Path Forward BlogWorking at Home and HIPAA
5 Tips for Keeping Data Protected
COVID-19 has changed the way we live and work, with many of us balancing remote work with time in the traditional office. Remember that HIPAA and other regulations still apply. Here are five fundamentals for protecting yourself—and your patients—when you’re working at home.
These are geared for our colleagues in the healthcare industry, but we believe that the principles apply to anyone working online.
1. Check with your IT department first.
If you’re on a company-owned device, don’t download or install software without checking with IT first.
Take extra care when you see notifications for system updates. A serious attack earlier this year pretended to be a Microsoft Office 365 update and tricked users around the world into giving up their login credentials with a fake update warning. Training is available to help detect phishing attacks like this.
The best idea is to always check with your IT team before you update. IT departments can put measures in place that restrict some downloads and help protect the company.
If you’re on the IT team, consider how you communicate your patch and update schedule to end-users. Do they know what to do if they get a notification, whether that notification is real or malicious?
2. Public WiFi is NOT secure.
Avoid WiFi that you would get at an airport, hotel, or restaurant — these locations are notorious for security issues. Hackers can use simple devices to intercept anything you send over a compromised network.
Never access PHI, including medical records, over a public or other unsecured WiFi. Period. Don’t use unsecured WiFi to access your online banking or anything else you need to keep safe.
Talk to your IT team about ways to stay safe and encrypted. That way, you can be confident that your personal information and sensitive work are protected.
3. Save sensitive information carefully.
Whether you’re using a company-owned device or your own device, never save any Protected Health Information on your desktop or C drive. Any data covered by HIPAA must remain secure. Don’t put yourself – or your patients—at risk.
Make sure you understand and follow your organization’s policy for storing and sharing information. It’s a good idea to check your desktop, C drive periodically, and download folder to make sure you’re in the clear.
If you’re having trouble convincing your colleagues to take this seriously, ask them to Google “doctor lost laptop.”
4. Be vigilant.
Hackers know the challenges of working remotely, and they’re taking advantage of it to attack. Healthcare is especially vulnerable because our data is valuable, and our work is critical.
This isn’t intended to scare you. Instead, it’s a reminder that we, as an industry, need to be vigilant. Your organizational risk assessment must recognize the increased threat to your people, systems, and data. When was the last time you updated your information security training materials? We offer this free downloadable Security Checklist – it’s an excellent way to confirm you have what you need in place to protect your data.
5. Ask for help.
Remember that you’re not in this alone. Reach out to your colleagues and especially the IT department when you have questions or unsure if an email is legitimate.
You can also reach out to Path Forward with questions, comments, or to brag about how you foiled a cyberattack. We look forward to hearing from you.
- Written by: Martin O’Connor, Compliance Officer, Path Forward