• E-mail
• Print
• RSS

Can you give me any information on working from your home, and obeying all the HIPAA rules and regulations?

HIPAA Weekly Advisor, February 24, 2004

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Question: I work at a plastic surgery office. My manager is going to be on maternity leave for a few months and needs information on HIPAA regulations for working at home. Can you give me any information on working from your home, and obeying all the HIPAA rules and regulations?

Answer: The security rule indicates that working from home requires security policies and practices--just as working in the office. But it gives no specifics. It's up to each covered entity to establish these documents based on their security risk assessment.

Security measures should address the technical setup. A typical security policy might stipulate that the telecommuter use a computer--preferably dedicated--with a virtual private network (VPN) solution, antivirus software and a firewall, assuming the computer's connected to the Internet and the office. The policy might also address the management of work papers and disks, and the computer work environment (protected from family and visitors).

As to privacy compliance, privacy policies should apply just the same at home.

Editor's note: Answered by Kate Borten, CISSP, president of The Marblehead Group, in Marblehead, MA. This is not legal advice. Be sure to consult with your facility's legal counsel for legal matters.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive