Corona Pandemic Management Telemedicine

Work From Home (WFH) Guidelines

The following guidelines are from Jeff Broudy, the CEO of PCIHIPAA

Unlike Telehealth, where OCR has announced softening of the HIPAA Rules, when working from home, healthcare providers face cyber-security and HIPAA challenges.  Below are tips to consider to help keep patient data private and secure while working from home.

  1. Review your Company’s Workstation Use Policy, specifically as it relates to remote use. If you don’t have one, establish guidelines.
  2. Determine if employees will use their own device or company devices.
  3. Document and inventory all employee devices and their access rights to sensitive information.
  4. Establish a daily communication plan between managers and staff.
  5. Do your HIPAA training and review what constitutes a data breach.
  6. Use encrypted e-mail and review all data backup procedures.
  7. Review with staff phishing email examples, and specifically Coronavirus examples.
  8. Don’t share hardware or software login and passwords.
  9. Use a Virtual Private Network (VPN) when accessing the company network remotely.
  10. For home wi-fi make sure manufacturer passwords are changed and firewalls are installed.
  11. Don’t use a public wi-fi from a laptop to access company information.
  12. Don’t save information on thumb drives or public Google Drives.
  13. Update all home computer software, operating systems, and anti-virus software.
  14. Establish IT escalation paths to assist employees and discuss home use of devices.
  15. Disallow printing of patient records at home. If absolutely necessary, obtain a HIPAA compliant shredder.
  16. Track all company mobile devices and enable wiping in case they are lost.

It’s critical when employees work from home that they understand the inherent risks and rules.  You can also have everyone review PCIHIPAA’s Fight Ransomware Page.

For more cyber security and HIPAA compliance  help click here.