from the pages of

EMAIL THIS PAGE FORMAT FOR PRINTING SUBSCRIBE

Medical Records Briefing Strategies for Health Care Compliance

Devices and tools used to store and transmit electronic protected health information (ePHI), such as personal computers, flash drives, and remote access devices, are a source of growing concern at CMS. If your coders work remotely, now is the time to reexamine your security policies.

In December 2007, CMS announced a contract with PricewaterhouseCoopers for the company to conduct security audits that address CMS’ remote access guidelines released in 2006.

CMS expressed concerns about remote access in a recent security guidance and said:

In general, covered entities should be extremely cautious about allowing the offsite use of, or access to ePHI. There may be situations that warrant such offsite use or access, e.g., when it is clearly determined necessary through the entity’s business case(s), and then only where great rigor has been taken to ensure that policies, procedures, and workforce training have been effectively deployed, and access is provided consistent with the applicable requirements of the HIPAA Privacy Rule.

CMS has also said that covered entities should pay particular attention to three areas:

• Risk analysis and risk management strategies
• Policies and procedures for safeguarding ePHI
• Security awareness and training on the policies and procedures for safeguarding ePHI

Click here to learn how you can improve the security of your remote coding program.

The cost is $10. Medical Records Briefing subscribers can sign on for free access.