As dental practices make the shift, the team needs to be set up to work safely from home while you re-evaluate your cybersecurity preparedness and HIPAA compliance.
I hope that all of you are staying safe and healthy during this difficult time. Few-if any-dental offices are unaffected by the COVID-19 outbreak, and many are reduced to seeing emergencies only, while some are completely shut down. However, the task of running your practice is still very much intact. You still have a business to run, bills to pay, patients to contact, etc.
Many practices are setting up their team members to work from home (WFH). While I highly recommend doing this, it’s important to understand that HIPAA privacy and security laws are still very much in place. This article will discuss the considerations to make when setting up your work-from-home team.
The most critical decision you need to make is the choice of software, for a few reasons. First, there are certain criteria that HIPAA uses to determine if a software system meets their criteria or not. The company must be willing to sign a Business Associates Agreement with you since you are accessing protected health information. The software must have auditing and logging. Basically, HIPAA requires that anytime someone accesses patient information, you need to know who accessed it, when, for how long, and what they did. Also, the software needs to have “auto shutoff.” What that means is that if you walk away from your home computer that is connected to your office, the connection should terminate after a certain period of inactivity, otherwise anyone with access to your computer (spouse, kids) could potentially be accessing your data. Finally, the software has to use an encrypted connection.
So, what are the options I recommend? I’m a big fan of TeamViewer and LogMeIn. TeamViewer is usually the best option as they offer a free version for home use. LogMeIn, like TeamViewer, is HIPAA compliant, but their least expensive option is $350/year.
What about some of the better-known programs like Windows Remote Desktop (RD) or VNC? While we sometimes use VNC or RD for internal use, they aren’t good options for HIPAA. Besides not meeting most of the criteria I mentioned above, both require that you open a port on your firewall to allow access through, which is never a good idea. Both TeamViewer and LogMeIn do not require making any changes on your firewall.
The other thing that offices need to be aware of is that most people’s home networks are nowhere near as secure as their office, so there are a few things you should focus on to increase your level of security:
Learn to recognize emails that are scams or phishing attempts. Never click on links from emails that you weren’t expecting, and avoid too good to be true offers, things like that.
Tighten up the security on your home router. Change the default password, use a password that isn’t easy to crack, limit access to just devices that you approve.
Change, or at the least re-evaluate the passwords you use for all your major sites like banking and credit cards, make sure they are complex, and never use the same password on more than one site. If you have trouble remembering passwords, use a password manager like Roboform or LastPass.
Update all your operating systems, programs and apps on your computer, phone, and laptops.
Limit access to your work device to just you; family and friends should use their own devices.
This is a challenging time for all dental offices, but offices should make the best possible use of this downtime. Not only should you ensure that your team is setup to work safely from home, now is a great time to re-evaluate your cybersecurity preparedness and HIPAA compliance. When this crisis is over, once again, time will be your most precious commodity!