Skip to main content
Find a Lawyer

Code of Federal Regulations Title 45. Public Welfare § 45.170.210 Standards for health information technology to protect electronic health information created, maintained, and exchanged

Current as of January 02, 2025 | Updated by Findlaw Staff

The Secretary adopts the following standards to protect electronic health information created, maintained, and exchanged:

(a) Encryption and decryption of electronic health information—

(1) [Reserved by 85 FR 25940]

(2) General. Any encryption algorithm identified by the National Institute of Standards and Technology (NIST) as an approved security function in Annex A of the Federal Information Processing Standards (FIPS) Publication 140–2, October 8, 2014 (incorporated by reference in § 170.299).

(b) [Reserved by 79 FR 54478]

(c) Hashing of electronic health information.

(1) [Reserved by 85 FR 25940]

(2) Standard. A hashing algorithm with a security strength equal to or greater than SHA–2 as specified by NIST in FIPS Publication 180–4 (August 2015) (incorporated by reference in § 170.299).

(d) Record treatment, payment, and health care operations disclosures. The date, time, patient identification, user identification, and a description of the disclosure must be recorded for disclosures for treatment, payment, and health care operations, as these terms are defined at 45 CFR 164.501.

(e) Record actions related to electronic health information, audit log status, and encryption of end-user devices.

(1)(i) The audit log must record the information specified in sections 7.1.1 and 7.1.2 and 7.1.6 through 7.1.9 of the standard specified in § 170.210(h) and changes to user privileges when health IT is in use.

(ii) The date and time must be recorded in accordance with the standard specified at § 170.210(g).

(2)(i) The audit log must record the information specified in sections 7.1.1 and 7.1.7 of the standard specified at § 170.210(h) when the audit log status is changed.

(ii) The date and time each action occurs in accordance with the standard specified at § 170.210(g).

(3) The audit log must record the information specified in sections 7.1.1 and 7.1.7 of the standard specified at § 170.210(h) when the encryption status of electronic health information locally stored by health IT on end-user devices is changed. The date and time each action occurs in accordance with the standard specified at § 170.210(g).

(f) Encryption and hashing of electronic health information. Any encryption and hashing algorithm identified by the National Institute of Standards and Technology (NIST) as an approved security function in Annex A of the FIPS Publication 140–2 (incorporated by reference in § 170.299).

(g) Synchronized clocks. The date and time recorded utilize a system clock that has been synchronized following (RFC 5905) Network Time Protocol Version 4, (incorporated by reference in § 170.299).

(h) Audit log content. ASTM E2147–18, (incorporated by reference in § 170.299).

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Code of Federal Regulations Title 45. Public Welfare § 45.170.210 Standards for health information technology to protect electronic health information created, maintained, and exchanged - last updated January 02, 2025 | https://codes.findlaw.com/cfr/title-45-public-welfare/cfr-sect-45-170-210/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard