Are Your Remote Employees Following HIPAA Compliance?

Cinch I.T. > Tech Blog  > Are Your Remote Employees Following HIPAA Compliance?
Are Your Remote Employees Following HIPAA Compliance? Medical professional discusses health insurance data on clipboard with patient.

Are Your Remote Employees Following HIPAA Compliance?

Remote work has become the new normal for many industries, healthcare included. But are your employees following HIPAA compliance?

Other departments provide services to patients outside of the first responders, medical practitioners, or healthcare facilities treating patients. These employees routinely have access to personal health information (PHI). They are working to ensure that any follow-up care, additional services, or even simple patient record-keeping are updated and protected following the strict HIPAA guidelines.

Keep reading for a comprehensive list of real HIPAA compliance consequences and regulations.


New Haven, CT

In October of 2002, the City of New Haven agreed to pay HIPAA compliance violations up to $200,000 for a failure to terminate network access and credentials of a former employee. The investigation found that an employee could log into their account eight days after termination and access patient personal information. Worse still, this employee shared their login and password information with an intern who was routinely using it to access patient data.


In October 2020, Aetna agreed to $1 million in HIPAA violations after determining that plan-related documents were accessible without login credentials and subsequently made searchable by various internet search engines, affecting 5,002 people. Other examples of HIPAA violations include stolen devices, social media posts, and video commentary, as well as delays in practitioners providing their patients with medical records. While these instances may seem few and far between, HIPAA violations are at a higher risk of happening now, while more employees work from home than ever before.



Administrators, now more than ever, need to remain vigilant against HIPAA compliance violations and how easily these can happen while so many employees are working from home. Listed below are vital considerations that administrators and I.T. teams should make moving forward.


Virtual private networks, or VPNs, extend the same protections and policies that employees receive in the office to the home when properly connected. Using VPN connectivity can create a shield around incoming and outgoing traffic from remote devices, keeping all communications encrypted and secure.


Network administrators should keep an updated list of every employee working from home, devices attributed to them, and the level of network access each person has. This detailed level, paired with network activity reports, can help notice suspicious activity and close the loop when employees leave any organization.


Keeping employees informed about what phishing emails, suspicious links, or other overall cybersecurity policies are in place will go a long way during this time. As employees continue to adapt, work from home, and serve patients in need, they may often overlook glaring red flags in emails with malicious intentions. Train employees to notice suspicious activity and report it to the proper channels before it becomes an out of control cyber attack.


With employees working from home and in constant contact with sensitive personal information, keeping passwords secure is paramount. Therefore, your remote employees should change their home network passwords monthly. Combinations of characters, symbols, and numbers do the best job of protecting your cybersecurity. Your employees should check the following points of entry at least once a month:

  • home network passwords
  • login credentials
  • laptop passwords
  • other password-specific applications



MFA, or sometimes known as two-factor authentication (2FA), can add a defense layer to any login or credentialed-access portal. This additional authentication asks for either a text message, secondary email, or another form of access confirmation. Most times, hackers cannot exploit this vulnerability. Aside from another layer of authentication, this can also be the first warning that someone is trying to brute force access. If you receive an email asking for an access code, it could be a sign of a phishing attempt.

Most importantly, the top priority for healthcare workers is patient confidentiality. This health also extends to patient data and keeps information that could harm patients’ future safe and secure today. Work with network administrators to create a robust and comprehensive WFH policy. This method ensures that patient data is safe so employees can focus on giving their patients the best services possible.


Stay Socially Connected

Connect with Cinch I.T. on FacebookTwitterLinkedIn, and Instagram with the hashtag #cinchit.

About Cinch I.T.

Since 2004, Cinch I.T. has been providing customer-focused I.T. services for businesses of all sizes. Every element of our computer support offers the fastest and friendliest service in the industry. Cinch is also one of the nation’s fastest-growing I.T. support franchises with 7 locations and counting. To learn more, visit For more information about I.T. franchise opportunities, visit

Click here to find your nearest local Cinch I.T. office: