Results 1 to 5 of 5

Thread: hipaa

  1. #1

    hipaa

    I read in some presentation that des, 3 des, aes are all acceptable by hipaa but not RSA.

    Is it so? Why?

    I am looking for the least complex algo that I should use if I were to pass HIPAA compliance. I am sending some data using sockets to my internent server from PDAs and mobile phones using j2ME.

  2. #2
    Senior Member
    Join Date
    May 2004
    Posts
    206
    I'm not sure if that's true, but it's ridiculous if it is. The congressmen who wrote HIPAA should read "Cracking DES" by the EFF.
    It is better to die on your feet than to live on your knees.

  3. #3
    Member ams2d's Avatar
    Join Date
    Aug 2001
    Location
    Indianapolis
    Posts
    58
    You may have already read through this one but in case you haven't:

    An Introductory Resource Guide for Implementing the HIPAA Security Rule

    Also if it is possible that people from outside the US could receive your data you may want to look into Safe Harbor as well.

    My work has only been related to sending out data for testing purposes so I only had to worry about making sure the actual data itself was "scrambled". Not something like you appear to be doing.
    Wise men talk because they have something to say;
    fools, because they have to say something.
    Plato

  4. #4
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    If I understand what you are doing... your process falls under the Privacy Regulations of the HIPAA Guidelines.

    Are you transmitting "identifiable Patient Health Information"?

    Are you also storing it on the server?

    The actual regulations, although faily long is also VERY grey. It says the data needs to be secured but is not specific on what method to use.

    Until it is tested in court no one will know for sure. What I have seen in the industry so far is any decent encryption method is OK and many of the ones you mentioned are being utilized.

    I know this does not totally answer your question but if you are a Healthcare organization you should have a Privacy Officer, he/she should be able to give you more direction.

    Any time I have to do anything with patient data I always run it past our Privacy Officer. Just to cover my butt

    m2
    Work... Some days it's just not worth chewing through the restraints...

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Originally posted here by Jareds411
    I'm not sure if that's true, but it's ridiculous if it is. The congressmen who wrote HIPAA should read "Cracking DES" by the EFF.
    EFF only cracked a 56bit key.

    HIPAA can use any encryption that uses atleast a 128bit symmetric key or 1024bit asymmetric key.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •