It has always been challenging for companies and individuals to stay compliant with the privacy standards of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The pandemic has only made it even more difficult to safeguard people’s protected health information (PHI) because healthcare and insurance professionals were forced to work from home. That meant addressing the many privacy and security risks in a remote work setup.
But more than a year later, the number of people who prefer this new working arrangement has steadily increased. A recent FDU Poll showed that, even with many adults already vaccinated, more than a quarter of New Jersey employees prefer not to go back to their workplace at all. And 28% said they’d prefer to combine working at home and in their workplace.
As you implement a hybrid work setup, here are helpful tips you, your staff, and all covered entities associated with your business need to follow to ensure everyone is HIPAA-compliant.
1. Ensure that unauthorized persons cannot access PHI
It’s easy for your family members or roommates to access PHI especially if your home environment doesn’t have the privacy protections that an office space can provide.
- Establish physical barriers that will keep unauthorized people from accessing PHI. Put all forms of PHI under lock and key, or make sure your home workspace is in a room that can be locked whenever you need to step out. The more barriers you have, the less likely it is for anyone to stumble upon any PHI you’re holding.
- If your workspace at home is accessible to everyone, then put a privacy screen on your computer. Always lock your screen when stepping away from your computer, and make sure to enable password login on your device.
- Do not print any PHI unless absolutely necessary. Once you don’t need physical copies, shred them and dispose of them properly.
- When discussing PHI over the phone or during an online meeting, make sure no one overhears you.
2. Make sure your network is secure
Your internet connection at home is a potential gateway for hackers to illegally access your data. They can tap into your internet provider in order to snoop in or steal your data.
- Use a virtual private network (VPN). A VPN keeps hackers and snoops from spying on your online activities, allowing you to browse the internet safely. Make sure to regularly update your VPN.
- If your company has an IT security team in place, ask them to monitor and test your VPN.
3. Protect electronic PHI in all your devices
Aside from your internet connection, your devices can also fall prey to malicious attackers. These threat agents can send malware to your devices to eavesdrop, steal data, or hold your device for ransom.
- Install firewalls, antivirus, and other security software on all your devices.
- Always update to the latest version of all the software and security configurations of all the devices you use for your remote work.
- It’s best to password protect all your devices. However, passwords are easy to break, so it’s best to enable multifactor authentication (MFA) on all platforms you’re using. Having MFA is added security in case a hacker gets hold of your passwords, as it requires a unique identifier such as a fingerprint or a one-time code to further verify user identity.
- If it’s not possible to use MFA, then make sure you use strong passwords by using a password manager. A password manager can store and manage all your passwords as well as generate strong passwords for you. While web browsers have their own versions of password managers, it’s more prudent to use one of these dedicated password managers instead.
Online Computers will help you stay HIPAA-compliant
In 2019, Online Computers received the HIPAA Seal for achieving compliance with federal HIPAA standards. So trust our experts to help you and your business with your HIPAA concerns. Is your healthcare business located in and around New Jersey? Are you worried your business might fail the next HIPAA audit? Then contact us today; we’re more than ready to help you.