HIPAA.edu?

Ben Wallerstein

For years, the idea of requiring ed tech providers to meet HIPAA/HITECH-type security standards has been a hot topic.„ΙColorado saw proposed legislation last year that would have mandated this, and New York's Parents Bill of Rights for Data Privacy and Security, passed in 2014, contains a provision requiring that vendors use encryption technology to protect data while in motion or in its custody from unauthorized disclosure using a technology or methodology specified by the Secretary of the United States Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5.

We're already beginning to see this issue come up again in state legislation this year. A new bill introduced and referred to the House education committee in Indiana also would require ed tech to comply with HIPAA/HITECH requirements for technical safeguards:„Ιhttp://www.whiteboardmonitor.com/billdatabase/billTexts.php?bill_id=887500&type=text

Here's the bill text:

(7) The outside party uses encryption technology to protect

22 data while the data is in motion or in the custody of the

23 outside party from unauthorized disclosure using a

24 technology or methodology specified by the secretary of the

25 United States Department of Health and Human Services in

26 guidance issued under 42 U.S.C. 17932.

„

Stay tuned!