![]() ![]() ![]() Redaction is specifically excluded as a means of data destruction. Paper, film, or other hard copy media have been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.The media on which the PHI is stored or recorded has been destroyed in one of the following ways:.Valid encryption processes for data in motion are those which comply, as appropriate, with NIST Special Publications 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations 800-77, Guide to IPsec VPNs or 800-113, Guide to SSL VPNs, or others which are Federal Information Processing Standards (FIPS) 140-2 validated.Valid encryption processes for data at rest are consistent with NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices.The encryption processes identified below have been tested by the National Institute of Standards and Technology (NIST) and judged to meet this standard. To avoid a breach of the confidential process or key, these decryption tools should be stored on a device or at a location separate from the data they are used to encrypt or decrypt. Electronic PHI has been encrypted as specified in the HIPAA Security Rule by “the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key” (45 CFR 164.304 definition of encryption) and such confidential process or key that might enable decryption has not been breached. ![]() Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if one or more of the following applies: Other Administrative Simplification Rules.Covered Entities & Business Associates has sub items, about Covered Entities & Business Associates.Patient Safety has sub items, about Patient Safety.Mental Health & Substance Use Disorders.Special Topics has sub items, about Special Topics.Compliance & Enforcement has sub items, about Compliance & Enforcement.Breach Notification has sub items, about Breach Notification. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |