Health Information Management

HIPAA Q&A: Taking PHI home

HIPAA Weekly Advisor, October 5, 2009

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Q. Several weeks ago, some security specialists indicated that their staff members take paper PHI home with them to get caught up on their work. Is taking PHI home to process it legal?

A
. Yes, workforce members may process electronic and nonelectronic PHI remotely from their homes. The HIPAA security and privacy rules do not prohibit this practice. However, the rules do require adoption of appropriate remote access policies, procedures, and practices that include transporting the PHI securely and reasonably ensuring that it is secure when processed remotely.

Taking PHI home represents an additional security risk, as does any work performed remotely that requires access to electronic or nonelectronic PHI. A significant risk exists when organizations fail to implement appropriate remote policies, procedures, and practices and fail to monitor remote access and PHI use regularly.

CMS published remote access guidelines in 2007 that facilities and their remote workers should follow. The guidelines do not address remote use of paper PHI, but they include guidelines to minimize risk.

Taking any PHI home creates new environments that need to be secure—the mode of transportation a full- or part-time teleworker uses to carry PHI and the home where he or she accesses it.

Editor’s note: Chris Apgar, CISSP, answered this question. This is not legal advice. Consult your attorney regarding legal matters.



Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • Medical Records Briefing

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentaion can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • A Marketer's Guide to HIPAA:

    This unique resource is the first of its kind—a concise, yet detailed primer for healthcare marketing, communications...

Most Popular

Related Articles