Protected health care information (PHI) stored on a USB flash drive must be encrypted with an accredited Federal Information Processing Standard (Publication 140-2) cryptology. Standard USB Flash drive can be made compatible by adding encryption software.
Many Flash Drive manufactures are now selling compliant devices. Most secure USB flash drives use some form of the Advanced Encryption Standard (AES) encryption, either 128-bit or 256-bit. These levels are approved by the U.S. government for encrypting secret-level and top-secret-level documents and are HIPAA Compliant. AES Security depends largely on the length and complexity of the password. Most experts say a complex 16 to 20 character password is required.