Facilitating Remote Work During the Coronavirus Pandemic

Social Distancing
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

As the nation continues to respond to the COVID-19 pandemic, it is important that we work together to help facilitate the effort to contain and prevent. An integral part of this effort is requiring staff to work remotely, this includes compliance professionals. At HIPAAtrek, we understand that this can be difficult; however, it is important that we take the threat seriously and do our parts to flatten the curve of the COVID-19 pandemic.

One of your first considerations is to ensure that all employees understand the same privacy and security standards apply when working from home. This presents a unique and unprecedented situation for compliance teams across the country. Issues requiring immediate attention include:

  1. Bring Your Own Device (BYOD) – It is highly probable that many of your employees have never worked remotely before. It is also likely the facility does not have enough workstations to facilitate working from home. Requiring employees to use their own workstations is acceptable; however, it is imperative that you create and follow a BYOD policy. If you need a policy, please contact us. We can send you a template to help you get this started.
  2. Employee training on patient privacy requirements while working remotely – Special training should be provided to ensure the employee understands the unique challenges to patient privacy while working from home. This should include:
    • Protecting patient privacy from family members, roommates, or other individuals in the home or remote working location;
    • Ensuring proper internet protocols. This includes not using public WIFI or leaving workstations logged into WIFI when they are not in use.
  3. Minimum Necessary Rule – An additional compliance requirement will be to ensure your remote employees maintain the minimum necessary requirement. Employees will need to set up their work environment to ensure members of their household or visitors do not have access to any patient information.

The OCR has made it easier for healthcare facilities to manage their HIPAA compliance programs during this time by announcing a limited waiver to the Privacy Rule and by allowing for non-HIPAA compliant communications to facilitate telehealth visits. Even with these waivers on penalties, it is important that patient privacy be upheld whenever possible. These are limited waivers and largely apply to the Privacy Rule. When training your employees on their role in compliance while working remotely, make sure they understand these waivers and that they have a point of contact within your organization to ask compliance questions.

If you have any questions, please do not hesitate to reach out. HIPAAtrek is here to help support you during this challenging time.

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Telehealth

Is the Telehealth you’ve adopted secure?

Many patients and providers who would not have normally considered telehealth as a regular way to access healthcare are now utilizing the services. Many patients are afraid to go the hospital or doctor office in fear of exposing themselves and loved ones to Covid-19. Luckily, doctors can still reach their patients and provide medical care online. After this pandemic is over, many suspect that telehealth will still be sticking around. Now may be a good time to consider how to make your telehealth services more secure.

Read More »
Double Extortion

Double Extortion-What it is and how you can prevent it

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »