Call it teleworking, remote access, or mobile access if you have any access to PHI outside of your office, you should have a HIPAA mobile access policy that applies to that activity. Any person that accesses your systems and data outside of your internal network should be trained and sign off on commitments to protect your PHI.
We’ve never specifically covered the topic of what should be included in a HIPAA mobile access policy. It is about time we did just that.
In this episode:
- HIPAA Boot Camp May 11/12, 2017
- Where’s Donna going next
- Southern Oncology Association of Practices (SOAP) – Spring Meeting, April 7, 2017, Orlando, FL
- GA MGMA Annual Conference – May 2, 2017, Hilton Head Island, SC
- South GA MGMA – June 21, 2017, Valdosta, GA
- The Atlanta Association of Legal Administrators – July 19, 2017, Atlanta, GA
- Mobile Access Policies
- What controls do you need for your office?
- Cloud applications
- Coffee shops
- Email
- David’s latest email support story
- VPNs
- What scenarios should your policies cover
- What should your staff be required to do for their remote access devices
HIPAA Mobile Access Policy Considerations
There are a lot of things you should consider when defining your mobile access policy.
What kinds of controls do you need to have in place on your local network for remote access before you let others in?
- What resources will be accessible remotely?
- Documents
- EHR
- PM
- CRM
- Cloud Apps directly or through your connection
- Use of open RDP SHOULD NOT BE USED ON PUBLIC IPs
- VPN for use on public wifi
- What devices are you going to allow to connect?
- BYOB?
- Family computers used by kids?
- Public computers
- BYOB?
What mobile access scenarios should the policy cover?
- Working from home (billing, transcription, accounting and reporting, clinical and diagnostics)
- Working in hotels and other public access locations.
- Working from other home networks (family visits, business partners)
What your staff must do to be eligible for remote access
- Training
- Device commitments
- Audits
- Up to date software
Mobile access isn’t something you just do and not worry about it. So many things are opened up by allowing mobile access that you must