Protecting Health Information In The COVID-19 Era

Posted by Ken Reiher

Gerry Blass, President & CEO, ComplyAssistant

How to educate and prepare staff when working remotely

ComplyAssistant recently contributed to an article, written by Kevin Duffy, on protecting health information in the May 2020 edition of HCPro’s Briefings on HIPAA. The following blog post covers some of the key points.

Even prior to the COVID-19 pandemic, ransomware attacks were on the rise.

“COVID has simply increased risk of attacks due to more locations with a remote workforce, [protected health information] through telehealth, more phishing attacks, more opportunities that hackers like to take advantage of.”

Gerry Blass, President and CEO of ComplyAssistant

Even with plenty of guidance available for healthcare organizations to follow in order to protect their networks and data, the current landscape has complicated the normal processes.

“It’s a tough environment right now. The workers who are on-site, the clinical folks, are in crisis mode and maybe don’t see alerts. They’re probably overworked or overtired, and they more easily could make a mistake and click on something they shouldn’t in this kind of environment.”

Blass continues

Normally healthcare providers already educate their staff on how to recognize phishing attempts and the steps to take if they come across a suspected attack. But, as Blass says, “now is not the best time to schedule extensive training sessions for the entire staff. It is imperative, however, that organizations provide frequent reminders to reinforce the importance of security and keep employees on high alert.”

Seven tips on educating and preparing staff on how to protect organizational and patient data in this new era.

  1. Provide specific examples

    Use photos and images to clearly identify components of a malicious email.

  2. Identify any external emails

    Tag all non-internal emails as “external” in the subject line.

  3. Offer quick training options

    An optimal choice over all-day trainings, especially during a crisis.

  4. Adjust to a remote workforce

    Locate and mitigate vulnerabilities of PHI being handled offsite.

  5. Implement safeguards

    Standardize security controls, use VPNs and multi-factor authentication.

  6. Discourage personal web browsing

    Lock down web browsing on organization-owned devices to reduce risk of sharing PHI.

  7. Treat home like the office

    Practice the same safeguards at home to prevent unauthorized parties from seeing PHI.

With increased threats due to COVID-19, now is a good time for organizations to strengthen their security measures. Blass also recommends considering a full-time Security Operations Center (SOC) solution, “For organizations that have not implemented a 24/7 SOC and tried to do it on their own, they should really consider outsourcing to an expert organization for 24/7 monitoring now.”

Want more? Read our blog post on how COVID-19 put disaster preparedness plans to the test. For a consultation and demo, contact ComplyAssistant.