No Encryption Standards For Health Insurers?


Following legislation under the Health Insurance Portability and Accountability Act (HIPPA) of 1996, insurers are not required to encrypt their consumers' data. Encryption uses mathematical formulas to scramble data, which ultimately converts it to indecipherable information. The lack of an encryption standard threatens public confidence, especially as the government continues to push for the use of computerized medical records.

The Senate Health, Education, Labor and Pensions committee said it's planning to examine encryption law as a review of health information security. The office of Health and Human Services says that they have yet to receive any formal notification of the hack from Anthem (the law allows 60 days for notifying HHS). The Privacy Office did assert that the type of personal data stolen by the Anthem hackers is protected by HIPPA, even if it does not include medical information.

The HITECH Act of 2009, which promotes computerized medical records, requires any health data breach affecting more than 500 people to be publicly disclosed. It also created an exemption to this rule for any company that encrypts their data. Encryption is a controversial issue because it increases costs and makes daily operations cumbersome.

Summary by

To read more from click here