The workplace of today is going through a period of significant upheaval right now. According to a recent survey, companies anticipate that the number of full-time workers who remain at home permanently will triple that of pre-pandemic levels. Currently, an estimated forty-four percent of employees are working from home.
The ramifications of this transition will not only have an impact on productivity and company culture. Still, they will also touch on policies and operations across a wide range of business departments, including finance, human resources, information technology, and countless others. The stakes are arguably even higher in the healthcare industry, which must not only contend with many challenges as other industries but also take into consideration how a remote workforce impacts HIPAA compliance. This is in addition to contending with many of the same challenges as other industries.
There are various ways in which HIPAA and privacy compliance policies are impacted when employees have the option to work from home. According to a report by the United States Department of Health and Human Services, there have been more than 300 breaches of protected health information (PHI) so far this year, putting the personal information of 10.8 million people at risk.
This highlights the significance of health care organizations addressing the myriad of gaps through which protected health information (PHI) may be exposed. These are the following:
Since 2020, cities across the United States have been issuing stay at home to prevent the spread of COVID-19. As a result, the majority of the working population has been obliged to switch to working from home for the time being. Certain HIPAA-covered companies and the majority of business associates are examples of persons who fit into the category of people who work from home. This is despite the fact that essential staff, such as a large number of healthcare professionals, have continued to work in person.
Within the past few months, the Office for Civil Rights within the DHHS, which is responsible for the enforcement of HIPAA violations, has released a few statements of expectations in light of the widespread public health emergency that has been unfolding across the country. They made the announcement that they would not impose penalties for noncompliance if healthcare professionals who are covered use standard video chatting software for tele-health purposes.
Even if it is possible to utilize these applications at this time, it is essential that providers enable all of the privacy and encryption settings that are available through these programs. The completion of business associate agreements with these organizations is still a need for organizations. Specific programs like Zoom, have made it possible for covered companies to finish these forms. To reiterate, this is merely a short-term solution, and covered companies should not count on it being in place once the current condition of a nationwide public health emergency has passed.