Whether a change in your business structure came about from the pandemic, or it just makes more sense for your team, remote work is the norm for many more professionals today than it was in years past.
If you’re in healthcare, this means that you need to factor in the HIPAA component as well as cybersecurity to protect you, the business, and your patients.
How to Offset Risk
Unfortunately, you can’t totally eliminate the risk that cybercrime presents. However, you can mitigate the level of threat with several actions that should be standard practice for you and your team. One of those would be to require the use of a VPN. A Virtual Private Network (VPN) provides access to the company intranet by using encryption over the public network or internet. It will mask your IP Address, hide your identity, and provide anonymous internet browsing.
Additionally, requiring that multi-factor authentication (MFA) is used on all logins and platforms will help reduce the risk of compromise. MFA is when you are required to authenticate your login in multiple ways. For example, after you enter your username and password, you must then validate with a text code from your mobile phone. This provides double the security as well as an alert to the user that their credentials are being used.
All hardware that employees use should be provided by the business. BYOD or bring your own device provides security risks and gaps that can’t be monitored and addressed. The business-provided hardware should also be monitored and updated with only approved software or additional components. Your IT department should be aware of all changes that a user makes to a device. If you are using hardware and are alerted to outdated firewall or antivirus software, alert your IT department.
Password protection should be active on all devices, including mobile phones, tablets, and all laptops or desktops. Working remotely means that you are often in environments that allow for other people to see your device, and therefore see PHI. With that in mind, do not have phone conversations that discuss PHI in a location where other people can hear. Do not send PHI in an email unless encryption protocols are in place.
Cybersecurity and HIPAA
Healthcare businesses are in a unique situation where they must remain compliant with HIPAA guidelines and enact strict cybersecurity standards. Many make a mistake and assume that being HIPAA compliant also means that those standards are up to par to protect them from a breach. They must go hand in hand, but they also need to be addressed separately.
If you would like to make sure that your business is doing everything to protect both the business and the patient data that it oversees, HIPAA Secure Now can help. We offer programs that will identify HIPAA compliance and security gaps and then assist you with remedying any found issues to keep you and your patients secure.