Federal law mandates that patient privacy is protected by means of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This federal mandate was created to provide patient privacy for U.S. citizens. HIPAA compliance regulations are used as security standards for the protection and confidentiality of healthcare information. HIPAA is used to regulate protected health information (PHI) and electronic health records (EHR). Having a HIPAA Compliant Hosting provider is critical to maintaining PHI data.
When discussing health privacy, encryption is a key aspect to the protection of HIPAA compliant data. There are three “states” of digital data and the encryption used to protect this information:
- Data at Rest – Inactive data stored physically (e.g. databases, backups, spreadsheets, etc). Advanced Encryption Standard (AES) is the industry-standard encryption algorithm used. Cipher strength is 256-bit (AES-256).
- Data in Use – Active data under constant change (e.g. database transactions, memory allocation, data vault, etc). AES-256 is also used as the industry standard encryption algorithm.
- Data in Motion (aka Data in Transit) – Data that traverses through a network, travelling from one point to another. RSA is the industry-standard algorithm used. Cipher strength is 2048-bit.
HIPAA requires that data be rendered “unusable, unreadable, or indecipherable to unauthorized individuals.” This verbiage is interpreted to HIPAA professionals to mean that encryption is to be used on all data that is stored or transferred in any way. In fact, HIPAA specifically mandates (45 CFR 164.304 definition of encryption) a level and type of encryption. Furthermore, to ensure that the data is not decrypted using traditional vectors of attack, HIPAA mandates that private key/certificate authentication be used. This is considered to be the most secure form of data security, and is even used by security agencies.
Using encryption to properly secure HIPAA data is of the utmost importance when dealing with HIPAA compliance. Finding the right HIPAA Compliant Hosting Provider is vital. Contact HIPAA Vault today for all of your HIPAA hosting needs.