The pandemic has caused a huge increase in the number of employees working from home. Procedures and equipment need to be reviewed to ensure that this new normal does not lead to violations of the HIPAA Privacy and Security regulations that can result in fines.
The HIPAA Privacy and Security regulations mandate that protected health information (PHI) must be secured according to their guidelines. Some examples of violations and fines include:
CVS Pharmacy and Rite Aid Corporation were fined $2.25 million and $1.04 million, respectively for inappropriately disposing of pill bottles with patient information on the labels in industrial trash containers. Both drugstore chains agreed to implement Corrective Action Plans which essentially call for the shredding of these types of documents.
On July 27, 2020, Lifespan Health System (“Lifespan”) agreed to pay $1.04 million to the Office of Civil Rights (OCR) to settle potential violations of the HIPAA Privacy and Security Rules related to the theft of an unencrypted hospital employee laptop.
The HITECH Act, which amended HIPAA, requires the Secretary of the Department of Health and Human Services to post on its website a list of breaches of unsecured PHI affecting 500 or more individuals. The webpage, commonly referred to as the “HIPAA Wall of Shame”, allows us to provide a summary of the causes:
Virtually every risk category presents more challenges when employees who work with or have access to PHI work from home. The following are recommendations to help minimize this exposure and keep your company’s name off OCR’s HIPAA Wall of Shame.
The increase in the number of employees working from home does not need to lead to an increase in violations of HIPAA Privacy and Security regulations. A review of procedures and equipment plus an emphasis on employees training will mitigate this risk and avoid the potential fines that a violation will bring.
Disclaimer: Materials are solely for informational purposes as an educational resource. Please contact counsel to obtain advice with respect to any specific issue.