That was my point. If there are procedures in place for the office environment, those same processes apply for telecommuting. I think we've got it!
----- Original Message ----- From: "B-Squared" <[EMAIL PROTECTED]> To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> Sent: Tuesday, February 18, 2003 3:49 PM Subject: RE: Home and Offsite Use of PHI > Rebecca, > > Doug is right on the mark! Section 1173(d)(2) states: " each person who > maintains or transmits health information shall maintain reasonable and > appropriate administrative, technical, and physical safeguards to insure the > integrity and confidentiality of the information." > > The above language makes no distinction between internal and external data > movement. If you have remote employees working from home offices, your > security policies must address both the PIH "at rest" at those locations as > well as any PIH transmitted from those locations. > > Regards, > > Bryan Bain > HIPAA Security Product Mgr. > PoliVec > www.polivec.com > > > -----Original Message----- > From: Doug Webb [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 18, 2003 4:29 PM > To: WEDI SNIP Privacy Workgroup List > Subject: Re: Home and Offsite Use of PHI > > > Rebecca, > That is precisely the point. PHI that leaves the office by any means must > still be protected to the same level as the office information, and it is > much more difficult to do, because you do not have the same control over the > off-site environment. > > Therefore, your policies need to be considerably more parinoid than those of > a locally-contained system. > > Whether it leaves on a piece of paper, in a laptop, over a phone line, or > via the Internet, policies and procedures must identify all possible risks, > evaluate them, and address them at the level that reduces your percieved > risk to an acceptable level (there is no such thing as no risk). > > Just a few additional risks (this is by no means anywhere close to > exhaustive) you're exposed to: > Hacker access to the main system (you've exposed it to the outside -- > outside access protection must be a lot stronger than inside access) > Stolen laptop > Little Johnny downloaded a game with a virus > Internet snooping on the data being transferred > Your latest houseguest looking over your shoulder > You lost the slip of paper with directions to the patient's home that also > contained why you were going there (that last makes it PHI). > Backup policies for the home machine > etc, etc, etc! > > The opinions expressed here are my own and not necessarily the opinion of > LCMH. > > Douglas M. Webb > Computer System Engineer > Little Company of Mary Hospital & Health Care Centers > [EMAIL PROTECTED] > > "This electronic message may contain information that is confidential and/or > legally privileged. It is intended only for the use of the individual(s) and > entity(s) named as recipients in the message. If you are not an intended > recipient of the message, please notify the sender immediately, delete the > material from any computer, do not deliver, distribute, or copy this > message, and do not disclose its contents or take action in reliance on the > information it contains. Thank you." > > > > ----- Original Message ----- > From: "Rebecca Cowling" <[EMAIL PROTECTED]> > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > Sent: Tuesday, February 18, 2003 12:25 PM > Subject: Re: Home and Offsite Use of PHI > > > > Question: If an employee is working with PHI away from an office > location, > > why would that employee be taking paper from the office? Would the > employee > > not be working with electronic information? And if so, the security login > > procedure should guard against unauthorized access. > > > > Off-site access to PHI should be governed by the same policies as on-site > > access, I would think. Am I missing something here? > > > > ----- Original Message ----- > > From: "Shah Rakesh" <[EMAIL PROTECTED]> > > To: "WEDI SNIP Privacy Workgroup List" <[EMAIL PROTECTED]> > > Sent: Tuesday, February 18, 2003 12:11 PM > > Subject: RE: Home and Offsite Use of PHI > > > > > > > We, as a large health plan, are utilizing employee confidentiality > > > statements that have been revised to include language specific to > > protecting > > > PHI in instances where employees carry it off-site to perform their > > regular > > > duties. Examples include field nurses collecting data for HEDIS studies, > > > employees processing claims at home, etc. All employees that do handle > > the > > > PHI offsite are being asked to sign these statements. Additionally, the > > > training for such employees will include a emphasis on protection of PHI > > > when it is off-site. > > > > > > Thanks > > > > > > Rakesh Shah > > > HIPAA Privacy Project Manager > > > PacifiCare Health Systems > > > > > > > -----Original Message----- > > > > From: M. Newsome [SMTP:[EMAIL PROTECTED]] > > > > Sent: Tuesday, February 18, 2003 9:44 AM > > > > To: WEDI SNIP Privacy Workgroup List > > > > Subject: Home and Offsite Use of PHI > > > > > > > > I would like to know how others are addressing home and offsite use of > > PHI > > > > for telecommuters. If anyone has any p&p's they would be willing to > > share > > > > -- > > > > that would be most appreciated. > > > > > > > > Please feel free to contact me off-line. > > > > > > > > Thank you, > > > > > > > > > > > > M. Newsome > > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > --- > > > > The WEDI SNIP listserv to which you are subscribed is not moderated. > The > > > > discussions on this listserv therefore represent the views of the > > > > individual participants, and do not necessarily represent the views of > > the > > > > WEDI Board of Directors nor WEDI SNIP. If you wish to receive an > > official > > > > opinion, post your question to the WEDI SNIP Issues Database at > > > > http://snip.wedi.org/tracking/. These listservs should not be used > for > > > > commercial marketing purposes or discussion of specific vendor > products > > > > and services. They also are not intended to be used as a forum for > > > > personal disagreements or unprofessional communication at any time. > > > > > > > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > > > > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > > > > http://subscribe.wedi.org or send a blank email to > > > > [EMAIL PROTECTED] > > > > If you need to unsubscribe but your current email address is not the > > same > > > > as the address subscribed to the list, please use the > > > > Subscribe/Unsubscribe form at http://subscribe.wedi.org > > > > > > > > > This electronic message transmission, including any attachments, > contains > > information from PacifiCare Health Systems Inc. which may be confidential > or > > privileged. The information is intended to be for the use of the > individual > > or entity named above. If you are not the intended recipient, be aware > that > > any disclosure, copying, distribution or use of the contents of this > > information is prohibited. > > > > > > If you have received this electronic transmission in error, please > notify > > the sender immediately by a "reply to sender only" message and destroy all > > electronic and hard copies of the communication, including attachments. > > > > > > > > > > > > --- > > > The WEDI SNIP listserv to which you are subscribed is not moderated. The > > discussions on this listserv therefore represent the views of the > individual > > participants, and do not necessarily represent the views of the WEDI Board > > of Directors nor WEDI SNIP. If you wish to receive an official opinion, > post > > your question to the WEDI SNIP Issues Database at > > http://snip.wedi.org/tracking/. These listservs should not be used for > > commercial marketing purposes or discussion of specific vendor products > and > > services. They also are not intended to be used as a forum for personal > > disagreements or unprofessional communication at any time. > > > > > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > > > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > > http://subscribe.wedi.org or send a blank email to > > [EMAIL PROTECTED] > > > If you need to unsubscribe but your current email address is not the > same > > as the address subscribed to the list, please use the > Subscribe/Unsubscribe > > form at http://subscribe.wedi.org > > > > > > --- > > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the individual > participants, and do not necessarily represent the views of the WEDI Board > of Directors nor WEDI SNIP. If you wish to receive an official opinion, post > your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. These listservs should not be used for > commercial marketing purposes or discussion of specific vendor products and > services. They also are not intended to be used as a forum for personal > disagreements or unprofessional communication at any time. > > > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] > > If you need to unsubscribe but your current email address is not the same > as the address subscribed to the list, please use the Subscribe/Unsubscribe > form at http://subscribe.wedi.org > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The > discussions on this listserv therefore represent the views of the individual > participants, and do not necessarily represent the views of the WEDI Board > of Directors nor WEDI SNIP. If you wish to receive an official opinion, post > your question to the WEDI SNIP Issues Database at > http://snip.wedi.org/tracking/. These listservs should not be used for > commercial marketing purposes or discussion of specific vendor products and > services. They also are not intended to be used as a forum for personal > disagreements or unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at > http://subscribe.wedi.org or send a blank email to > [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as > the address subscribed to the list, please use the Subscribe/Unsubscribe > form at http://subscribe.wedi.org > > > --- > The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. > > You are currently subscribed to wedi-privacy as: [EMAIL PROTECTED] > To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] > If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org