OSMA Membership

Take a few moments to join or renew online so you can make sure that you will continue to receive the benefits of OSMA membership and help the future of medicine remain strong.

Join Renew

Upcoming Events

View all upcoming events

Subscribe to Events

Find a Physician

Or use the Advanced Finder to make your search more specific.

HHS Encryption and Destruction Standards

The Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of the American Recovery and Reinvestment Act of 2009 (ARRA) requires the Department of Health and Human Services to publish guidance on how to make protected health information (PHI) secure. HHS issued initial guidance in April 2009 and updated guidance as part of the HITECH breach notification rules in August 2009. The guidance specifies encryption and destruction as the only methodologies or technologies that render electronic PHI secure. The guidance further names certain standards tested by the National Institute of Standards and Technology (NIST) as meeting the HITECH requirement to render PHI "unusable, unreadable, or indecipherable to unauthorized individuals." HHS will update the guidance annually.

Click here to read the HHS Guidance.

Physician practices must continue to comply with the HIPAA Security Rule with respect to electronic PHI.