Final PHI Protection Rule Won't Mandate Encryption

The omnibus federal final rule that will cover changes to the HIPAA privacy, security, breach notification and enforcement rules will not include a mandate for encryption of protected health information, confirms Susan McAndrew, deputy director for health information privacy in the Department of Health and Human Services’ Office for Civil Rights.


McAndrew wasn’t as clear when asked if the breach notification “harm threshold,” which enables an organization to not provide notification of a breach if it determines no consequential harm has or will result, will be eliminated in the final rule.

Read more on Health Data Management.

About the author: Dissent

Comments are closed.