Are You Ready for Brazil’s New Data Protection Law?
27 December 2018
The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on...
Blog: Chronicle of Data Protection | 21 May 2010
The Health IT Policy Committee’s Privacy and Security workgroup has recommended that patient data exchanged between providers for treatment purposes be governed by policies that “at least” include encryption. The HIT Policy Committee is a federal advisory committee established to provide guidance to the Office of the National Coordinator for Health IT (ONC) on health IT policy issues, and its privacy and security workgroup is charged with addressing the privacy and security issues involved in developing a framework for the exchange of health information.
According to the workgroup’s recommendations, encryption ideally should be required when there is potential for transmitted data to be exposed. The workgroup proposed that the encryption mandate come through either the meaningful use and certification criteria; or through modification of the HIPAA security rule.
In addition to encryption, the group recommended that provider-to-provider exchange be governed by policies that include “limits on identifiable (or potentially identifiable) information in the message” and “identification and authentication.” According to the workgroup, “if strong policies are in place and enforced, we don’t think that the above scenario needs any additional individual consent beyond what is required by current law."
If such recommendations are adopted and an encryption mandate imposed, this would have significant and far-reaching consequences for providers. We will continue to track the status of these recommendations as they evolve.