Healthcare providers must take the same physical and security measures to safeguard the PHI we are trusted within our work.
Some best practices to follow:
- Ensure your home wireless router traffic is encrypted and password protected.
- Change default passwords for wireless routers.
- Encrypt and password-protect personal devices you may use to access PHI such as cell phones and tablets.
- Computer programs containing patient information should be closed and logged out of when not in use. Lock your screens when walking away from your computer.
- Do not share sensitive PHI with others who shouldn’t have access, including co-workers and personal acquaintances.
- Only access a patient’s record if needed for work.
- Avoid printing PHI; however, if necessary, keep all PHI, such as patient paperwork, charts, and records, locked away and out of view.
- Never leave patient information out where unauthorized persons may see it.
- Minimize the ability for others to overhear patient information, for example, saying a patient’s whole name out loud within the hearing distance of others.
- Do not allow friends, family, etc., to use your devices that contain PHI.
- Limit email transmissions of PHI to only those circumstances when the information cannot be sent another way. At a minimum, use encryption tools (most businesses provide tools to send encrypted emails).
- Never share passwords between staff or family members.
- Immediately dispose of information containing PHI when no longer needed by shredding paper files.
- Use a privacy screen on your monitor(s).
Take the time to review your organization’s HIPAA Privacy and Security policies. Work with your IT department to ensure your home office is HIPAA compliant.
Reference- https://www.aapc.com/blog/50048-hipaa-compliance-for-remote-workers/