Data encryption is a well-accepted procedure for keeping data secured to facilitate HIPAA compliance that emphasizes on proper control in storing and distributing ePHI data. To keep data away from the reach of unauthorized persons you either have to protect it by encrypting data or burn it. There are no other foolproof methods of data protection.  Although data encryption is not mandatory according to the HIPAA rules, as things turn out, you will find yourself in a position when you would think that encryption is the most reasonable and appropriate means of protecting data.  Whether or not you ought to implement data encryption depends upon risk analysis, the security measures in place, risk mitigation strategy and the cost involved in the process.  

Best HIPAA practices

To do or not to do encryption is a call that you must take after careful analysis of the circumstances. However, you would realize that following the procedure of data encryption is part of the best practices in HIPAA compliance. Therefore, keeping aside all other reasons, this could be the prime consideration why you would find it sensible to encrypt data and play safe. In this article, we will explore how Salesforce meets the HIPAA standards for compliance.

Privacy, availability, and integrity

Individually identifiable health information is such sensitive data that it belongs to the category of protected health information or PHI according to the US Department of Health and Human Services.  Names and addresses together with birth dates, social security numbers and the information about payments made for health care constitute the body of PHI. The HIPAA regulations aim to protect the privacy and integrity of sensitive data and extend the protection even when making the data available. It is not an easy task to achieve unless you can make proper use of the Salesforce compliance features to comply with the HIPAA regulatory requirements.

Monitoring and controlling access to data

After identifying the data that you must control, it is time for locking the data. Devise policies for restricted access to data so that only authorized persons who have to use the data can get access to it. By using data key and passwords, you can create protocols for limited access to data for designated persons only.  The features of Salesforce in the cloud allow detection of potential violators so that you can take preventive steps before any damage happens.

Encryption of data and tokenization

Salesforce completely supports your initiatives in encrypting data, which is the ultimate step in data protection. Encrypting data ensures complete safety of data without worrying about leakages because even if the data happens to leak, the encryption will prevent using the data thereby avoiding any harm to you.  For effective HIPAA compliance by using Salesforce, it is advisable to make use of data encryption.

For enhanced security, Salesforce Shield Platform encryption offers additional protection to data that is completely out of the box because it has the capabilities of protecting data when all other lines of defense give up.

About the author: Lucy Jones is a software marketer. She was attracted to software development from the time she used to work for Currently, she is the marketing head of a company that provides support for Salesforce.