Chapter 4: Other Technological Risks for Mental Health Professionals
Part 2: On Encryption
Maybe now is the time to state that HIPAA doesn't require you to encrypt e-PHI . However, the InfoSec Institute strongly advises healthcare practitioners to encrypt confidential patient information and records, especially if it's stored in the cloud or transmitted via email. In the event of a data breach, you don't have to notify affected parties, as long as the data is encrypted and the encryption key is safe.
At this time, HIPAA doesn't require PHI to be encrypted, even though security professionals recommend it.
Next: Part 3: Mental Health Professionals: Is Texting a Pandora's Box of HIPAA Violations?