• E-mail
• Print
• RSS

Tip: Keep PHI safe when your employees work from home

Compliance Monitor, February 9, 2005

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

An employee working at home leaves her computer for a quick bathroom break. While she's away, her two-year-old son taps at the keyboard. When she returns to her desk, the two-year-old is playing on the floor. The worker goes back to her computer, unaware that the PHI on the screen may have been corrupted.

It's more difficult to keep tabs on employees who work from home. But your organization is liable for breaches caused by these employees, so you must ensure that they keep PHI and ePHI secure.

Three privacy risks from remote users

The best way to protect against these risks is to know the problem. The following are three ways privacy can be compromised when employees work from home:

• Lost or stolen data. Increasingly, healthcare professionals have numerous choices for storing PHI (i.e., laptops, PDAs, removable disk drives, memory flash cards called "pen" drives, zip drives, or CD-ROMs), but new technology brings new risk. For example, a pen drive--a device designed to be carried on a key chain--holds 100,000 patient records.
• Computer breaches. Even if your organization invests in a secure connection for your remote workers, those precautions are worthless if the employees don't protect their personal computers.
• Inadvertent viewing of PHI. Whether it's through sharing of a personal PC or by accidentally allowing a glance at PHI, remote employees open themselves up to unauthorized access.

Unauthorized viewing breaches patient privacy, but that's the lesser of the two evils in some circumstances. Patient safety is at stake if the data is manipulated without the worker's knowledge (e.g., toddler banging on the computer keys while the employee is in the bathroom). A few transposed numbers could lead to billing a patient for the wrong services or worse, giving a patient the wrong medication dose--a potentially fatal error.

Editor's note: Adapted from "Home Sweet HIPAA," Briefings on HIPAA, January 2005.

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

• E-mail to a Colleague
• Print
• RSS
• Archive