Learn how the Health and Human Service's Office of Civil Rights has updated its enforcement of Information Protection Requirements.
Any information disclosures that contain identifiable patient data and are not explicitly consented to in writing, are inappropriate disclosures.
Intentions are irrelevant to PHI disclosures. All disclosure actions (intended or not) must abide by HIPAA Privacy Rule requirements.
No. TLS only provides data privacy as data moves between systems. It does not prevent data breaches when an adversary is inside your system.
No. Encryption-at-Rest only protects your data on physical storage. It does not prevent data breaches when an adversary is inside your system.
E2E-Encryption Protects PHI for HIPAA
E2E-Encryption prevents data breaches by keeping PHI encrypted for its entire lifecycle, instead of just when it moves between systems (TLS) or resides on a persistence layer (Encryption-at-Rest).
And we’re here to help
Peacemakr is a drop-in E2E-Encryption solution, but it may not be obvious how it applies to your specific HIPAA Information Protection Requirements. We'd love an opportunity to work with your engineers on how you might best approach these requirements.