CMS Issues Guidance on Securing Remotely Accessed Health Data
January 12th, 2007 | Published in Healthcare IT, Patient Flow
According to AHA News:
The Centers for Medicare & Medicaid Services has released guidance
to help organizations comply with the Health Insurance Portability and
Accountability Act’s security standards when they allow remote access
to electronic protected health information through portable devices or
external systems or hardware. In general, CMS said HIPAA-covered
entities should be “extremely cautious” about allowing offsite use of
or access to EPHI, and must implement policies and procedures to
protect EPHI that is stored on remote or portable devices/media or
transmitted over an electronic communications network. The agency said
it may rely on the guidance in determining whether actions by a
HIPAA-covered entity are reasonable and appropriate for safeguarding
the confidentiality, integrity and availability of EPHI.
to help organizations comply with the Health Insurance Portability and
Accountability Act’s security standards when they allow remote access
to electronic protected health information through portable devices or
external systems or hardware. In general, CMS said HIPAA-covered
entities should be “extremely cautious” about allowing offsite use of
or access to EPHI, and must implement policies and procedures to
protect EPHI that is stored on remote or portable devices/media or
transmitted over an electronic communications network. The agency said
it may rely on the guidance in determining whether actions by a
HIPAA-covered entity are reasonable and appropriate for safeguarding
the confidentiality, integrity and availability of EPHI.
This is not rocket science, but the guidance document provides a good roadmap to make sure all your bases are covered.
[Hat tip: iHealthBeat]
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment