How to create a HIPAA-compliant home office

Working from home has become so common that job seekers now expect employers to offer remote work options. It’s an easy, effective way for employees to be productive even when they face illness, bad weather, an unexpected car breakdown, or whatever else life throws at them.

But when you work in a highly regulated industry, working from home is complicated. This is especially true in healthcare. It’s hard to bring home the same level of stringent security that your office has worked hard to provide. But do you even need to?

Just so you know
You’ve got your medical toolkit ready to help those in need — but what about your telemedicine toolkit? With JotForm’s HIPAA-compliant telehealth platform, you can easily create online medical forms that keep sensitive health data safe.

Bringing your work home can increase the risk of breaches

HIPAA regulations don’t exclusively apply to a location, like an office or a hospital. Instead, they apply to how patient information is handled and treated, regardless of where it is.

When you work with protected health information (PHI) from home, HIPAA still applies. But this new environment greatly increases the risk of something going wrong.

For instance, you might have a laptop or USB drive that’s full of PHI. The simple act of transporting these devices from your office to your home puts your information at risk. Your bag could be stolen. And once you get home, you run the risk of hackers getting into your system or a number of other possible data breaches.

By taking a few key steps, you can stay HIPAA compliant and mitigate the risks associated with working from home.

Setting up your physical environment for HIPAA compliance

Security is crucial to your HIPAA-compliant home office.
Security is crucial to your HIPAA-compliant home office. 

Creating a HIPAA-compliant home office isn’t just about the software you use. Just like at work, the way your office is set up has a major impact on whether or not it’s HIPAA compliant.

So what does it take? Here are a few keys to creating a more compliant space:

  • Keep your laptop locked when not in use, just like you would at the office. Even if only family members are at home with you, it would still violate HIPAA guidelines to allow them any kind of access to PHI.
  • If possible, set up your screen so that it can’t be easily seen by others. This may require repositioning your desk if it’s in a common room or simply closing the door to your office.
  • If you plan to receive faxes or print PHI, ensure that the printer is near your desk so that you can prevent anyone else from accessing your printouts. If it’s not possible to keep your printer near your desk, immediately retrieve any printouts.
  • It’s important that printouts containing PHI are stored safely. Use a safe or locked file cabinet to prevent anyone from purposely or accidentally accessing the files.
  • If you no longer need to keep a copy of a file, shred it to minimize the risk of the information being misused.

These precautions are simple, practical ways to keep your physical home office HIPAA compliant. Now let’s turn our attention to the digital space.

Taking digital precautions for your HIPAA-compliant home office

Each year, companies spend billions of dollars on cybersecurity. They have robust networks and protocols designed to protect information from hackers and thieves.

Unfortunately, most of us don’t have the money or know-how to implement the same level of security at home. But there are still ways we can enhance our cybersecurity. Let’s look at a few:

  • Use strong passwords for your Wi-Fi network, laptop, printer, and any other connected devices that you use to do your work at home.
  • Use the VPN provided by your employer to further protect yourself from threats. If your employer doesn’t provide a VPN, consider subscribing to a consumer VPN service.
  • At the end of your workday, disconnect from your VPN or any servers to further protect them from unauthorized access.
  • Consider using encryption when sending emails that contain PHI. This will make the information more difficult to access if the message is intercepted.

Following these precautions will help you to mitigate many of the risks associated with working from home. It will also help you stay HIPAA compliant.

Just so you know
If your organization is fighting against COVID-19, you can apply for a free, unlimited, HIPAA-compliant JotForm account with our Coronavirus Responder Program.

Ensuring ongoing compliance

As remote work becomes more and more common, companies will need to keep building the tools that allow employees to safely do everything they do at the office from home. This includes sending, receiving, editing, and submitting patient forms. Learn how our HIPAA-compliant forms can complement your business’s suite of digital tools.

This article is originally published on Apr 06, 2020, and updated on May 28, 2020.
AUTHOR
Firm believer in personal data privacy in the age of information. Close follower of the new regulations concerning patient confidentiality & HIPAA. You can reach George through his contact form.

Send Comment:

JotForm Avatar

Comments: