Basic Guide to Encryption

What is encryption?

Encryption is the process of encoding information in a manner that only authorized persons may access and read the information. Encryption does not prevent interception of the message, however it prevents an unintended person from receiving the information and being able to access the information.

Why is encryption important?

Has the question come up, “Do we have to use encryption in our business if we use PHI?” The short answer is No. However, encryption is an essential feature that all covered entities and business associates should follow for best business practices. According to the HITECH Breach Notification Rule, “covered entities and business associates must only provide the required notifications if the breach involved unsecured protected health information.” You can protect your business by using encryption to mitigate the risks associated in dealing with PHI.

Take a look at some of the highest costs associated with HIPAA breaches. The first breach was simply using an unencrypted USB drive that was stolen from an employee’s car. This simple overlook ended up costing the Alaska HHS Department $1.7 million dollars. Could your business sustain itself with a $1.7 million dollar fine?

Encryption in Record Retrieval

Dealing with PHI comes with many risks that require necessary steps to mitigate the risks to avoid data breaches and the fines, personal grief, and business risks associated with these breaches. Simple measures can be taken to encrypt PHI to lower these risks:

Email – There are multiple companies that you can use that will encrypt your emails. Record Grabber uses a company called Zixcorp to encrypt emails that may contain PHI. It is a cost efficient and effective manner to ensure your emails are not intercepted and read by impermissible parties.

Computers – A cost effective and easy way to encrypt a Microsoft computer is by using Bitlocker. Bitlocker can be used by upgrading to Windows Pro and installing the added Bitlocker feature. The install time takes about an hour and costs $99.

USB/Media Devices – With Bitlocker you can encrypt USB/Media Devices to secure PHI information.

Phones – A simple 4 digit number code on phones will not suffice. There are black box devices that will use brute force to crack number codes by going through every number sequence until the sequence is found. Here is a short tutorial on how to set your passcode and details about iPhone encryption.

These are all simple to use and cost effective means to mitigate your risks with PHI by using encryption. Is a few hundred dollars and a couple hours of work worth thousands of dollars in possible fines by not using encryption?

Using a record retrieval service like Record Grabber ensures that all your clients’ PHI is encrypted and secure. Not only do we help your business by handling your record retrieval, we help keep you in business by protecting your clients’ PHI.