Patient Satisfaction Planner

CMS offers guidance on HIPAA security rule

The Centers for Medicare & Medicaid Services has released guidance to help organizations comply with HIPAA security standards when they allow remote access to electronic protected health information (EPHI) through portable devices or external systems or hardware.

Entities covered by HIPAA should be "extremely cautious," CMS said, about allowing offsite use of or access to EPHI , and must implement policies and procedures to protect EPHI that is stored on remote or portable devices/media or transmitted over an electronic communications network.

CMS said it may rely on the guidance in determining whether actions by a HIPAA-covered entity are reasonable and appropriate for safeguarding the confidentiality, integrity, and availability of EPHI.