Remote work has become the new normal for many industries, healthcare included. But are your employees following HIPAA compliance?
Other departments provide services to patients outside of the first responders, medical practitioners, or healthcare facilities treating patients. These employees routinely have access to personal health information (PHI). They are working to ensure that any follow-up care, additional services, or even simple patient record-keeping are updated and protected following the strict HIPAA guidelines.
Keep reading for a comprehensive list of real HIPAA compliance consequences and regulations.
HIPAA VIOLATIONS IN THE REAL WORLD
New Haven, CT
In October of 2002, the City of New Haven agreed to pay HIPAA compliance violations up to $200,000 for a failure to terminate network access and credentials of a former employee. The investigation found that an employee could log into their account eight days after termination and access patient personal information. Worse still, this employee shared their login and password information with an intern who was routinely using it to access patient data.
In October 2020, Aetna agreed to $1 million in HIPAA violations after determining that plan-related documents were accessible without login credentials and subsequently made searchable by various internet search engines, affecting 5,002 people. Other examples of HIPAA violations include stolen devices, social media posts, and video commentary, as well as delays in practitioners providing their patients with medical records. While these instances may seem few and far between, HIPAA violations are at a higher risk of happening now, while more employees work from home than ever before.
HOW TO REMAIN COMPLIANT WHEN WORKING FROM HOME
Administrators, now more than ever, need to remain vigilant against HIPAA compliance violations and how easily these can happen while so many employees are working from home. Listed below are vital considerations that administrators and I.T. teams should make moving forward.
MAKE VPN MANDATORY
Virtual private networks, or VPNs, extend the same protections and policies that employees receive in the office to the home when properly connected. Using VPN connectivity can create a shield around incoming and outgoing traffic from remote devices, keeping all communications encrypted and secure.
MAINTAIN COMPLETE NETWORK ACTIVITY REPORTS
Network administrators should keep an updated list of every employee working from home, devices attributed to them, and the level of network access each person has. This detailed level, paired with network activity reports, can help notice suspicious activity and close the loop when employees leave any organization.
CONTINUOUS EMPLOYEE TRAINING
Keeping employees informed about what phishing emails, suspicious links, or other overall cybersecurity policies are in place will go a long way during this time. As employees continue to adapt, work from home, and serve patients in need, they may often overlook glaring red flags in emails with malicious intentions. Train employees to notice suspicious activity and report it to the proper channels before it becomes an out of control cyber attack.
ENFORCE CLEAN PASSWORD HYGIENE
With employees working from home and in constant contact with sensitive personal information, keeping passwords secure is paramount. Therefore, your remote employees should change their home network passwords monthly. Combinations of characters, symbols, and numbers do the best job of protecting your cybersecurity. Your employees should check the following points of entry at least once a month:
- home network passwords
- login credentials
- laptop passwords
- other password-specific applications
DEPLOY MULTI-FACTOR AUTHENTICATION
MFA, or sometimes known as two-factor authentication (2FA), can add a defense layer to any login or credentialed-access portal. This additional authentication asks for either a text message, secondary email, or another form of access confirmation. Most times, hackers cannot exploit this vulnerability. Aside from another layer of authentication, this can also be the first warning that someone is trying to brute force access. If you receive an email asking for an access code, it could be a sign of a phishing attempt.
Most importantly, the top priority for healthcare workers is patient confidentiality. This health also extends to patient data and keeps information that could harm patients’ future safe and secure today. Work with network administrators to create a robust and comprehensive WFH policy. This method ensures that patient data is safe so employees can focus on giving their patients the best services possible.
Stay Socially Connected
About Cinch I.T.
Since 2004, Cinch I.T. has been providing customer-focused I.T. services for businesses of all sizes. Every element of our computer support offers the fastest and friendliest service in the industry. Cinch is also one of the nation’s fastest-growing I.T. support franchises with 7 locations and counting. To learn more, visit cinchit.com. For more information about I.T. franchise opportunities, visit cinchfranchise.com.
Click here to find your nearest local Cinch I.T. office: