Given the dynamic effect of COVID-19, data transmission to home-based employees could be the wrong framework, Tayi says. Instead, it may be useful to manage a centralized and unique database to which access is provided. This approach allows for strong security handling around the data, but allows smooth access where possible. ”In the past, I can say that compliance is not flexible based on the location of the staff. It is perfectly reasonable to expect the same level of security for remote employees as for employees on company land,” he explains. There have been several examples in recent years where health care providers have been financially held to account by people at a distance because of the loss of PHI [protected health information]. On the technology side, companies should ask remote employees to use a VPN to access the company`s infrastructure when working remotely. Also be sure to encrypt the network of wireless routers at home with secure (non-standard) passwords. Businesses are best placed to control access by exposing remote employees who access PHI, a company-specific device that is encrypted and password-protected. ”Health care professionals should follow the same best it security practices as they do in the office to minimize the risk of potential privacy breaches,” he says. ”Health organizations can improve their ability to protect POs in a remote work environment by focusing on two key areas.
First, make sure that employees who access PHI connect to a secure network when accessing internal systems containing patient data. Second, make sure they don`t transfer PHI to personal devices or personal email accounts. In addition to system-based tools, it can be beneficial to send reminders to people working remotely on how to secure workspaces and data, he says. Memories can take the form of informative moments or short pieces to apply office procedures to a home environment. compliancy-group.com/hipaa-compliance-working-from-home/ counterparties: any individual or legal person (less than the staff of a covered entity) who performs duties or activities on behalf of a covered entity or who provides certain services involving the creation, receipt, maintenance or transmission of protected health information. A counterparty from an insured company (including a subcontractor) may provide information that is authorized by the data protection rule, for example. B to a public health authority on behalf of an insured company or other counterparty, to the extent that this has been approved by its counterparty agreement. If employees register with company servers at home, they can endanger business security by using weak pc passwords, unsecured DOMESTIC wi-fi routers, or virus transmission. Experts warn that malware can easily jump from an employee`s compromised PC into a connected desktop network.
Compliance documents should focus on policies that prohibit the use of company-issued equipment for non-company-related work and prevent non-employees from using company-issued personal devices or devices that link to business networks. Also stress the importance of properly backing up PHI-sensitive printed documents and disconnecting all systems at the end of the work. Remote employees are not exempt from the implementation of HIPAA rules. It is in your best interest to define all remote staff policies and ensure that all signed documents relating to remote work are up to date, signed and stored safely. If you`re doing these steps, make sure you`re compliant, call HHS! According to Trulove, employees should use the company`s devices and applications that are sanctioned only by information technology