Tuesday, January 09, 2007

HIPAA Security Guidance for Remote Use and Access to Electronic PHI

CMS has issued HIPAA Security Guidance (link to guidance document pdf) for HIPAA covered entities on the risks and possible mitigation strategies for remote use of and access to Protected Health Information (EPHI). The guidance sets forth CMS' minimal compliance expectations for covered entities seeking to safeguard EPHI that is accessed, stored or transported offsite.

This guidance should be useful for those health care facilities and providers to assess current policies and procedures used to maintain the confidentiality of health information.

1 comment:

Jon Shankman said...

I'm curious as to what the restrictions might be surrounding the issuing of login cards to individual members/patients to access their web-based PHRs/EMRs. These cards would have unique username/passwords printed on them for assisting these (authorized) individuals with logon. The advantages are obvious. E.g., If they end up in an ER, they can hand the MD the card to gain access to critical medical history, emergency contacts, PCP contact info, etc.