HIPAA Regulatory Alert
Working from home is the new normal and will be for many healthcare employees for a while, so adjustments are necessary to maintain compliance with HIPAA. Protected health information must be managed properly whether the employee is in the healthcare facility or at home.
Most healthcare providers should have crafted compliance programs for remote employees before the advent of the COVID-19 pandemic. Certainly, the pandemic has pushed the urgency of such plans to the forefront, says Richard J. Tarpey, PhD, assistant professor in the Jones College of Business at Middle Tennessee State University.
“In my prior practitioner healthcare career and leader of Sarbanes-Oxley and HIPAA compliance programs in the past, I can say that compliance is not flexible based on the location of the workforce. It is absolutely reasonable to expect the same level of security for remote workers as is in place for employees on company property,” he says. “There are several examples in the last few years of healthcare providers being held financially accountable due to the loss of PHI [protected health information] data by remote employees.”