Wiki Work from home and HIPAA

Create Wiki Sort by date
K

kenni727

New
Messages
3
Location
Phoenix, AZ
Best answers
0
I work as hybrid for a private practice - time split in office and working from home. The owner has recently become more concerned about HIPAA compliance and making sure we're implementing correct protocols. He's been talking with his insurance company and attorney to learn what we need but still unsure about some of it. Our understanding is that I need to work in a "private space" but we're unsure what qualifies as "private space." My work space is in an open/common office area to which my husband has access. When not working, materials, i.e. physical paperwork, are locked in a cabinet and my laptop is password protected. I rarely work when husband is home and when I do he stays out of the room. Is this sufficient? Or does my work space, in addition to the work materials/equipment, need to be inaccessible to anyone not authorized?
 
0
kenni727 said:
I work as hybrid for a private practice - time split in office and working from home. The owner has recently become more concerned about HIPAA compliance and making sure we're implementing correct protocols. He's been talking with his insurance company and attorney to learn what we need but still unsure about some of it. Our understanding is that I need to work in a "private space" but we're unsure what qualifies as "private space." My work space is in an open/common office area to which my husband has access. When not working, materials, i.e. physical paperwork, are locked in a cabinet and my laptop is password protected. I rarely work when husband is home and when I do he stays out of the room. Is this sufficient? Or does my work space, in addition to the work materials/equipment, need to be inaccessible to anyone not authorized?
Click to expand...
Sounds sufficient to me. My experience with working remote for different facilities has been the following:

* Separate workspace, preferable an office with a door that locks. If unable to have a separate office space, you must make sure that your workstation/laptop is password protected and locked when not in use.
* No printing patient PHI and if you do have to print, make sure you shred the information once complete. Or store information in a locked file cabinet.

As long as you are staying compliant, you should be fine. Does your practice have a work from home agreement or policy in place? If not, working with your compliance officer to help develop one would beneficial going forward.

I attached a copy of our facilities Remote Policy; hope this helps.
 

Attachments

  • Remote Work Policy.pdf
    873.3 KB · Views: 9
0
kenni727 said:
I work as hybrid for a private practice - time split in office and working from home. The owner has recently become more concerned about HIPAA compliance and making sure we're implementing correct protocols. He's been talking with his insurance company and attorney to learn what we need but still unsure about some of it. Our understanding is that I need to work in a "private space" but we're unsure what qualifies as "private space." My work space is in an open/common office area to which my husband has access. When not working, materials, i.e. physical paperwork, are locked in a cabinet and my laptop is password protected. I rarely work when husband is home and when I do he stays out of the room. Is this sufficient? Or does my work space, in addition to the work materials/equipment, need to be inaccessible to anyone not authorized?
Click to expand...
Hi there, your practice should perform a HIPAA risk assessment conducted with the help of an attorney or consultant who specializes in HIPAA compliance.

In the meantime:
1. Everyone who works from home should encrypt any device that contains PHI (that includes the physician :)). Encryption protects PHI in ways that a password can't. In addition, if a laptop that is just password protected goes missing that's a breach that will have to be reported and so on. If it is encrypted that's not a reportable breach.
2. Make sure your work space can't be seen by accident. For example, a person who happens to be passing your workspace shouldn't be able to see your laptop screen or any materials.
3. If you're printing anything on a home printer, don't sell sell or discard the printer without making sure the memory has been scrubbed.
 
You must log in or register to reply here.
Top