Close this search box.

+1 (888) 895-8366

It can be hard to visualize abstract concepts, so let’s pretend that the inside of your house is transmitted data. To make sure people don’t enter without your permission, you likely use a lock on the front door. Think of this like encryption.

Unfortunately, even with a lock, criminals may try to bust your door in with brute force to access the valuables inside. As tools to accomplish this continue to improve, the need for powerful protection is greater than ever.

Encryption may seem complicated at first, but understanding the basics is easy. In this article, we’ll cover the basics so you can better gauge the strength of your organization’s encryption measures.


As mentioned above, encryption is like a lock that protects your sensitive data from prying eyes. The process begins with readable data known as plaintext. This process randomizes the data into ciphertext so it’s completely unreadable.

In order to decrypt the data and return it to its readable state, the recipient must have the cryptographic key. In terms of a house, this is like the key to the front door. 

When using encryption-based messaging or data transfer systems, the intended recipient should be the only one who has the encryption key. This generally requires no input from the intended recipient.

Instead of lockpicks, hammers, or other such tools, cybercriminals seeking to break encryption use powerful computers. This is why powerful encryption keys are essential.


Encryption methods are generally identifiable by two features: key length and encryption type. The key length is determined by the number of characters – or bits – present in the key. 128- and 256-bit are the most common lengths. 

The encryption type is a bit more complicated, so let’s cover the categories before diving in. 

There are two categories of encryption, symmetric and asymmetric. Symmetric uses the same key to encrypt and decrypt data. Asymmetric uses different keys to encrypt and decrypt data.

The various types of encryption fall into these two categories. Let’s cover the ones ChartRequest hand-selected to protect medical records from potential cybercriminals.

ChartRequest uses industry-leading data protection and military-grade security policies combined with full 256-bit SSL encryption and 2048-bit private keys and AES multi-layered encryption for all documents and data, both at rest and in transit.

First, AES is a symmetric block cipher used by the United States government to encrypt sensitive information. In a feature for ComputerWorld, Joe Moorcones, SafeNet vice president, stated, “AES, which typically uses keys that are either 128 or 256 bits long, has never been broken.”

SSL is a hybrid type of encryption that uses an asymmetric public and private key pair that perform a “handshake” when a device attempts to connect to an encrypted server to establish a secure session. Within this session, encryption for exchanged data is symmetric. 


The requirements for compliance with the HIPAA Security Rule are broken down into 3 categories. These are administrative safeguards, technical safeguards, and administrative safeguards. 

What are the Security Rule Technical Safeguards

Encryption of protected health information falls under technical safeguards. The technical safeguards fit into 5 sections. In order to be compliant with the technical safeguards of the HIPAA Security Rule, covered entities and business associates must: 

  1. Implement policies that only allow access to systems that store protected health information to authorized users and software programs. This must use essential implementation specifications. These include creating unique user identification identifiers, an emergency access procedure, automatic logoff, and PHI encryption and decryption.
  2. Implement audit controls to log activity performed within information systems that house protected health information. This helps HHS to determine the root cause of each breach and whether an unauthorized individual accessed PHI.
  3. Ensure the integrity of medical information by implementing policies and procedures to prevent unauthorized individuals from editing or deleting PHI. This includes mechanisms to help guarantee that records have not been altered.
  4. Authenticate requestors’ identities before disclosing their electronic protected health information. Sending patient medical information to the wrong individual constitutes a HIPAA breach, and this is essential due diligence.
  5. Implement transmission security measures to ensure unauthorized individuals don’t breach PHI in transmission. This includes encrypting protected health information during the exchange.

Encryption and the Technical Safeguards

As you likely noticed, the technical safeguards don’t specify encryption requirements. This allows healthcare organizations of all sizes to customize their security measures based on their capabilities. 

This can make it difficult to be certain that your security measures are adequate, however. Insufficient security can lead to medical record breaches and steep HIPAA penalties

Don’t leave HIPAA compliance to chance, be sure that your record exchange is compliant with ChartRequest. 

Want to learn about our HIPAA compliance measures? Click here to check out our white paper!

While transmitting medical records via fax may be a habit, remember that faxes aren’t encrypted. This means that anybody who intercepts the fax will be able to view the contents.

Reduce your chance of medical record breaches by using the most secure record exchange platform available, and create your ChartRequest account today!

Leverage Medical Records For Mass Tort Payouts
Mass tort payouts can be massive, but they often require quick and accurate access to your clients' medical records.
Hackensack Meridian Health Penalized $100K For Medical Records Right of Access Penalty
Hackensack Meridian Health, also known as Essex Residential Care, recently faced a $100,000 penalty for Right of Access failure.
What Is the Epic Vs. Particle Health Dispute Regarding Carequality?
The dispute between Epic vs. Particle Health has healthcare professionals split, and this article provides an unbiased breakdown.
Mass Tort Litigation Guide for Personal Injury Attorneys
Mass tort litigation can be a practical way to pursue compensation for numerous personal injury and medical malpractice claimants.
What is a Combined Ratio in Risk Adjustment?
The combined ratio is a financial metric that measures insurance company revenue compared to claims payout.
10 EHR Systems for Physicians to Consider in 2024 by ChartRequest
Reviewing EHR systems can be daunting, so this article covers what you should look for and features 10 high-end systems for you to compare.

Want to Stay Updated?

Subscribe to our newsletter to learn:

  • Tips to Ensure Compliance
  • Strategies for ROI Success
  • Relevant Healthcare News

We respect your inbox, so we’ll only reach out to share high-quality content.

Sign Up for Automated Care Coordination Updates!

Our automated care coordination and referral management solution is coming soon!
If you’d like to be the first to learn new information and find out when it’s ready, please fill out this form:
This field is for validation purposes and should be left unchanged.