Flow Chart, Treatment of Anxiety Disorders

Why Psychologists Should Care About Outcome Measurement

HIPAA Update: Security Rule

HIPAA and Standards
of Encryption

Childrens' Rights to Confidentiality of
Treatment Records and Interaction with HIPAA

Professional Liability
Insurance: Chapter 3,
"The Paper Office"

Professional Liability
Insurance: "Shopping Tips"

Professional Will

Responding to a
Subpoena

HIPAA And Standards Of Encryption
Andrew Ursino, PhD

1. Abi-Coder (free) at http://www.abisoft.net/oldCoder.html. While at this site, go to http://www.abisoft.net/papers.html for excellent papers on security and encryption by Adam Berent. Download his article (in pdf format) "How Safe is Your Security Software?" You can also purchase (cheap) the most recent versions of Abi-Coder and Abi-SecurePro at this site.

2. MaxCrypt (free) at http://www.tucows.com/preview/195463.html - inexpensive and fast!

3. WinZip v. 9.0 (cheap) at http://www.winzip.com -- a must have. Adds encryption to compression.

4. BestCrypt v.7.0 and BCWipe (cheap) at http://www.jetico.com

5. AxCrypt (free) at http://axcrypt.sourceforge.net

6. FineCrypt (free) at http://www.finecrypt.net. While at this site read article by Peter Meyer, "An Introduction to the Use of Encryption".

7. Encrypted Magic Folders (cheap) at http://www.pc-magic.com/des.htm -- "gives you automated and transparent encryption. Select folders whose files you want encrypted and EMF not only makes those folders and files completely invisible to others but decrypts and encrypts the files automatically and transparently as you use them. You won't even know you're using encrypted files as EMF does all the work behind the scenes."

Abi-Coder and Finecrypt are best at selectively encrypting files. Encrypted Magic Folders and MaxCrypt are best when you want to encrypt entire folders.

Finally, the makers of Encrypted Magic folders (pc-magic) also makes a handy encryption tool for those of you who like to keep your files on CD's, flash drives or even floppies. It's called CD-lock at http://www.cd-lock.com. "CD-Lock secures your removable media by scrambling the filenames and encrypting all the files with Blowfish. Yet, just enter the password when the CD is inserted into any computer running Win2000 or XP and you can instantly use the files as you always have -- without the need to decrypt them first."

One more thing. The HIPAA encryption requirements call for 112-bit symmetric encryption and 1024-bit asymmetric encryption. That's all. This standard should be easily met or exceeded by the tools I mentioned and hundreds of others. For an interesting discussion of HIPAA security compliance issues, see the Computerworld article here: New HIPAA security rules could open door to litigation: http://tinyurl.com/42o5x.

Those of you with small practices should be quite relieved to learn (quoting from the article) that, according to Karen Trudel, Deputy Director of the Office of HIPAA standards at CMS, "...the HIPAA security standards were carefully crafted to be "technology neutral" and to allow health care providers wide latitude to devise their own security policies and practices based on their own risk assessments and risk management efforts geared to their specific size and complexity. CMS dropped many mandated requirements contained in an earlier proposed rule, making them merely "addressable," Trudel said. In other words, they're optional. "For example, the encryption of PHI transmitted over the Internet is no longer mandated and can be based on risk assessment. That means that when one doctor sends e-mail to another doctor about a patient consultation, encryption may not be necessary. But if "you're a large [health care] organization sending a bunch of transactions, then you would want to encrypt," Trudel said."


This information was originally posted on the Division 42 listserv in February 2005, and is edited/reproduced by the kind permission of Andrew Ursino, PhD, Syracuse, NY. Email: HUISAAU@OMH.STATE.NY.US