HIPAA-Compliance and Security Risks for Healthcare Workers Amid Pandemic

Technology in a healthcare setting can encompass anything from small devices to larger software and systems. The uses of these technological devices and machines varies however, and not all store important data.

What security measures are in place for the technology used by staff across healthcare establishments? Is it the same level for every machine? For every building? Of course not, so it can be difficult to understand what needs high security and what doesn’t.

An important rule of thumb is to ask yourself, what does this technology store? If the answer is anything from patient data to lab reports or even personal staff information, everything needs to be secure and the viewing and sharing of the data must comply with HIPAA policies.

When it comes to smaller clinics and practices however, not everyone has an information technology (IT) team. Most rely on procedures and the software already in place. This is why it’s important to implement technology that has privacy and security measures in place, whether within the software or within the cloud.

With the coronavirus pandemic pushing healthcare workers to contact patients through communication means that did not require in-person visits, HIPAA-compliance became extremely important. Some would call or video chat their patients through zoom, communicating important information on software that is not HIPAA-compliant and putting patient data at risk of being hacked.

Ransomware attacks were very high during the coronavirus pandemic, with Blackbaud’s data breach back in September of 2020 taking the biggest hit. According to HealthITSecurity, the breach involved sensitive data of over 24 providers and 10 million patient records, costing them over $6 million in damages.

Bigger establishments have had to buckle down with their IT departments to implement new security procedures for staff working remotely or conducting virtual visits, whether they be by phone, chat or video. Smaller practices, however, have had to take a hard look at the technology they had in place and see what they could do to utilize it securely from wherever they could practice.

This led to the adoption of HIPAA-compliant telehealth solutions and the increased integration of patient portals within EHRs to ensure data security and private transfer of documentation.

The need to adhere to HIPAA standards and policies is not new to anyone in the healthcare sector. Since its signing into law 25 years ago, the healthcare landscape, including technology, has greatly changed.

The novel coronavirus has affected over 108 million people worldwide, with over 27 million reported COVID-19 cases in the United States alone. This has shifted healthcare workers to find remote working solutions to reach patients, which led to the emergence of new privacy regulations.

Although the systems in which healthcare workers document the virtual encounters normally involve electronic health record software or practice management systems, the method in which they actually communicate with their patients isn’t always secure. Sharing sensitive information over the phone, through video, chat or email doesn’t constitute a HIPAA-compliant method of communication unless highly encrypted.

How can hospitals, practice owners and healthcare professionals keep enforcing HIPAA-compliant communications with their patients and peers amid a pandemic that forces people to stay apart? Healthcare establishments need to start by analyzing their current processes in place and ensure it now includes remote work and other workflow changes generated by COVID-19. This can involve data access, document disposal when workers are out of the office, security measures, vendor management of PHI if workers are also working remotely, privacy compliance programs and more.

As quarantine and other restrictions continue to be enforced in certain areas and states, virtual care will become more and more essential, making HIPAA-compliance increasingly important. Using secure communication methods and documenting, storing and sharing patient data in an encrypted setting that is accessible from anywhere by certain staff is now crucial.

The healthcare landscape is changing, relying on the cloud, virtual communication and other technology that now needs to be looked at further to ensure data encryption. The pandemic is taxing enough, no need for cyberhackers and data breaches. Security is key.