HIPAA and Remote Work
Authentication and Authorization
Facility Access Controls
Device and Media Controls
Workstation Use and Security
Security Management Process
Information Access Management
Security Awareness and Training
There are three fundamental rights.
1. The right to authorize disclosure of their health information and records.
2. The right to request and examine a copy of their health records at any time.
3. Patients have the right to request corrections to their records as needed.
The HIPAA Breach Notification Rule protects PHI by holding covered entities accountable. It also ensures that patients are notified if their personal health information has been compromised.
It is possible that a breach may occur, even when security measures are in place, and if it does, the HIPAA Breach Notification Rule specifies how covered entities should deal with it.
The HIPAA privacy and security rules do not prohibit remote access. These rules apply to the employees of a covered entity regardless of whether the work is performed in the office, or elsewhere.
However, HIPAA requires that organizations develop mechanisms to address the increasing risks of PHI data exposure. These risks include the following:
• Lost or stolen unencrypted portable devices (laptops, phones, etc.)
• Low security practices at home that can lead to the unintended exposure of PHI to family members
• Unauthorized download of electronic PHI to unauthorized or unprotected devices
• Unauthorized printing of electronic PHI
• Inadequate virus protection on a home network
• Disasters at remote sites
In order to address the HIPAA requirements, organizations can implement technological safeguards. In the absence of technological safeguards, compliance can be achieved through administrative safeguards (policies, procedures, employee education, etc.).DO A DEEP DIVE INTO OUR EBOOK: HIPAA AND REMOTE WORK
Learn more about our engagement model, or schedule a deep dive with our Tech Team who can help you audit the complexity of the challenges you are encountering.