The path to HIPAA compliance has many variables, and includes several different assessments, but fortunately there are services available to assess your business with respect to HIPAA standards.
A useful tool which has helped point numerous organizations in the right direction for compliance is a “HIPAA Risk Assessment”. Risk Assessments are useful in providing benchmarks for where your service should be, as compared to where you currently are. This is often referred to as a GAP Analysis with respect to HIPAA standards. Comprehensive security scans provide gap analyses and recommendations, which can act as a “roadmap” for HIPAA compliance. There’s a human interaction component too. Interviews are conducted with IT, Security and Business stake holders to provide a holistic review of your compliance posture.
Additionally, according to the US Department of Health and Human Services (HHS), “Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if;
An encryption algorithm meets 45 CFR 164.304 (the “definition of encryption
Process or key that might enable decryption has not been breached
“Decryption tools should be stored in a device or at a location separate from the data they are used to encrypt or decrypt