Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, but also are necessary for continuing business operations. Let’s look at the associated risks and how to manage them.
Because telework and telehealth create their own security environment and therefore their own risks, assuring that anyone working remotely follows good security hygiene needs to be a high priority.
7 Steps to Address Virtual Workspace Risk
- Ask those working remotely to use a checklist (you can start with the essentials in this one), complete, and return it. Using a simple mechanism like this is also a good way to assess risk, while also educating remote employees about proper remote office security.
- Send out regular security reminders focused on remote work risks, like “beware of phishing.”
- Make sure waiting rooms are enabled for the videoconferencing platform used for meetings and telehealth.
- Check that remote workers are not using their personal PIN when scheduling meetings and telehealth appointments. A secure PIN should be randomly generated.
- Assure that recorded telehealth appointments are stored locally (or on CE and BA servers) and that the recordings are encrypted.
- Include the risks associated with telework and telehealth when conducting your periodic risk analysis.
- Ask your critical vendors what they are doing to secure your data. And it’s not a bad idea to get their assurance in writing.
When it comes to security, you can’t be too careful. Now is a great time to assess organizational security, including the remote locations where your organizational workforce is doing business. Taking the time to implement these fairly simple steps will protect your organization, your employees, and your patients.
Extensive remote working situations are exposing more risks than many companies previously realized. Not the least being how to be sure your policies and procedures cover this situation properly. Whether you’re updating current policies and procedures or need new telework ones, give us a call at 503-384-2538 to get things moving.
