As the nation continues to respond to the COVID-19 pandemic, it is important that we work together to help facilitate the effort to contain and prevent. An integral part of this effort is requiring staff to work remotely, this includes compliance professionals. At HIPAAtrek, we understand that this can be difficult; however, it is important that we take the threat seriously and do our parts to flatten the curve of the COVID-19 pandemic.
One of your first considerations is to ensure that all employees understand the same privacy and security standards apply when working from home. This presents a unique and unprecedented situation for compliance teams across the country. Issues requiring immediate attention include:
- Bring Your Own Device (BYOD) – It is highly probable that many of your employees have never worked remotely before. It is also likely the facility does not have enough workstations to facilitate working from home. Requiring employees to use their own workstations is acceptable; however, it is imperative that you create and follow a BYOD policy. If you need a policy, please contact us. We can send you a template to help you get this started.
- Employee training on patient privacy requirements while working remotely – Special training should be provided to ensure the employee understands the unique challenges to patient privacy while working from home. This should include:
- Protecting patient privacy from family members, roommates, or other individuals in the home or remote working location;
- Ensuring proper internet protocols. This includes not using public WIFI or leaving workstations logged into WIFI when they are not in use.
- Minimum Necessary Rule – An additional compliance requirement will be to ensure your remote employees maintain the minimum necessary requirement. Employees will need to set up their work environment to ensure members of their household or visitors do not have access to any patient information.
The OCR has made it easier for healthcare facilities to manage their HIPAA compliance programs during this time by announcing a limited waiver to the Privacy Rule and by allowing for non-HIPAA compliant communications to facilitate telehealth visits. Even with these waivers on penalties, it is important that patient privacy be upheld whenever possible. These are limited waivers and largely apply to the Privacy Rule. When training your employees on their role in compliance while working remotely, make sure they understand these waivers and that they have a point of contact within your organization to ask compliance questions.
If you have any questions, please do not hesitate to reach out. HIPAAtrek is here to help support you during this challenging time.