HIPAA Compliant Encryption

HIPAA Compliant Encryption and Data Security


October 13, 2017 | Reading Time: 2 Minutes

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

For telebehavioral health specialists, HIPAA compliant encryption is an essential part of maintaining patient health records in accordance with the law.

HIPAA regulation sets strict federal standards for how health care data can be used, accessed, transferred, and stored in electronic format. This kind of digital health data covered by HIPAA is called electronic protected health information (ePHI). ePHI is any demographic information that can be used to identify a patient, which is stored in an electronic or digital format. Examples include names, addresses, dates of birth, or health care records stored on a computer, server, or EHR platform, to name a few.

The HIPAA Security Rule was enacted to set specific guidelines for how ePHI must be protected by health care professionals across the industry. With advancements in technology and new telehealth initiatives ramping up in the recent years, HIPAA compliance has become more important than ever in ensuring the privacy and integrity of ePHI.

HIPAA compliant encryption services provide a strong way to maintain patient records while running a successful telebehavioral health practice.

What to Look for in HIPAA Compliant Encryption

In order for an encryption service to be HIPAA compliant, you need to ensure that the organization you’re looking into has an effective HIPAA compliance program in place.

Under HIPAA regulation, health care vendors that handle PHI or ePHI over the course of the work they’re hired to perform are considered business associates. Business associates include a wide breadth of vendors, such as IT services, managed service providers, medical billing companies, practice managers, storage services, and encryption services.

All business associates you work with must be HIPAA compliant, which means that you must execute Business Associate Agreements (BAAs) with each of them. A BAA protects your practice or organization from liability in the event of a data breach caused by the business associate. HIPAA compliant encryption services must be willing to sign a BAA with your telebehavioral health practice before you consider using their encryption services.

Additionally, HIPAA encryption guidance from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) dictates that ePHI being transferred must be end-to-end encrypted. Having end-to-end encryption means that only the person doing the encryption and the intended recipient are able to view the data, eliminating the potential for a data breach and subsequent HIPAA violation while the data is in motion.

In the end, the only way to truly protect your practice against HIPAA violations and fines is by implementing an effective compliance program that addresses the full extent of the law. Encryption is an important piece of the puzzle, but will only go so far to keep your practice from suffering major fines and civil suits resulting from an accidental data breach.

Essential Telehealth Law & Ethical Issues

Bring your telehealth practice into legal compliance. Get up to date on inter-jurisdictional practice, privacy, HIPAA, referrals, risk management, duty to warn, the duty to report, termination, and much more!

Telehealth Law & Ethical Course Bundle

This Telehealth Legal & Ethical Course Bundle provides the most important risk management and telehealth compliance training available anywhere to help meed telehealth, regardless of the size of your telehealth services.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: Telehealth.org offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of Telehealth.org’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Telehealth.org Privacy Policy and Terms and Conditions.

Was this article helpful?

Please share your thoughts in the comment box below.

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
Karen Marshall
Karen Marshall
6 years ago


Marlene Maheu, Ph. D.
Marlene Maheu, Ph. D.
5 years ago
Reply to  Karen Marshall

Thank you, Dr. Marshall.

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...