Medical practices are required to notify all individuals in the event of a security breach affecting their healthcare records, according to HIPAA laws, updated by The Health Information Technology for Economic and Clinical Health Act.

Data breaches are serious…and so is the civil penalty for them. After February,18,2009, the fine rose from $25,000 to $1.5 million. (You can read more about this at www.ama-assn.org/go/hipaa) The thing is,however, this requirement is not required when data is encrypted.

Yet, only 39% of mobile health devices are encrypted and only 44% encrypt data in storage. As of November 2009, 67% of organizations encrypt data in transmission.

The AMA seeks to improve the statistics for security by launching a new online encryption guide. This manual explains encryption, how it works and how to implement it. Further, it delineates which data should be encrypted by practices and informs what programs are available for encryption.

Physicians may obtain a copy of the guide online at:

www.ama-assn.org/ama1/pub/upload/mm/368/hipaa-phi-encryption.pdf

For those in negotiations with vendors for electronic medical record systems, ask if the records will be encrypted. You’ll sleep better for it.