In mid-March, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that they would use “enforcement discretion” in regard to HIPAA compliance with telehealth. And, the healthcare community gave out a collective sigh of relief. Not because the rules and regulations were unfair, but in a time of uncertainty, it meant one less thing to worry about.
That leniency meant that OCR would potentially waive penalties for healthcare providers who were serving COVID-19 patients through “everyday communications technologies” during the worldwide health emergency. This meant that with increased usage of Skype, FaceTime, Zoom, or other video conferencing platforms, the enforcement would be less strict as long as those services were “used in good faith”.
We want to assume that since we ourselves are acting in the patient’s best interest, everyone is. But with so many adjustments being either forced upon us or made on our own to accommodate our needs, it is hard to know whether or not we are doing the best that we can. Also, consider that your standards are not the same as others, and with many organizations lacking onsite monitoring by management or an IT company, you can only trust that all efforts are aligned to be the safest for patient care.
If you aren’t sure, ask. Is this platform safe? Should I have an additional layer of security on my hardware? Is the software that I’ve downloaded approved? In this time of uncertainty, asking questions is not only likely, but it is also welcome. If you are working from home, look for a checklist to ensure you’ve enabled best practices. Do your own security risk assessment.
Undoing Bad Habits
With regular enforcement expected to be back in place when the high alert phase has passed, it is in everyone’s best interest to remain as diligent as possible and not establish new laissez-faire habits that have to be undone later. Cybercriminals are waiting in the shadows for you to let your guard down. Don’t wait for someone else to create a response plan; be proactive if you don’t know what your plan is when responding to a security incident or cybersecurity breach.
It’s one thing to be lazy in your exercise and eating habits right now, but your cybersecurity habits must remain as strict and diligent as ever.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE