Remote+Access+to+PHI

Health care organizations are under significant stress to allow remote access to personal health information in the field or from the homes of health care workers. The Ontario Information and Privacy Commissioner issued her [|Order HO-004] which addressed the issue of PHI stored on laptop computers and directed Ontario health information custodians to employ measures such as encryption to protect PHI on laptops and other portable devices.

I found an excellent reference guideline on the security considerations for remote access published by the US Department of Health and Human Services titled [|Security Guidance for Remote Use][|.] This is published under the auspices of the HIPAA Security Rule. What I really like about this document is that it takes a risk management approach to considering the problem of remote access. The document looks at the risks of allowing remote access and suggests possible risk mitigation strategies.

This document is HIGHLY Recommended.