HIPAA and AES:

As more and more medical centers are transitioning from paper to electronic records, regulations have been

introduced to ensure the security of the protected health care information (PHI) being stored, as dictated

by the Health Insurance Portability and AccountabilityAct (HIPPA). While HIPPA has many parts, the Security

Rule specifically was a Federal law created to ensure that health information that is in an electronic

form is protected.

One major goal of the Security Rule is to protect individual’s privacy in regards to their health information while

also allowing health establishments to adopt new technologies that would improve patient care. The Security Rule

requires that systems have a number of safeguards in place, including administrative safeguards, physical safeguards,

and technical safeguards. The technical safeguards include access control, audit controls, integrity controls, and

transmission security. This last safeguard, transmission security, requires that electronic health software implements

a mechanism to encrypt all transmissions of electronic protected health information.

HIPPA states that electronic health information is encrypted as specified by “the use of an algorithmic process to

transform data into a form in which there is a low probability of assigning meaning without use of a confidential

process or key”. It continues to specify that these encryption processes must be consistent with Federal Information

Processing Standards (FIPS) 140-2. The Advanced Encryption Standard (AES), for example, is a Federal Information

Processing Standards (FIPS) approved cryptographic algorithm, which has become widely used in health-related software

due to the government regulations.

For more information on HIPPA, please visit Privacy Rule and Research, NIH, HHS, or HIPPA Guide

Sources:

Buzz