The javascript used on this site for creative design effects is not supported by your browser. Please note that this will not affect access to the content on this web site.
Skip Navigation
H H S Department of Health and Human Services
U.S. Department of Health and Human Services
Health Information Technology and Quality

A-Z Index  |  Questions?  |  Order Publications  |  HRSA Mobile

What technologies and methodologies render PHI unusable, unreadable, or indecipherable?

PHI can be rendered "unusable, unreadable, or indecipherable" if the data is either encrypted or destroyed according to specified technologies or methodologies.

In encrypting PHI, the strength of the encryption algorithm is most important.  The algorithmic process should transform the PHI into a form that has low probability of being assigned meaning without use of a confidential process or key.  The confidential process or should be stored at a location or on a device that is separate from the data it is used to encrypt or decrypt to avoid a breach.

The destruction method is dependent on the type of media.  Paper, film, and other hard copy media should be shredded or destroyed so that the PHI cannot be read or be reconstructed.  Electronic media should be cleared, purged or destroyed so that the PHI cannot be retrieved and be consistent with NIST Special Publication 800-88, Guidelines for the Media Sanitization (PDF - 541KB).


Developed by the Health Resources and Services Administration as a resource for health centers and other safety net and ambulatory care providers who are seeking to implement health IT.
Health Information Technology Toolboxes help health centers, safety net providers, and ambulatory care providers with electronic and online resources and technical assistance to improve patient care.  More>
Stay Informed