FOR IMMEDIATE RELEASE
Contact: Gabriela Ramirez, Communication Manager
Ensure that All Employees and Devices are HIPAA Compliant While Working Remotely
HIPAA rules and regulations are still in effect for anyone working remotely in the healthcare industry. Failure to comply with basic HIPAA regulations can result in costly fines, lengthy investigations, and loss of reputation. If the Office of Civil Rights can prove your company was negligent and careless with Protected Health Information in any way, your organization will be found in violation of HIPAA.
Integris recommends basic cybersecurity protections on all devices and users in the remote workforce. These include:
- Limiting sensitive data access only to those employees who need it to perform basic job functions
- Physically logging off and securing devices when work is done for the day, or having automatic, password protected time-outs
- End-to-End data encryption
- Updated anti-virus and firewall protections
- Disallowing the use of any unsecured Wi-Fi network
- VPN usage
- Ensure that any paper documents are stored securely or destroyed in a HIPAA compliant way
- Instant notification to the IT department when any device is lost or stolen
Icoinic IT also further recommends drafting an acceptable use policy and a HIPAA compliancy policy for all remote workers.
Integris CEO Mike Fowler explains:
“HIPAA compliance, as with many regulations, starts with having a policy in place and ensuring you follow that policy. If you don’t have a written work-from home policy, you should start there. This policy will cover many topics but just a few to consider are: Does anyone else, including your children access your computer? Is your home firewall encrypted? Have you changed the default password on your firewall? Is data encrypted between your work systems your local computer? And, is data encrypted on your local computer?”
Having policies in place, signed by your remote employees and kept in their files, is an important step in proving that your organization was not willfully negligent in storing or accessing PHI.
Failure to comply can result in stiff governmental fines, lawsuits, and in extreme circumstances, imprisonment. Healthcare organizations are urged to remain vigilant with their cybersecurity strategies and employee education as they shift to a remote workforce.
For more information and valuable resources about HIPAA compliancy, contact one of Integris’s locations at iconicit.com.