Email Encryption Laws everything you need to know about HIPAA and the HITECH Act

HIPAA & Email Encryption Laws – Hand in Hand?

HIPAA stands for the Health Insurance Portability and Accountability Act and every medical facility is intimately familiar with all the rules and regulations that definite the act. How do email encryption laws have to do with HIPAA? More than you would think...

It is specifically stated in the Security Rule, under the Technical Safeguards, that (bold emphasis and PHI definition added):

"Information systems housing PHI (protected health information) must be protected from intrusion. When information flows over open networks, some form of encryption must be utilized."

What’s the most commonly used way of communicating over open networks? Email. According to HIPAA law, some type of encryption must be utilized to safeguard PHI.

As medical offices begin to transition to electronic health records and moving away from file cabinets to files online, encryption of this data needs to become a priority. With the recent addition of the HITECH (Health Information Technology for Economic and Clinical Health) Act, the necessity of companies needing encryption has expanded. It now goes beyond the realm of medical institutions and applies to companies that exchange information with medical organizations!

The next time your company reviews the email encryption laws that apply to them in their industry, make sure to pay attention to HIPAA. You may very well need encryption because of the importance of safeguarding PHI.