Cardiology Coding Alert


Make Sure Remote Employees Keep Info HIPAA Compliant in Your Shared Drive

Don’t forget to manage version control.

As more employees are continuing to work from home, even as the pandemic restrictions start to life, it’s apparent that remote and hybrid work isn’t going anywhere. However, with personnel working away from your physical office, you must educate yourself on how to keep shared information secure while your employees communicate back and forth with each other.

Take a look at the steps you can take to make sure your remote workers are appropriately and safely using technology during all of their communications.

Step 1: Consider a Shared Drive

A shared drive is an organization and storage system where folders and files are stored in a central network that allows access by team members on different devices. Depending on the permission settings configured for each file, team members are able to view, edit, and collaboratively work on files.

The person who creates the system can designate an individual as a manager, and that person can organize files into folders, make sure the appropriate team members have the access they need (or don’t need), and add or delete information, as necessary.

“A shared drive is a resource available for anyone who needs it, regardless of location. It can be updated in real time, so no one is ever using outdated resources,” says Christine Speroni, CPC, administrative office manager at a practice in Ronkonkoma, New York.

Options: Large companies offer different shared drive options; you may have heard of Google Drive, Sharepoint, OneDrive, and Dropbox. There are also smaller companies that offer more niche products (and more hands-on tech support).

Step 2: Decide How Your Employees Will Use the Shared Drive

A shared drive can be the perfect way to connect team members and keep them up to date with the information they need without overwhelming them with email. This can include reference materials and other files that don’t involve protected health information (PHI).

For instance: If you work with remote coders, think of a shared drive as an ideal place to keep cheat sheets, tips, lists of most-used codes, or notes that you want people to have while working.

For employees involved in any external-facing writing, consider adding a “house style” document to your shared drive so everyone knows which persnickety grammar or punctuation or formatting guidelines to keep consistent across the team. You can also add preferred office email signatures, practice-logo video meeting backgrounds, and other resources that help maintain a sense of consistent professionalism, regardless of whether a team member is physically in the office.

Continuing education: You might also add a folder for educational materials. If your practice uses continuing education, you may have electronic resources hosted on specialized websites or platforms or through professional associations, but “back to basics” kind of stuff may be well-suited to an always accessible folder on a shared drive.

Manage version control: Because files on a shared drive may be editable, you need to ensure that you have backups of original files and changes, as well as a way to document current version status. Use the following tips to ensure accurate, timely information on your shared drive:

  • Assign editing access only to appropriate individuals
  • Keep editable files labeled with the most recent revision date
  • Educate staff that changes to shared files are global for all users
  • Encourage staff to download files to their personal computers if they want to make personal edits or notes
  • Create a backup system, including storage of originals and updates at a separate secure location.

Step 3: Always Stay Compliant With HIPAA

If your practice intends to use a shared drive for any files that include PHI, you need to make sure that you use a system that is HIPAA compliant.

For instance: Cardiology practices might want to host patient PHI such as imaging results on their drive to make it easier for team members to review or reference diagnostic tests and share the data to enhance patient outcomes.

“A major theme in the current healthcare environment is the use of information systems and technologies to enhance the quality and safety of patient care,” says Gabriela Mustata Wilson, PhD, MSc, FHIMSS, SNAI, co-director at the Multi-Interprofessional Center for Health Informatics, professor of kinesiology at the College of Nursing and Health Innovation, The University of Texas at Arlington.

Although cybersecurity is a priority for setting up and facilitating any shared drive, that’s especially true if you plan to host PHI on the drive. You’ll need to use only a HIPAA-compliant shared drive if you’re using the drive in this manner.

BAA: Remember, if you need a shared drive that is HIPAA-compliant, you also need the hosting service to sign a business associate agreement (BAA) contract.

Other Articles in this issue of

Cardiology Coding Alert

View All