Risk Assessment Toolkit; Addressing Encryption of Data at Rest in the HIPAA Security Rule and EHR Incentive Program Stage 2 Core Measures

"The purpose of this paper is to help healthcare providers understand the HIPAA requirement for encryption of data at rest and apply it appropriately to their IT environments. The HIMSS Privacy and Security Risk Assessment Working Group developed this paper to give an introduction to encryption and explain how a physician practice, hospital or any HIPAA covered entity or business associate should evaluate what electronic protected health information (ePHI) to encrypt."