The medical reasons for encryption are due to Federal Law, specifically, the Health Insurance Portability and Accountability Act of 1996, HIPAA. From the HIPAA web site.
The law is clear: October 16, 2003 is the deadline for covered entities to comply with HIPAA’s electronic transaction and code sets provisions. After that date, covered entities, including health plans, may not conduct noncompliant transactions.
The law text is huge and I didn't read all of it. Even if I did, I doubt I would understand all of it. Best I can tell, the types of protected medical info is listed below. How each of these related to emergency amateur radio communications is best speculated upon by those who do such.
From 45 CFR Part 162
. . . the Secretary adopted
standards for eight electronic transactions and six code sets. The
transactions are:
[sbull] Health Care Claims or Equivalent Encounter Information;
[sbull] Eligibility for a Health Plan;
[sbull] Referral Certification and Authorization;
[sbull] Health Care Claim Status;
[sbull] Enrollment and Disenrollment in a Health Plan;
[sbull] Health Care Payment and Remittance Advice;
[sbull] Health Plan Premium Payments; and
[sbull] Coordination of Benefits.
The code sets are: International Classification of Diseases, 9th
Edition, Clinical Modification, Volumes 1 and 2;
[sbull] International Classification of Diseases, 9th Edition,
Clinical Modification, Volume 3 Procedures;
[sbull] National Drug Codes;
[sbull] Code on Dental Procedures and Nomenclature;
[sbull] Health Care Financing Administration Common Procedure
Coding System; and
[sbull] Current Procedural Terminology, 4th Edition.
This final rule adopts modifications to the August 17, 2000
transaction and code set standards.
Read all the gory details at
http://aspe.hhs.gov/admnsimp/bannertx.htmAs far as encryption requirements, none are required on a closed network (say a hospitals LAN, although this seems gray to me, since very few truly stand alone nets exist (those with NO connections directly or indirectly to the internet). If data is sent over an open network (e.g. the Internet, or amateur radio), encryption is required. Looks like FIPS 197 encryption is not specifically required but is a good choice (most recent design, strongest cryptographically). Other include DES, Triple DES, AES (which is FIPS 197 compliant) and RSA.
More info at
http://csrc.nist.gov/CryptoToolkit/tkencryption.htmlhttp://www.cs.virginia.edu/~acw/security/e-Logistics%20of%20Securing%20Medical%20Data.pdf