HIPAA in the Time of Pandemic

First and foremost, a sincere thank you to healthcare providers out there stepping up for all of us in this pandemic. We’re doing what we can here at Apgar and Associates – working remotely and following state directives. We’re also doing what we can to support other small businesses.

For all of us business associates – nothing about HIPAA changes except that a large part of your workforce, if not all, are working remotely. (If you thought the HIPAA Limited Waiver applied to us BAs, it didn’t. More on that here.)

Even though employees are working remotely, it’s still your responsibility to help them follow basic, common-sense rules around information security. Now is the time to review your policies around:

  • Remote work
  • Acceptable Use
  • Personal Device Use
  • Workstation Security

When we say review, we mean really read them to be sure they make sense. For instance, if your personal device use policy still talks about pagers, it’s a pretty good sign that you haven’t really reviewed it since 2010 or 2011. Same goes for any policy that contains the term “floppy disks.”  Assure that your policies talk about how to work in your information technology structure as it exists today – not as it existed way back when, or as you hope it looks in the future.

Share your policies with your workforce!

Write your policies clearly enough that your team knows what they mean. Given the levels of boredom and stir-craziness we’re all experiencing, the policies may actually get read (gasp!).  And please, remind your people that phishing scams and other cyber craziness doesn’t stop just because everything else does.

This wave will crest!  Let’s all hang in there till it does.

Not sure where to start with updates? We can help. Whether you’re updating current policies and procedures, or you’ve never finished the ones you have. Give us a call at 503-384-2538 to get things moving. While so many of us are working remotely may be the best time to work through the action items checklist.