Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Question:
When an LDS is being sent to NACHC are there any encryption requirements or can these files come through email without encryption?

Answer (Crowell & Moring LLP - Jodi Daniel - 11/20/23):
The rules do not require encryption.  Encryption is “addressable” under the Security Rule.  This means that the CE must assess whether encryption is reasonable and appropriate, and implement encryption if it is reasonable and appropriate to do so, or document why it would not be reasonable and appropriate and implement an alternative measure.  The compliance requirement applies to the CE, not NACHC who is receiving the data.  That said, there is a benefit of encryption.  If data is breached and it is encrypted in accordance with OCR guidance, then there is no requirement to do breach notification under HIPAA.

  • No labels