Over the past 10 years, remote work in the United States has become increasingly more popular.  As COVID-19 has required many employees to work from home, the popularity has increased tremendously.  Many employers and employees have noticed an increase in productivity, and many will remain working from home in some capacity after COVID-19 is under control. However, pandemic or no pandemic, HIPAA privacy and security requirements still apply. We are just as liable working from home or working remotely as we were working in the office.

Create a HIPAA-compliant Workspace

Creating a HIPAA-compliant home office is not just about the software.  Just like at work, the way your office is set up has a major impact on whether you are HIPAA compliant.

Here are some things to consider for your remote workers:

  • Do not use public networks if possible.  If you must use a public network, use a VPN service.
  • Use encryption and passwords to protect personal devices you may use to access PHI including laptops, tablets, and cell phones.
  • Ensure home wireless router traffic is encrypted and password protected.
  • Change the default passwords on all wireless routers in your home.
  • Close all applications and log off networks and websites when not in use.
  • Lock your screens when walking away from your computer.
  • Never leave your devices unattended.
  • Do not share sensitive data with others including co-workers and personal acquaintances.
  • Only access data if needed for work.
  • Avoid printing PHI if possible.  If you must print, keep all PHI data locked away and out of view.  When finished, file or shred the documents.
  • Minimize the ability for others to overhear an individual’s information.  For example, do not say their whole name out loud within hearing distance of others.
  • Do not allow friends, family, etc., to use your devices if they might contain PHI.
  • Limit email transmissions of PHI.  Use encryption tools if you must send PHI (most businesses provide tools to send encrypted emails).
  • Never share passwords.
  • Use a privacy screen or position your monitor(s) where others cannot see them.

While some HIPAA sanctions are being waived during the current pandemic, it does not relieve us from mishandling patients’ protected health information (PHI). The same physical and electronic security measures must be followed to safeguard the PHI entrusted to us.

Resources:
HIPAA Compliance for Remote Workers
HHS Waives Certain-HIPAA Privacy Sanctions
Defining Protected Health Information (PHI)

EnnAble Services partners with best-in-class solution providers for document management and cybersecurity.  If you want to learn more, contact us here.