How Employees Can Stay HIPAA Compliant While Working at Home During COVID-19

How Employees Can Stay HIPAA Compliant While Working at Home During COVID-19


Published: October 8th, 2020

COVID-19 has forced millions of individuals nationwide to work from their homes, enabling them to social distance and reduce the risk of virus transmission. In fact, research by Gallop found that three in five U.S. workers have been telecommuting during the coronavirus pandemic.

While telecommuting can provide many benefits, it can also pose significant challenges for healthcare organizations required to follow Health Insurance Portability and Accountability Act’s (HIPAA) rules and guidelines. There are many privacy and security concerns that organizations much address while employees are working at home, such as weak passwords on personal computers, unsecure home Wi-Fi routers and malware.

According to the U.S. Department of Homeland Security’s Cyber and Infrastructure Security Agency (CISA), cybercriminals are working hard to exploit the COVID-19 crisis by creating virus related websites and malicious software that can lock up devices and steal sensitive data. Below are 10 ways your employees can protect PHI while working remotely from home.

10 Ways to Protect PHI While Working from Home

  • Ensure employees are working from an encrypted home wireless router.
  • Make sure employees change their default passwords for wireless routers.
  • Any personal device that is being used to access PHI should be encrypted and password protected.
  • Make sure all devices that access your network are properly configured (i.e., encrypted, with a password, firewall and antivirus protection).
  • Employees should use extreme caution when visiting websites or clicking on suspicious links, apps and attachments.
  • Ensure the use of a VPN for remote access to your organization’s intranet.
  • Make sure employees safeguard any devices containing PHI from family members or friends.
  • Use a lockable file cabinet or safe to store hard copy PHI in your home offices, if that is necessary.
  • Employees should shred any PHI once it is no longer needed, with a HIPAA-compliant shredder.
  • Make sure to disconnect from the company network when work is complete.

If your practice is seeking safety or HIPAA training, contact the experts at MedSafe. MedSafe is the nation’s leading one-stop resource for outsourced safety, training and health compliance solutions. We offer a wide variety of on-site and online training courses, including Occupational Safety and Health Administration Safety, Corporate Compliance, HIPAA, Billing Compliance, and Harassment and Discrimination in the Workplace.

Contact us today for a free training consultation.

Toll-free: (888) MED-SAFE

www.medsafe.com