HIPAA Compliance for Remote Workers
The laws are the same for employees and business associates working from home.
In the past 10 years, the number of employees working remotely in the United States has increased by 115 percent. And with the COVID-19 pandemic requiring many employees to work from home, that number is climbing rapidly. Many of us are suddenly finding ourselves working from home for the first time. The pandemic does not mean we are off the hook with HIPAA privacy and security requirements. On the contrary, we are just as liable as if we were working in the office.
Create a HIPAA-compliant Work Space
Although certain HIPAA sanctions are being waived during the current health crisis, that does not excuse us from mishandling patients’ protected health information (PHI). We must take the same physical and security measures to safeguard the PHI we are trusted with in our work.
Here are some best practices to follow:
- Ensure your home wireless router traffic is encrypted and password protected.
- Change default passwords for wireless routers.
- Encrypt and password protect personal devices you may use to access PHI such as cell phones and tablets.
- Computer programs containing patient information should be closed and logged out of when not in use. Lock your screens when walking away from your computer.
- Do not share sensitive PHI with others who shouldn’t have access, including co-workers and personal acquaintances.
- Only access a patient’s record if needed for work.
- Avoid printing PHI; however, if necessary, keep all PHI, such as patient paperwork, charts, and records, locked away and out of view.
- Never leave patient information out where unauthorized persons may see it.
- Minimize the ability for others to overhear patient information, for example, saying a patient’s whole name out loud within hearing distance of others.
- Do not allow friends, family, etc., to use your devices that contain PHI.
- Limit email transmissions of PHI to only those circumstances when the information cannot be sent another way. At a minimum, use encryption tools (most businesses provide tools to send encrypted emails).
- Never share passwords between staff or family members.
- Immediately dispose of information containing PHI when no longer needed by shredding paper files.
- Use a privacy screen on your monitor(s).
As coders, billers, auditors, compliance officers, managers, or other healthcare providers, it’s a blessing to live in an age of technology in which we can work from home. Take the time to review your organization’s HIPAA Privacy and Security policies. Work with your IT department to ensure your home office is HIPAA compliant. Be safe and live well.
Co-authored by Rachel Momeni, AAPC project manager in IT.