Ensuring HIPAA compliance with employees working from home will require a systematic approach. Robert K. Neiman, JD, principal with Much Shelist in Chicago, offers seven steps for better compliance:
- Hold a Zoom call for all employees reminding them of the company’s HIPPA policy and their obligations. Ensure the policy states employees working remotely and accessing protected health information (PHI) use company-owned, encrypted, password-protected, and VPN-equipped devices. Prohibit employees from using personal devices to store or access PHI. Direct all employees accessing PHI remotely to e-sign their understanding and agreement.
- Allow employees to access only the PHI they need to handle their job. Limit access accordingly.
- Prohibit any use of the company-owned device by any third party, including friends and family.
- Make sure employees’ passwords for their company device and wireless router are sufficient. They should be long and complicated enough, using a combination of letters, numbers, and symbols, to minimize the risk of hacking.
- Limit PHI printing. If any employee must print any documents containing PHI, then require he or she shred printed documents before disposing them.
- Require employees working remotely to disconnect from the company system when their work is finished for the day.
- Prohibit employees from leaving their company device in their personal vehicles at any time to avoid the risk of device theft via a break-in.