The basic requirements for HIPAA and HITECH Act compliance can be achieved two ways: data encryption or data destruction.
Cam Roberson, director of the reseller channel for Beachhead Solutions in San Jose, Calif.: The law requires electronic personal health information must be rendered "unusable, unreadable, or indecipherable to unauthorized individuals." Health organizations handling ePHI should possess both capabilities — thorough encryption to protect exposed data from being read, and the ability to remotely destroy data when a device containing ePHI falls into the wrong hands.