Are Your Remote Employees Following HIPAA Compliance?

Remote work has become the new normal for many industries, healthcare included. But are your employees following HIPAA compliance?

Other departments provide services to patients outside of the first responders, medical practitioners, or healthcare facilities treating patients. These employees routinely have access to personal health information (PHI). They are working to ensure that any follow-up care, additional services, or even simple patient record-keeping are updated and protected following the strict HIPAA guidelines.

Keep reading for a comprehensive list of real HIPAA compliance consequences and regulations.

HIPAA VIOLATIONS IN THE REAL WORLD

New Haven, CT

In October of 2002, the City of New Haven agreed to pay HIPAA compliance violations up to $200,000 for a failure to terminate network access and credentials of a former employee. The investigation found that an employee could log into their account eight days after termination and access patient personal information. Worse still, this employee shared their login and password information with an intern who was routinely using it to access patient data.

Aetna

In October 2020, Aetna agreed to $1 million in HIPAA violations after determining that plan-related documents were accessible without login credentials and subsequently made searchable by various internet search engines, affecting 5,002 people. Other examples of HIPAA violations include stolen devices, social media posts, and video commentary, as well as delays in practitioners providing their patients with medical records. While these instances may seem few and far between, HIPAA violations are at a higher risk of happening now, while more employees work from home than ever before.

 

HOW TO REMAIN COMPLIANT WHEN WORKING FROM HOME

Administrators, now more than ever, need to remain vigilant against HIPAA compliance violations and how easily these can happen while so many employees are working from home. Listed below are vital considerations that administrators and I.T. teams should make moving forward.

MAKE VPN MANDATORY

Virtual private networks, or VPNs, extend the same protections and policies that employees receive in the office to the home when properly connected. Using VPN connectivity can create a shield around incoming and outgoing traffic from remote devices, keeping all communications encrypted and secure.

MAINTAIN COMPLETE NETWORK ACTIVITY REPORTS

ENFORCE CLEAN PASSWORD HYGIENE

With employees working from home and in constant contact with sensitive personal information, keeping passwords secure is paramount. Therefore, your remote employees should change their home network passwords monthly. Combinations of characters, symbols, and numbers do the best job of protecting your cybersecurity. Your employees should check the following points of entry at least once a month:

DEPLOY MULTI-FACTOR AUTHENTICATION

MFA, or sometimes known as two-factor authentication (2FA), can add a defense layer to any login or credentialed-access portal. This additional authentication asks for either a text message, secondary email, or another form of access confirmation. Most times, hackers cannot exploit this vulnerability. Aside from another layer of authentication, this can also be the first warning that someone is trying to brute force access. If you receive an email asking for an access code, it could be a sign of a phishing attempt.

Most importantly, the top priority for healthcare workers is patient confidentiality. This health also extends to patient data and keeps information that could harm patients’ future safe and secure today. Work with network administrators to create a robust and comprehensive WFH policy. This method ensures that patient data is safe so employees can focus on giving their patients the best services possible.

SOURCES