Outsource Management Group has a post about Understanding HIPAA Requirements for E-Security:
There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and (2)encryption.
Here are some good questions to ask yourself when accessing your data transfer security:
- How critical is the information being transmitted?
- What is the completeness of the information? That is, is this a complete medical record or is this just a snippet of information?
- How many individuals might be represented in the information? In other words, information about one person would have a different weight than information about a group of people.
- What is the level of the network's security? That's where you start to consider whether it's a local network or the Internet.
If you can not answer all these questions about your data transmission, it is likely that you will need to encrypt to ensure the integrity of your data and stay compliant with HIPAA.