Guidance on Securing Health Information Issued by DHHS
The U.S. Dept. of Health and Human Services has issued a guidance on technologies and methodologies to secure health information and prevent harm by rendering health information unusable, unreadable, or indecipherable to unauthorized individuals.
The guidance relates to two forthcoming breach notification regulations – one to be issued by DHHS for covered entities and their business associates under the Health Insurance Portability and Accountability Act of 1996 and one to be issued by the Federal Trade Commission for vendors of personal health records and other non-HIPAA covered entities. “If the entities subject to the regulations apply the technologies and methodologies specified in the guidance to secure information, they will not be required to provide the notifications required by the regulations in the event the information is breached,” DHHS says.