP, CISM, president of The Marblehead Group. "Recall that the proposed security rule in 1998--that's 12 years ago--required that PHI be encrypted over the Internet. While there may have been a legitimate argument then that solutions weren't readily available and cost effective, there are solutions today."

John C. Parmigiani, MS, BES, president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD, and former chairperson of the team that created the HIPAA Security Rule, says the recommendation was inevitable.

"It is merely recognition of what has become an industry best practice," Parmigiani says.

Encryption is not mandatory.

It is "addressable" under the HIPAA Security Rule. And the Department of Health and Human Services' interim final rule on breach notification creates a "safe harbor" for unsecured protected health information (PHI) that is encrypted by certain standards; in other words, covered entities and business associates (BAs) do not need to notify individuals on breaches involving such encrypted PHI.

If the workgroup's recommendation comes to fruition, it would "uncomplicate the situation that many healthcare organizations have been confronted with when trying to decide on encryption," Parmigiani says.

Back when the security rule was proposed in 1998, then finalized in 2003, encryption technology was immature, Parmigiani says.

Now, however, there have been "inroads in the understanding of encryption," he says, and widespread use of software and hardware encryption.

"Therefore, I believe that the formal recommendation is both timely and an essential component of successful HIT and is critical to the attainment of consumer confidence in a fully robust EHR and smoothly functioning HIE environment," Parmigiani says.

The privacy/security workgroup provides input to the Health IT Committee as it sets the ground rules for the criteria of "meaningful use" of EHRs.

CMS and the Office of the National Coordinator for Health Improvement Technology (ONC) December 30 released two anxiously-awaited regulations providing both the definition of "meaningful use" for EHRs and the standards to improve the efficiency of health information technology used nationwide by hospitals and physicians.

Currently, the ONC interim final rule, "Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology," requires that EHR systems be capable of encryption.

Final rules on the ONC interim final rule and CMS proposed rules are expected this spring. However, the interim final rule is in effect.




Sencilo HealthIT Solutions eHealthcare Architecture: More than technology With Sencilo HealthIT Solutions eHealthcare Architecture, you can leverage the same productivity tools and technology resources that have transformed business. And you get a full portfolio of services too. By working with Sencilo HealthIT Solutions, you can get:

A dedicated customer team
A website customized for your institution
A full portfolio of robust solutions
Easy setup, implementation and maintenance
Simple ordering and delivery
Technology training
Flexible financing options


Sencilo HealthIT Solutions Professional Services makes it easy.

In addition to providing high-quality technology at a low cost, Sencilo HealthIT Solutions Professional
Services can help you plan your healthcare computing from the ground up. By working with you from the initial construction phases, we can help you save time and money and lead to a truly customized solution.

Sencilo HealthIT Solutions Professional Services offers complete services that include:
Design
Procurement
Installation
Training
Maintenance
Support

About Us

Sencilo HealthIT Solutions is a Florida-based integrator specializing in EHR Cost Cutting storage, security and managed services solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including Allscripts, VMware, Dell Fujitsu EMC, Hitachi, Symantec, IBM, HP, Cisco, Microsoft, Gateway Sencilo has offices throughout Florida including: Orlando Lake Mary Daytona, Medical City solutions include Security "meaningful use" "meaningful usage" EMC HP IBM Quantum Compliance Gartner Magic Quadrant Quadrent LTO Daytona Beach Deland Melborne Tampa Clearwater, Dragon, Voice Recognition, Dragon Dictation
Network Backup appliance Data Recovery Backup Health IT Healthcare IT Digital Hospital Allscripts Patient Data electronic health record P4P rules and the HITECH Act PayerView Rankings practice management tools $44,000 in Medicare or $66,000 in Medicaid from the American Recovery and Reinvestment Act eClinicalWorks, Allscripts, NextGen, GE Centricity, and Meditech Electronic Healthcare IT Medical Records EHR Clinical Practices eClinicalWorks Allscripts Florida EMR, EHR, electronic medical record, health, records, practice management systems solutions, medication services, PHR Otolaryngology, Orthopaedics, Pain Nuerosurgery, Urology, Ophthalmology, Cardiology, Billing, Appointment Scheduling, clinicalworks, eClinicalWorks, solutions for physicians, hospitals, clinical education and medical services Computerized Patient CPR, Order Entry, CPOE, Document Clinical Information Informatics, Computer-based, SOAP, HIT, Healthcare Encounter Forms, web based, online, clinical rules database, electronic prescribing, e-prescribing, eprescribing, athenaClinicals, certified EMR, certified EHR, HITECH Act VAR Reseller Dealer hipaa privacy doctor, healthcare performance management, data security, hosting, arra, free, InterFAX, MyWay, HIPPA, EasyPayMedicare, MedicAID, SureScripts, FNC, billing, superbill iMedica Tiger on Windows, eprescribe pqri simple practice management revenue cycle e-cw e-clinicalworks greenway emds nextgen ge sage athena epic klas Dragon NaturallySpeaking speech recognition Google Health, Microsoft Healthvault Health Internet certified "meaningful use" violations HealthPresence Health Presence Sencilo “transformative” telemedicine medicaid medicare Seminole County Medical Society Orange county Orlando Medical News Trusted Advisor e-Prescription e-Rx CareTracker paperless scanning document storage hippa audits iscribe document scanning fi-6130 fi-6040 CCHIT ARRA surescript