MonicaS17
New
Hello everyone. I have a situation where I am being told that per the Social Security Administration and CMS, all data related to these programs is prohibited from being viewed, accessed, processed or stored outside of the United States, and as a result some state Medicaid's are following suit. I can't imagine this is completely accurate as we have so many positions outsourced offshore that have access to PHI and am positive that Medicare and Medicaid beneficiaries are in the data set. I have scoured the CMS website, HHS, HIPAA, and DHCS (California is the state in question currently), and cannot find this regulation. I have seen where they require disclosure of offshore associates that would access the data and require them to follow US HIPAA standards and training, but not that it is strictly prohibited. It seems like I would have heard something about this if this were true. Anyone have insight or can tell me where this prohibition is documented? Thank you all for your insight!