How healthcare workers can stay HIPAA compliant from home
The arrival of COVID-19 has brought a number of challenges, particularly within the medical community. Doctors, nurses, and medical administrators not only have to try to keep up while working in crowded hospitals, but they must also protect their own safety by following social distancing protocols when necessary. To keep up with these rapidly changing times, many medical institutions are sending their employees home to work remotely.
In addition to administrative professionals and medical billers, this healthcare workforce includes many doctors and nurses who stay at home and help patients through telehealth platforms. Flexibility in healthcare is important for those in need, but it also creates a fair share of risks. Often times, when employees work away from the office, they forget about security logs and thus can inadvertently breach confidentiality policies.
But it doesn’t all have to be doom and darkness. Instead, organizations and healthcare professionals can do their part to help comply with regulations and protect their patients by implementing appropriate safety procedures.
HIPAA and data security
Any person who works in the health care sector must know and obey the terms and conditions set out in the Health Insurance Portability and Accountability Act 1996 (HIPAA). Essentially, this law protects patients by preventing the unlawful disclosure of their personal information without their consent. In addition to the standard HIPAA law, there is also the HIPAA security rule, according to which companies in the medical field must take all necessary precautions to prevent cybercrime or the unlawful disclosure of patient data.
If a doctor even unknowingly breaks HIPAA law, it can create problems for the facility and the patient. The minimum penalty for a doctor with a HIPAA violation is $ 50,000, plus any criminal penalties and possible jail sentences if this is found to be an abuse of power. The punishment is so severe because information that is not protected can be stolen by cyber thieves and used for malicious purposes. Even simple information like names and email addresses can be used to send phishing emails. If a hacker gets access to a social security number, he can use it to take out large loans on behalf of the patient that could put him in serious debt.
While adhering to HIPAA guidelines is essential every day, the risks are even greater in 2020 and the COVID-19 pandemic. Hackers are well aware that patients are flooding hospitals and attending telemedicine sessions, and they target medical facilities due to the growing pool of potential victims. What makes this situation worse is that many key businesses and healthcare providers are now working from home, and hackers understand that their home networks are typically less secure than those in the office. Because of the risks, health organizations and their employees must do their part to keep patient data as secure as possible.
What the organization can do
While every doctor, nurse, and health worker must do their part to maintain patient safety, the organization they work for bears greater responsibility for preparing the stage. The IT team in the office needs to take the time to learn about the current cybersecurity climate and to communicate regularly with employees to inform them about potential threats and how to protect their systems.
All devices used by medical staff should be approved by IT before being put into operation and their systems monitored regularly. Even if a personal tablet or computer has been approved, organizations should educate the team about the risks of public use. Employees should be warned to never leave devices unattended and to avoid using unsecured WiFi, as hackers use man-in-the-middle attacks to create fake accounts that look authentic in the hope that users will unknowingly get one Establish connection. In this case, the hacker has instant access to his system.
With Telehealth experiencing a huge boom in these days of home ordering and social distancing, health organizations need to make sure that this route is safe. Recently, the Civil Rights Office has given medical organizations some leeway by allowing them to use public platforms such as Zoom to conduct telemedicine sessions. However, hackers can still access video conferencing software and use the information shared during these “private” sessions for malicious purposes. To minimize this risk, healthcare organizations should use the correct version of video software and obtain the correct license. An example of an approved program is Zoom for Healthcare that has been made HIPAA compliant.
What the individual can do
While working from home, healthcare workers need to know exactly how to secure their devices. One tactic hackers use is the brute force attack, a program in their arsenal that spams your accounts with potential passwords in hopes of guessing the correct answer. Since you never want to lose patient data due to a weak password, make sure your data has a hard-to-guess combination of uppercase and lowercase letters, numbers, and special characters. You should update this password every few months and never share your login information with anyone.
For additional protection, healthcare organizations should encourage their employees to use multi-factor authentication, which is a second security measure alongside the password. This can be a biometric measurement like a fingerprint or a code provided by a key fob that changes every minute. Corporate headquarters should also be aware of employee turnover, and any employee who is no longer employed should have access withdrawn upon termination.
Finally, security agencies recommend that all remote workers be connected to a virtual private network (VPN). This program automatically encrypts all data that gets into your system and prevents hackers from using it if they gain access. A VPN can only stay secure if it is constantly maintained and updated as new versions and patches become available. Therefore, IT has to keep an eye on this process.
2020 was a challenge for all of us, especially for our healthcare workers. However, patient safety remains a priority. Organizations should take a moment to implement these steps so that staff and patients can remain protected.