Hybrid work is likely here to say, and, as Sheila Limmroth, privacy specialist at DCH Health System, and the author of the chapter Hybrid Work Environment in the Complete Healthcare Compliance Manual observes in this podcast, it’s up to compliance teams to manage the risks, many of which, even at this stage of the current era, aren’t always recognized.
For example, we’re all familiar with the need to secure electronic PHI, but if your employees have printers at home, are they permitted to print out any data? If so, do they have shredders or some other way to destroy the document? Are employees even trained to destroy it?
One other consideration: is Alexa listening in on what they are saying?
These are but two examples that point to the need to think through all the implications of having a hybrid workforce, even after two years of remote working.
So, what should compliance team be doing? Education is essential so that employees understand that certain behaviors are risky:
- Talking on your cell about a patient while sitting in Starbucks is not a good idea.
- Phishing remains a substantial risk in the home office as it is in the workplace.
- The router needs to be secured with a password other than the default one that comes out of the box.
At the same time there’s a need to also recognize the new challenges inside the facility. When it comes to telehealth, not all videoconferencing software is created equal. The platform must be HIPAA compliant. Even for video conference calls it’s probably a good idea to issues PINs to the attendees.
The bottom line is it’s time to revisit your organization’s risks and policies to determine what works and what doesn’t as more employees return to the office while many remain at home.
Listen in to learn more, and be sure to check out the Complete Healthcare Compliance Manual.