I was reading about the Healthcare Insurance Portability and Amendment Act(HIPAA). I have some confusion regarding the specifications of data encryption. Different sources have different answers. Does HIPAA require encryption of the patient data?
Does HIPAA require encryption? Not mandatorily. You may choose to encrypt the data or not, given, the data transmitted is not prone to corruption. HIPAA strictly specifies the need for protection of data of the patients by the healthcare section. Encryption is not mandatory though. Exceptions exist. The data stored in any non-volatile storage has to be encrypted. Provided, you have other security measures in place, considering the cost efficiency, and reasonability you can encrypt your data if you want or use some equivalent method of protection.
