Hipaa Website
hipaa website
What are the specific encryption and security requirements for storing medical data under HIPAA?
I would like to know how to make a website hipaa compliant assuming we are storing medical data. The site is not technically a health care provider, creating some ambiguity in the legal obligation, but I am curious. International perspectives on regional data regulations are also interesting to me!
There is no encryption method specified by law.
“When information flows over open networks, some form of encryption must be utilized. If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional.”
As to security, you must have policies and safeguards in place to limit access of the protected information to designated personnel, and other authorized users with means such as passwords, two or three-way handshakes, telephone callback, and token systems.
HIPAA IT Security Moving Beyond HIPAA to EHR Security as a Healthcare Provider
