/
FAQ & Resources

FAQ & Resources

Owned by Mindy Hangsleben
Last updated: Jun 12, 2024
1 min read

Question:
When an LDS is being sent to NACHC are there any encryption requirements or can these files come through email without encryption?

Answer (Crowell & Moring LLP - Jodi Daniel - 11/20/23):
The rules do not require encryption.  Encryption is “addressable” under the Security Rule.  This means that the CE must assess whether encryption is reasonable and appropriate, and implement encryption if it is reasonable and appropriate to do so, or document why it would not be reasonable and appropriate and implement an alternative measure.  The compliance requirement applies to the CE, not NACHC who is receiving the data.  That said, there is a benefit of encryption.  If data is breached and it is encrypted in accordance with OCR guidance, then there is no requirement to do breach notification under HIPAA.

NIH guidance on privacy and security/HIPAA for limited data sets:

HIPAA Privacy Rule and Its Impacts on Research

 

Related content

Data Governance Council
Data Governance Council
NACHC Data Governance
More like this
Summary of Data Security and Privacy Practices
Summary of Data Security and Privacy Practices
NACHC Data Governance
More like this
Use and Storage of Data at NACHC
Use and Storage of Data at NACHC
NACHC Data Governance
More like this
Guiding Principles and Governance for Data Use
Guiding Principles and Governance for Data Use
NACHC Data Governance
More like this
Data Governance Overview
Data Governance Overview
NACHC Data Governance
More like this
NACHC Data Governance Policies and Procedures
NACHC Data Governance Policies and Procedures
NACHC Data Governance
More like this

Dear Confluence Users, If you need support for use of Atlassian tools, please contact informatics@nachc.com whether you have technical issues, need feature assistance, or simply have questions.