Welcome to a crash course in telemedicine. In a matter of days, we’ve gone from a fully functioning world to millions of people confined to their homes.
But the world doesn’t stop just because we’re stuck indoors. Patients still need medical advice. Work is still there waiting to be completed. And chances are, you and your team are now working from home.
Unexpected? Yes. Secure? Well …
You might have struggled to put the pieces together to ensure every team member had adequate equipment to work from home. But what about the patients you call?
Are you staying within HIPAA guidelines every time you connect?
While you’ve probably ensured your office space is properly secured for dealing with sensitive information, your house may not be secure. Do you have an Amazon Echo or a Google Home nearby? Do you use Ring? Do you have a baby monitor sitting on your desk?
If so, someone else could be listening in while you’re handling private health information while speaking to patients or colleagues.
If you haven’t given any of this a thought before, don’t worry about the past. The important thing is to move forward and create a policy now to ensure your entire staff is doing the right thing for keeping your information safe while working from home.
There’s a lot to think about. Use the following checklist as your guide as you start to develop a new plan.
Your first step is to create a list that includes every employee who is currently accessing your information.
Then create a detailed list of the information they have access to. Ensure they only have access to what they need to get the job done.
The next step is to work with every employee to find out what equipment they are using.
- A list of what equipment they are using - hardware, software, and devices
- The type of encryption used for wireless router traffic
- Password requirements for the wireless router used
- Guidelines for using company-issued equipment - it’s not okay for family members to use devices with sensitive information on it.
- Requirements for firewalls, anti-virus programs, and other security protection systems
- Requirements for VPN use when accessing sensitive data
Use this list to create guidelines for what they should be using. What can you do to tighten up security and get them the proper tools?
While your IT department should be in charge of ensuring all devices and online access is secure, there’s more to patient security than tightening up your computer access. Consider how you’ll handle each of these situations:
- Have a Bring Your Own Device (BYOD) policy in place
- Do employees need shredders after working with sensitive documents?
- How will employees store PHI hard copy documentation while they are working at home?
- How will people logout of systems when they are done for the day? Equipment may be in vulnerable places, such as on dining room tables or in a nook in a bedroom.
- Have employees keep a log of the data they handle each day and review it periodically
- Set up guidelines for reviewing access activity and changing requirements as needed
- Have guidelines for what is considered an employee violation and how the situation will be handled.
We’re living in difficult times. But no matter what’s happening in the world, HIPAA guidelines don’t disappear just because we face challenging situations. Security is and always will be everything. If you're not thinking about it, you’re leaving your data to chance. Start the process of securing it now.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.