Advocacy Center   |   Collaborate   |   Data Portal   |   Print Page   |   Contact Us   |   Sign In   |   Join AAOE
News & Press: Industry News

Work From Home Strategies

Wednesday, March 25, 2020   (0 Comments)
Share |


This article was written for AAOE by Marion K. Jenkins, PHD, FHIMSS, Partner at HealthSpaces


Protecting data while working from home during COVID-19

Precautions for healthcare and other businesses 


The COVID-19 crisis has forced many employees to work from home (WFH) for the foreseeable future.  The technologies to support WFH are readily available, and can provide a great many of the same functions as being in the office.  However, in these unusual circumstances additional precautions should be taken to help protect critical information, including patient records.

Depending on how systems are set up, there are typically two remote access options available to employees of a healthcare PRACTICE in a WFH scenario.  Regardless of the option, all policies and procedures issued by the PRACTICE are applicable, and only the appropriate PRACTICE-approved remote access method should be used:

Option 1:  The employee uses their personal computer to remote into a PRACTICE computer on the network.

Option 2:  The employee takes their PRACTICE computer home from the office. 


IMPORTANT:  While working remotely, it is absolutely critical to fully comply with the following:

  1. Ensure your antivirus/antimalware software is up to date and scanning at least daily. 
  2. Do not download or copy any patient information of any kind to your computer desktop, your local hard drive, or any portable device (such as a USB drive or a CD).  This includes reports, spreadsheets, PDFs, etc., that contain protected patient information.
  3. Do not email any records (or reports or spreadsheets, or anything similar) to yourself or to another email address so you can access it on another device. 
  4. Ensure you log out of all PRACTICE systems from any computer used in either of the above Options, when you are done doing PRACTICE work.   You should log off and power down your PRACTICE-issued computer when you are not actively working. 
  5. Make special effort to guard against anyone else in your household improperly accessing PRACTICE systems through either Option above.  More specifically:
    1. Do not allow anyone else in your household (or remote workspace) to access or use your PRACTICE-issued computer, at any time or under any circumstances, or let anyone else access or use your personally-owned computer while it is logged into the PRACTICE network. 
    2. Do not allow anyone else in your household (or remote workspace) to access or even view any proprietary PRACTICE information, and specifically including any protected health information.  NOTE:  protected health information does not have to contain such things as medical diagnosis, Social Security Number, credit card numbers, etc., for it to be considered “protected.”  The mere association of a name and a medical facility can be cause for concern.  For example, "celebrity snooping" has led to several severe disciplinary actions.
  1. Take extra care in accessing email or any websites, at any time, and in particular while you are also logged into or accessing any PRACTICE system(s).  Most online threats (i.e. “hacking” incidents) are the result of users getting tricked into opening attachments or clicking on links that can cause security and other operational incidents, ranging from minor inconveniences to full-on shutdown of all systems, and associated data loss and/or breaches.. 


a.     Items 1, 2, 3 and 6 above also apply equally under “normal” circumstances, meaning they are critical any time you are using or accessing PRACTICE’s systems within a PRACTICE office or clinic.

b.    Check your own PRACTICE policies and procedures and make sure they align  the items listed above.  You may need to make tweaks to these items to align with your own policies and procedures.

c.     The word “computer” above applies equally whether the device being used is a desktop, laptop, tablet PC, etc. 

d.    Feel free to copy/modify/paste this content into your own policy documents as you see fit.  

Membership Management Software Powered by YourMembership  ::  Legal