This applies to both the employee and the data they handle. The concept of ‘work from home’ was until now low on the interest chain, as employers hesitated to do so for so many reasons including data security. The lockdown has forced employers and millions of workers across countries to adopt and adapt in accelerated time. To their credit, organizations have removed their blindfolds against ‘work from home’ after experiencing only minor, or nil impact on productivity.
For the healthcare industry unlike other industries, work from home is a major challenge, as there is a need to being HIPAA-compliant. A report from the HIPAA Journal 2020, showed that the total number of records breached in the month of February 2020 is 1,531,855, which is thrice the combined records of the past three months.
Though an enormous challenge, it is feasible to ensure employees are HIPAA-compliant when working from their homes. Outlined below are some specific rules and policies that employers can implement, to ensure the safety of the PHI handled.
1. Employees who are going to work from home will use their own Internet service provider. This wireless home router needs to be protected with a strong password which is accessible only to the employee and his/her family members. The network needs to be encrypted with WPA2 (being the latest and current standard encryption language). It is also very important to keep a strong network administrator password (required to make changes to the network settings).
2. Devices both personal and company issued, need to be password-protected and a firewall should be installed especially in personal devices, to allow only authorized traffic to the device.
3. Compulsory usage of VPN to access company core systems and intranet, as it adds an additional level of security by providing a secure and encrypted passage for transmission of data.
4. Latest updates of all devices, firewalls and various software that deals with storage, usage and transmission of PHI.
1. Educate employees on HIPAA do’s and don’ts. Make them understand that every individual is independently liable and responsible to maintain compliance.
2. Make employees aware of malware, ransomware attacks and ways to spot an insidious email or cookie, and how to deal with it.
3. Have employees sign additional non-disclosure agreements which specify the guidelines of handling PHI from outside work networks and strict compliance to keep passwords and other files related to PHI, confidential from family members.
4. Create a HIPAA checklist to ensure coverage of all possible aspects of security.
5. Develop a team to supervise all technical implementations and monitor employee adherence. The team should also continuously assess possible risk and take necessary steps to prevent a breach.
6. Have a contingency plan in place to manage any untoward breach.
These are some steps that can be very helpful in adhering to HIPAA mandates. The technical implications are very important and crucial in protecting PHI. According to HIPAA journal, in 2019 the data breaches reported to HHS’s office of Civil Rights due to hacking and other IT security breaches, accounted to more than 59%, and it continues to be the main cause of breach in January and February 2020 as well. With your employees working from their private networks and devices, your primary area of security should focus on the technical implications.
With the current pandemic situation, work from home is going to be around for a long time even after the pandemic is curbed, thereby slowly becoming the default model. RCM operations running smoothly play a major role in understanding the nature of the pandemic and ensuring the health of the caregiving entities. Hence staying HIPAA compliant is the most important aspect of business continuity.
Happy working from the comfort of your homes and add HIPAA to your list of pandemic safeguards.