Remote work has increased due to COVID, but it poses challenges for HIPAA compliance; using a secure cloud fax service can help remote workers handle patient information while staying compliant.
Remote work has become wildly popular since the onset of the COVID pandemic in early 2020. Many workers have found working from home to be more productive, less stressful, and just as conducive to collaboration as being in the office. Employers are finding that such flexible arrangements can help them to attract and retain good workers.
Nevertheless, The concept of remote work raises several new concerns regarding patient privacy and HIPAA compliance. Employees using their personal computers or mobile devices to send, receive, or view protected health information (PHI) could be at risk of a violation. E-mail is inherently insecure, and popular file-sharing services can be risky for organizations that must comply with stringent HIPAA regulations. Fax is the most secure, of course. Nevertheless, there are important considerations for covered entities, even when it comes to secure fax technology.
In any work-from-home situation, there is a risk that PHI could inadvertently be made available to unauthorized persons. Imagine, for example, the following scenarios:
A healthcare office administrator is working from home one day and asks a member of the on-site staff to e-mail her a PDF file containing PHI. After opening the file on her home computer, she finishes, deletes the e-mail, and assumes everything is OK. A copy of that PDF may still be stored on her hard drive. Unless she deletes the contents of her cache folder, it could remain there for some time. If other people in the same household use that computer, they might have access to the PHI.
Another at-home worker chooses the much more secure option, asking that the office staff send over a document via fax. It prints to the employee’s home-office printer, but he forgets to retrieve it. Shortly after that, another member of the family prints a document, picks up the entire pile of printouts, and walks away with the PHI in hand. Neither of these scenarios describes a situation in which there is malicious intent. Nevertheless, they both constitute violations of HIPAA’s Privacy Rule. PHI was not adequately safeguarded by the covered entity.
Now let’s consider a third scenario: the remote worker asks her office staff to send a document using a secure cloud fax service. She gets an e-mail notification when the document arrives, prompting her to log into a secure web portal where she can view all of the information she needs. Nothing is stored on a local hard drive, and there is no need to shred a paper document or worry about leaving something unattended on the printer. If she ever needs to go back and review that document again, it will be there until she deletes it. Unlike our first two scenarios, though, it is stored in a HIPAA-compliant manner.
By combining the best technology with a well-defined series of procedures for handling PHI, covered entities can support remote work while remaining in full compliance with HIPAA.
Even when using the most secure technology available, HIPAA-covered entities must adhere to a set of well-defined best practices. Here are some recommended practices when using secure cloud fax from a remote office setting:
HIPAA compliance for remote workers is not very different than in a traditional workplace. However, the presence of family members, guests, contractors, or other visitors calls for special precautions to make sure that PHI remains safe from unauthorized parties.
Cloud-based fax services provide a convenient and highly secure way of sending and receiving PHI documents. As a leading provider of HIPAA-compliant fax services, WestFax has seen a dramatic surge in interest from healthcare providers seeking convenience and ease of use while needing to maintain the highest standards for security. We frequently hear about WestFax users who strongly prefer our cloud-based HIPAA-compliant fax to the hardware-based machines they have used in the past.
If your organization needs to increase its agility and accommodate non-traditional work environments while maintaining strict HIPAA compliance, WestFax can help. Check out our HIPAA-compliant fax offerings here.
Dropbox is a popular service for storing and sharing files. Covered entities that are subject to HIPAA should approach Dropbox with caution, though, just as they would with any other technology platform.
Is text messaging HIPAA compliant? The general answer is no, although there are a few scenarios in which limited communication via SMS text messages may be acceptable. Nevertheless, it’s not advisable.
Although it’s possible to take steps that make e-mail more secure, there are always some risks involved. Even encrypted e-mails might not always pass muster. If your organization plans to use e-mail to send protected health information (PHI), it’s important to consider the risks very carefully.