Zoom is a great example. While many telecommuters are using free or enterprise versions of the videoconferencing platform, those versions do not support HIPAA compliance. Healthcare providers seeking to use the tool for PHI must instead license the specialized Zoom for Healthcare solution that provides a compliant platform and interfaces directly with electronic health record systems.
3. Supply Provisioned Devices for Simplicity and Safety
While it is possible to support BYOD approaches that allow interaction with patient records from personal devices, this path is fraught with peril. It’s difficult for healthcare IT teams to verify that employee-owned devices meet organizational security configuration requirements — especially when staffers aren’t on the premises for a consultation.
Sending preconfigured devices home with practitioners increases the likelihood that those devices will comply with security policies. They’ll also be far easier to support, as IT teams can manage them with the same mobile device management platforms that they use back in the office.
Remote work may require some tweaks to that policy, but that’s a far less burdensome task than attempting to secure personally owned devices.
4. Use VPNs to Secure Online Activity
Remote providers will require access to EHR systems and other technology managed by the practice and cloud providers — and they’ll gain this access over their unsecured home internet connections.
IT staff must work with practitioners to implement controls that protect their devices from other threats that may be present on a home network or on the internet between the home and the office. Managing device configuration will handle many of these issues, but that leaves internet communications open to eavesdropping.