As medical practices and hospitals pivot due to COVID-19, many workers are being asked to work remotely for the first time. In turn, scammers have been taking note and have attempted to exploit the situation by increasingly targeting the healthcare industry. Recently, hackers published more than 24,000 email addresses and passwords allegedly belonging to the World Health Organization, the National Institutes of Health, and the Gates Foundation. In addition, the American Hospital Association noted an individual has been posing as an Office of Civil Rights investigator in order to obtain private health information.
For medical records staff who work with protected health information (PHI) every day and must adhere to HIPAA requirements, the impact of a breach is potentially devastating. While it may be scary to think about how a cyberattack could harm those served by a healthcare organization, there are several ways to ensure medical records personnel are set up to work securely from home.
First, medical records team members should choose a workspace in a secure area where others are not able to view their monitor. A room with a door is ideal. Staff should never write down PHI or any passwords, and passwords should not be kept near the computer. Instead, opt for a digital password storage platform to secure and manage passwords.
Just as you would at the office, lock your machine any time you step away from your desk, especially if children or others are in the home and may be able to view your monitor. If possible, do not allow others to use your computer. If this is unavoidable, set up a limited access account for any other users in your household instead of letting them sign on with the same user account that is used for work. Staff should also follow any specific instructions from their employer regarding compliance and security best practices, such as setting up two-factor authentication for company accounts.
Protect your wireless network at home by using a strong password, including a combination of upper and lowercase letters, numbers, and symbols. Videoconferencing is becoming increasingly popular as social distancing safety measures have caused many to begin working from home. Anyone handling PHI should ensure Zoom, FaceTime, GoToMeeting, and any other video call platforms used do not show patient information, whether in the background of the call or via accidental screen share.
Reboot your PC at least once each week. If an antivirus program is installed on your PC, consistently run those scans. Freeware options exist to scan your computer for malware and spyware, available to download and run at no cost. If you have any hesitation about using your home computer due to a potential virus, do not use it. Contact your organization’s help desk for assistance.
While working from home may be a new frontier for many medical records staff, by following the guidelines above and adhering to your organization’s best practices, you can help maintain security and HIPAA compliance.