By: Filip Cotfas
As the COVID-19 pandemic spreads throughout the world, more and more companies are asking their employees to work from home in light of new government-issued regulations and for their own well-being. This unprecedented health crisis has meant that many sectors have had to adapt to the new conditions and embrace remote work despite past misgivings.
Reluctance to adopt remote work policies is often related to the sensitivity of the information an organization processes. Industries such as health and finance that have stricter data protection requirements in place have long opposed remote work. However, due to recent developments, many have found themselves having to rethink their previous stance and allow their employees to work from home.
Health information is considered highly sensitive data in most countries today. In response to the ongoing COVID-19 pandemic, it’s the need for healthcare providers to communicate and provide health services to patients virtually through remote communication technologies.
Protecting health data while working remotely
Once healthcare providers decide to implement remote work plans, it is essential for them to ensure that health data will be protected even when it is taken outside the security of company networks. This starts from the devices employees will be using remotely: they must be encrypted, password-protected, and have updated firewalls and antivirus software installed. Virtual Private Networks (VPNs) should be used to access the company network remotely. Employees should be required to disconnect at the end of each workday to ensure their computers don’t stay connected longer than necessary to the company network.
Companies should use solutions like DLP tools to ensure that health data cannot be copied to any external devices not approved by the organization. In this way, potential malicious devices cannot be connected to a computer, and data at rest cannot be stolen or stored.
Physical protection of files
Working from home may also mean that employees can print information or receive health information through the mail. It is essential, therefore, that they store it in a secure place, whether it’s in a locked cabinet or a home office that no one other than themselves has access to. When they are no longer needed for the original purpose they were collected for, physical files should be shredded or otherwise destroyed.
It is also important that employees work in a private space where no one can see or hear the information they are transmitting or working on. No other individuals, except the employees themselves, should be allowed to access computers on which protected health information is stored.
Monitoring and logging health information
Lastly, health data should be monitored at all times to ensure compliance and to help companies spot any risky practices their employees might be tempted to use while working from home. Logging the movements of health information is also a way for organizations to prove compliance in case the OCR requires it.
(The author is Channel Manager at CoSoSys and the views expressed in the article are his own.)