You can protect your patients' PHI in an unsecure environment
It seems harmless: some at-home coding here, a little catching up on data entry from home there - and then WHAM! You're facing a security breach. Don't wait for a disaster to strike. Use these tips to help your employees secure PHI in their homes.
For employees who rarely work from home, design a procedure that requires them to go through special channels for permission, Ensenbach suggests. That way, you can ensure they are aware of special security precautions that they must take when PHI is removed from the controlled environment of your office, he tells Eli.
You also need a policy as to when it's OK to remove PHI from the office, Nahra says. Strategy: Design a procedure so that employees must sign out laptops for temporary home use. On the sign-out sheet, add a disclaimer that lists your staff's responsibilities and obligations to protect PHI at home. Bonus: You can use these sign-out sheets to track the flow of PCs and PHI in and out of your office.
It's too risky to do work on the family PC because there's always the chance PHI could accidentally be stored on the hard drive. "Once PHI is on the home computer, who knows who could see it," Ensenbach stresses.
If you cannot afford to supply equipment for your staffers to use at home, coach them never to store patients' information in their homes on a long-term basis, Nahra says. Example: "If you bring home reports, you should take them back; if you review something on your computer, you must ensure it's not saved to your hard drive," he offers.
But you don't have to buy a firewall for each employee working at home, explains Lee Kelly, a senior security consultant with Fortrex Technologies in Frederick, MD. Most PCs come with a built-in firewall that you can configure to protect information without shutting down the flow of operations, he says.
There are several ways to avoid this type of violation, Ensenbach says. Here are some easy methods:
The Bottom Line: While you may choose to ban workers from leaving with PHI, "some small practices can't afford not to let employees work from home," Ensenbach notes. With strong policies and procedures, PHI at home won't spell disaster for your facility, he adds.