Critical Path Network

CMS offers guidance on HIPAA security rule

The Centers for Medicare & Medicaid Services has released guidance to help organizations comply with HIPAA security standards when they allow remote access to electronic protected health information (EPHI) through portable devices or external systems or hardware.

Entities covered by HIPAA should be "extremely cautious," CMS said, about allowing offsite use of or access to EPHI , and must implement policies and procedures to protect EPHI that is stored on remote or portable devices/media or transmitted over an electronic communications network.