Covid-19 has brought many radical changes to the way hospitals and healthcare organisations work during 2020. Non-clinical employees and contractors with quality Internet connections at home were given approved devices and some quick training and off they went blazing into a new work from home (WFH) trend. Initially, most thought that this was temporary, but now all of this has changed. It is now clear that Covid-19 is not going away anytime soon as the whole world keeps experiencing new variants. Organisations have realised that they can reduce costs on real estate and expensive of office space. Employees can eliminate commutes and have more personal and family time. Not surprisingly productivity has increased with this new way of working. Progressive healthcare organisations are not going to go back to the old ways.
Maintaining HIPAA compliance and data security breaches are top of mind concerns of most Chief Information Officers. With all these employees working from home there is a potential risk for HIPAA violations. Protected health information (PHI), includes any patient related health data and as such it is protected under HIPAA, to ensure that it remains private.
Employees new to work from home/remote work need a refresher training on HIPAA compliance since so much new technology is based in the home and no longer centralised in the office. Employees also need security software such as firewalls, antivirus, antimalware, virtual private network (VPN) for their home-based technology needs. In order to remain HIPAA compliant, employees also need training about reporting data breaches.
Here are some steps that hospitals and healthcare organisations should take to ensure HIPAA compliance:
- HIPAA training programmes to educate employees for a work from home environment
- Monitoring hardware and software to ensure that encryption is always used
- Educating patients with HIPAA compliance methods used buy work from home employees
- Providing hardware and software for work only use, and making sure the configurations are approved by the information technology department
- Requiring the use of a VPN—a virtual private network—which encrypts all data when remotely accessing a healthcare network from home
Since work from home is so new many health care organisations may find that hiring a Managed Service Provider (MSP) might be able to assist them with all the complexity. Many MSP's provide remote monitoring and management (RMM) services
which can make sure that employees are following the training that they received and properly using hardware and software in this new environment.
The following are some good policies and procedures that IT departments should implement and enforce to keep their organisations HIPAA compliant:
- Encrypting passwords and requiring strong passwords or better yet mandate two factor authentication (2FA)
- Requiring the installing a special screens on your device to ensure privacy
- Restricting device usage to only employees and excluding family members from access
- Requiring the shredding paper documents with PHI
- Prohibiting the posting of work-related information on social media
- Providing employees with devices that automatically encrypt PHI before sending emails