What technologies and methodologies render PHI unusable, unreadable, or indecipherable?
PHI can be rendered "unusable, unreadable, or indecipherable" if the data is either encrypted or destroyed according to specified technologies or methodologies.
In encrypting PHI, the strength of the encryption algorithm is most important. The algorithmic process should transform the PHI into a form that has low probability of being assigned meaning without use of a confidential process or key. The confidential process or should be stored at a location or on a device that is separate from the data it is used to encrypt or decrypt to avoid a breach.
The destruction method is dependent on the type of media. Paper, film, and other hard copy media should be shredded or destroyed so that the PHI cannot be read or be reconstructed. Electronic media should be cleared, purged or destroyed so that the PHI cannot be retrieved and be consistent with NIST Special Publication 800-88, Guidelines for the Media Sanitization (PDF - 541KB).
E-mail the HealthIT e-mail box: email@example.com