Your idea of working from home seems pretty cozy. You imagine sitting in your pajamas and your pet sitting at your feet keeping you company. But for medical professionals, working remotely involves some special precautions to ensure patient privacy and data security.
Furthermore, you are in an “employer workspace” now, so there are also OSHA considerations that must be met to make sure you are compliant.
The pandemic had many healthcare workers— coding, billing and administrative staff— pivot from working in an office to working from home. When this necessary change happened, very few practices considered what that workspace would look like and even if the employee had a “dedicated” workspace available to protect patients from HIPAA breaches, or to protect themselves from a hazardous work environment.
Also, with the relaxed use of telecommunications and the advancement of telehealth, practitioners can treat more patients remotely. In response to the national health emergency (PHE), working from home isn’t just comfortable, but it’s an important way to protect the health of patients and healthcare workers, when necessary.
HIPAA regulations have been relaxed during the pandemic in order to facilitate safe access to healthcare and remote coverage for patients. Even though “potential” penalties for non-compliance have been waived during this emergency period for good-faith use of telehealth, the law was not removed, and HIPAA compliance is still necessary.
If proper telecommuting privacy and security measures are not in place, HIPAA Privacy Rule and Security Rule violations may occur. The number of employees working from home now is expected to continue to rise.
HIPAA Compliance and Working from Home
HIPAA rules apply to covered entities employees, whether work is performed at the office or at home, or at a patient’s home. HIPAA compliance and working from home do not fit hand in glove for one simple reason: Working at home (or at a patient’s house) can put patients’ “protected health information (PHI) at risk, consequently presenting HIPAA Privacy Rules concerns and HIPAA Security Rule concerns. Therefore, establishing HIPAA guidelines for employees is important.
Fortunately, these concerns can be addressed systematically, by taking specific measures with respect to specific work from home guidelines and requirements.
Employers can, for example, take steps to ensure IT security, such as the following:
- Encrypt home wireless router traffic.
- Change default passwords for wireless routers from the existing passwords.
- Ensure all devices that access your network are properly configured (i.e., are encrypted, with password, firewall, and antivirus protection).
- Encrypt all PHI before it is transmitted.
- Require employee use of a VPN when employees remotely access the company Intranet.
The HIPAA guidelines for working at home have additional steps that employers can take:
- Develop policies and procedures prohibiting employees from allowing friends and family from using devices that contain PHI. (e.g. laptops, cell phones, etc used to store or transmit ePHI)
- Have employees sign a Confidentiality Agreement before they begin work.
- Provide lockable file cabinets or safes for employees who store hard copy (paper) PHI in their home offices.
- Provide HIPAA-compliant shredders for remote workers so these workers can destroy paper PHI at their work location once the PHI is no longer needed.
- Develop and require adherence (through a sanctions policy) to a media sanitization policy. (limit external media connections on work routers)
- Ensure employees …….