If It Fits, You Must Encrypt (Part II)

June 24, 2011
In a post several months ago (see "If It Fits, You Must Encrypt"), I discussed the Nevada statute that will require Nevada businesses that store or

In a post several months ago (see "If It Fits, You Must Encrypt"), I discussed the Nevada statute that will require Nevada businesses that store or use information of any individual to being encrypting customer information that they send electronically (other than by fax) on October 1, 2008. The movement towards legally required encryption took another step forward last month in Massachusetts.

Massachusetts adopted regulations on September 22 that will require businesses that store or use information about Massachusetts residents, to implement comprehensive information security programs by January 1, 2009. The new regulations make Massachusetts the second state to mandate reasonable security practices for all businesses, after California.

While covered entities subject to the HIPAA Security Rule should have already implemented an information security compliance program, the Massachusetts regulations may raise the bar a bit in certain areas. For example, the Massachusetts regulations require encryption of personal information stored on laptops or transmitted across public or wireless networks. Under the HIPAA Security Rule, encryption of PHI is an "addressable€VbCrLf implementation specification, but is not required.

For healthcare organizations, the new Massachusetts regulations are yet another reason why a comprehensive, formal information security compliance program is highly advisable €¦ and (depending on your business and the states you're operating in) it may be the law.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?