Omnibus HIPAA Final Rule Will Not Mandate Encryption of Personal Health Information

The omnibus final rule that covers changes to privacy, security, breach notification and enforcement rules under HIPAA will not include a requirement for encrypting protected health information, an HHS Office for Civil Rights official confirmed to Health Data Management.

Earlier proposals never called for a change to the current security rule on encryption. Since a mandate for encryption would require more rulemaking, as it stands, it appears such a mandate will not be included in the omnibus final rule.

"If the requirement for encryption changes from an addressable implementation specification to a required implementation specification under the security rule, then normal notice and comment rulemaking processes would need to follow," said Susan McAndrew, deputy director for health information privacy for OCR.

The OCR expects to release the final rule in the next several months, she said.

Read the news report about the omnibus HIPAA final rule.

Related Articles on HIPAA:
HHS Inspector General: Security Concerns Abound in Rush to Deploy EHRs
UIHC Radiologist, Health System Battle Over HIPAA, Patient Safety Claims
Data Security Complicates Privacy, Access to Medical Records

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars