As social distancing and stay-at-home orders extend, so do our remote working options and practices. Healthcare providers have moved to providing care through online telehealth services, and insurance providers are following suit. Many of these entities already have HIPAA-compliant technologies and infrastructure in place. Law firms and other organizations that work with personal health information (PHI) and medical records also need to be sure they’re working to follow HIPAA guidelines as they move to remote work.
Realistically, you probably never envisioned yourself working full-time from home for an extended time, as you are now. It’s not feasible to put yourself or your whole household through rigorous HIPAA-compliance training at this point. Even the HHS secretary has relaxed some of the HIPAA statutes during the current emergency, but you still want to do what you can to safeguard client data.
At The Records Company, we have built HIPAA compliance into every part of our remote model, as client security is our priority, always. It’s important to us that you have the tools you need to keep your records and sensitive data secure after we deliver. If you’re not sure whether your remote model is HIPAA compliant, or if you just want to run a quick checkup on your existing compliance measures, the resources below should help point you in the right direction.
HIPAA Secure Technology
One of the first measures you’ll want to take toward preserving client and patient privacy is to take a look at the technology you’re using. When you’re transferring and storing electronic PHI, the data must be encrypted during transfer and “at rest.” Full and consistent encryption means that even if the data gets breached, it can’t be read or used. You also want to be sure your service provider has no claim to the data, so the transfer process should be secure and direct. This is why The Records Company uses a secure portal for direct access to records and data instead of, for example, sending records to you in a Gmail attachment. This is also why we allow multiple users to access records through a single account. All the members of your remote team can access the data they need directly and securely through our portal, so you don’t need to attach sensitive data to a Gmail either.
Another pressing concern for privacy right now is your remote conferencing platform. Most of us working from home are using some kind of video conferencing application to touch base with colleagues and clients, but they aren’t all created equal. Everyone seems to be using Zoom, for example, and for good reason. It’s easy to access and easy to use. You can get a meeting together in minutes. Unfortunately, that ease of use has also become a weakness. News reports abound with stories of hackers breaking into Zoom meetings from middle schools, to state senates, to the NFL. If you’re talking about sensitive data, Zoom may not be your best bet.
Zoom does have a far more secure version for use in healthcare, but it runs $200 a month to use, which may be out of reach for smaller organizations. There are several other options that offer affordability and security, though. In this case, a little research will go a long way toward balancing privacy with pricing.
HIPAA Secure People
A vital component of HIPAA compliance is keeping sensitive medical data quiet. If you live with other people, and you’re working from home, you can take some steps to keep PHI private, even from the people you live with. Sure, it’s unlikely your five-year-old will share an overheard discussion about a client’s prognosis, but why take chances? Keeping privacy at the forefront of your routine now will also help you maintain vigilance when you do return to your normal office setting.
If you have space for a designated, private home office space, your solution is pretty simple. Keep doors closed and records in a secure location. If you share your office space with a spouse or housemate, designating a schedule for use of that space might be a solution. If you don’t have a designated home office space and find yourself working from, say, a dining room table, you may need to hold a family meeting to set up some parameters for keeping your conversations, online conferences, and documents as private and secure as possible.
Planning and awareness will go a long way in fulfilling your obligations to your clients’ privacy and allow you to transfer the best practices you’ve been following at work into your remote environment. If you have additional questions about how to approach remote security, you can always contact us. We’re experts in HIPAA compliance, and we’re here for you.