Working Remotely? Keep HIPAA Compliance Top of Mind
Whether you’ve worked in healthcare marketing for decades or only joined the ranks more recently, you’re familiar with HIPAA compliance and what it entails from a marketing perspective. But have you stopped to consider what extra precautions you need to implement when you’re working outside the office?
In the past, when most of us worked from an office setting, perhaps within the administrative part of a hospital, it was easier to ensure you were adhering to the strict practices around protected health information, or PHI.
But when the COVID-19 pandemic struck in early 2020, it revolutionized what constitutes a “workplace.” As we continue to wade our way forward in the pandemic, many of us are working at least part of the time from a remote location.
That’s not just a trend in healthcare marketing, for sure. Remote work has become the norm in many professions that primarily require sitting at a desk and using a computer. While that is likely to change for many businesses in the next few months as vaccination becomes more common, circumstances might require or allow for remote work more often in the future.
That makes it worth brushing up on how you can maintain HIPAA compliance when working in an outside space. Read on for some suggestions about how to manage remote work while keeping PHI private.
Protecting PHI in a Remote World
When you’re working from your office in a healthcare space, many precautionary measures related to HIPAA compliance are likely “baked in” to your everyday processes. So, a good portion of ensuring you remain cautious about HIPAA in a remote location is considering those measures and how to implement them at home.
It’s important to thoughtfully consider HIPAA compliance remotely in two key ways: online and offline:
Inside a hospital or other healthcare practice, you’re relying on an internal server that’s likely been put to the test, security-wise. To protect PHI, digital communications such as email need to be filtered through encryption. That’s common in a physical workplace, but less common outside of it.
If your healthcare organization requires working through a VPN, your communications are likely secure. But there are a couple other things to consider, even if you utilize a VPN: First, who are you sending email to? And second, what device are you sending email from? While PHI might be secure on your end, if you’re sharing it in an email or other type of communication, you also have to consider where you’re sending it. It’s likely that those outside your organization don’t have the same security measures in place, so for HIPAA purposes, it’s best to avoid sharing PHI through these channels.
You also need to consider the device you’re using. While you may be able to access PHI and other secure data by logging in from a personal computer or device, it doesn’t mean you should. Your devices likely are not set up with the same level of security that your work computer is.
One additional measure to ensure PHI remains private? When you walk away from your computer or other device, make sure it’s inaccessible. Part of HIPAA compliance is ensuring no one can access your device (and PHI) other than you. Put your device to sleep or shut it down and make sure it requires a password to log in.
While we often communicate digitally these days, that’s not the only way we communicate. It’s important to also consider all the other ways you may be inadvertently exposing PHI to public access.
Even when you’re talking with others inside a healthcare organization, it’s important to be cognizant of what you’re discussing from a PHI perspective. That need for caution is magnified when you’re working remotely, whether in your home or another space.
That means avoiding discussion of patient data around family, friends, and acquaintances, since even an incidental overhearing of PHI can constitute a HIPAA violation. It’s important to be thoughtful about who’s around when you’re having calls or video meetings, even if you’re at home. In a public space, whether you’re on the phone or having an in-person meeting, it’s best to avoid talking about patients altogether.
Print materials are also worth considering when you’re working remotely. If you print out any materials that contain PHI, you need to have a process in place for protecting and disposing of them. The latter is particularly important, and it may not be something you’d think about, HIPAA compliance-wise. But when you’re working in the office, it’s likely that your organization has contracted with a vendor to dispose of hard copy documents when they’re no longer necessary to maintain. The same isn’t true when you’re working from home, so think through how to handle printed documents during and after use.
As a HIPAA-compliant digital marketing agency, our team is here to help ensure your marketing efforts are both effective and secure. Ready to learn more? Contacting us is easy.