Back to Blog

HIPAA-Compliance and Security Risks for Healthcare Workers Amid Pandemic

Back to Blog

February 12, 2021

HIPAA-Compliance and Security Risks for Healthcare Workers Amid Pandemic

Jennifer Morency

The coronavirus has pushed many industries to rethink the way they do business and that is no different for the healthcare sector. With the need to keep people safe and at home as much as possible to diminish the number of resources needed and reduce contagion, many establishments had to rethink their workflows.

Emergency departments started triaging people over the phone, clinics started conducting virtual visits and hospitals stopped elective surgeries to maintain necessary resources for the influx of COVID-19 patients.

Many of the operational changes required technology that was either already in place or the need to quickly implement new software and processes. This generated more stress and unknown for many staff members and required training on top of the added workload of coronavirus patients.

That being said, the need for quick solutions outweighed the usual research and insight that normally goes into technology implementation. Where some healthcare professionals used applications such as Zoom to speak to their patients or gave sensitive information through email, many didn’t have the time to think about the security or privacy violations this could entail.

The Health Insurance Portability and Accountability Act (HIPAA) was placed for a reason. Although the pandemic threw many for a loop, the technology used to document, transmit and retain sensitive patient information should always be HIPAA-compliant in the healthcare sector.

As many healthcare establishments have now set up certain COVID-19 workflows and worked around other appointments and procedures, it’s time to sit back and look at the security behind the technology being used.

Technology Landscape for Remote Healthcare Workers

Technology in a healthcare setting can encompass anything from small devices to larger software and systems. The uses of these technological devices and machines varies however, and not all store important data.

What security measures are in place for the technology used by staff across healthcare establishments? Is it the same level for every machine? For every building? Of course not, so it can be difficult to understand what needs high security and what doesn’t.

An important rule of thumb is to ask yourself, what does this technology store? If the answer is anything from patient data to lab reports or even personal staff information, everything needs to be secure and the viewing and sharing of the data must comply with HIPAA policies.

When it comes to smaller clinics and practices however, not everyone has an information technology (IT) team. Most rely on procedures and the software already in place. This is why it’s important to implement technology that has privacy and security measures in place, whether within the software or within the cloud.

With the coronavirus pandemic pushing healthcare workers to contact patients through communication means that did not require in-person visits, HIPAA-compliance became extremely important. Some would call or video chat their patients through zoom, communicating important information on software that is not HIPAA-compliant and putting patient data at risk of being hacked.

Ransomware attacks were very high during the coronavirus pandemic, with Blackbaud’s data breach back in September of 2020 taking the biggest hit. According to HealthITSecurity, the breach involved sensitive data of over 24 providers and 10 million patient records, costing them over $6 million in damages.

Bigger establishments have had to buckle down with their IT departments to implement new security procedures for staff working remotely or conducting virtual visits, whether they be by phone, chat or video. Smaller practices, however, have had to take a hard look at the technology they had in place and see what they could do to utilize it securely from wherever they could practice.

This led to the adoption of HIPAA-compliant telehealth solutions and the increased integration of patient portals within EHRs to ensure data security and private transfer of documentation.

Over 24 providers and 10 million patient records were compromised in Blackbaud’s ransomware attack back in September of 2020.

Healthcare Communications Moving Forward

The need to adhere to HIPAA standards and policies is not new to anyone in the healthcare sector. Since its signing into law 25 years ago, the healthcare landscape, including technology, has greatly changed.

The novel coronavirus has affected over 108 million people worldwide, with over 27 million reported COVID-19 cases in the United States alone. This has shifted healthcare workers to find remote working solutions to reach patients, which led to the emergence of new privacy regulations.

Although the systems in which healthcare workers document the virtual encounters normally involve electronic health record software or practice management systems, the method in which they actually communicate with their patients isn’t always secure. Sharing sensitive information over the phone, through video, chat or email doesn’t constitute a HIPAA-compliant method of communication unless highly encrypted.

How can hospitals, practice owners and healthcare professionals keep enforcing HIPAA-compliant communications with their patients and peers amid a pandemic that forces people to stay apart? Healthcare establishments need to start by analyzing their current processes in place and ensure it now includes remote work and other workflow changes generated by COVID-19. This can involve data access, document disposal when workers are out of the office, security measures, vendor management of PHI if workers are also working remotely, privacy compliance programs and more.

As quarantine and other restrictions continue to be enforced in certain areas and states, virtual care will become more and more essential, making HIPAA-compliance increasingly important. Using secure communication methods and documenting, storing and sharing patient data in an encrypted setting that is accessible from anywhere by certain staff is now crucial.

The healthcare landscape is changing, relying on the cloud, virtual communication and other technology that now needs to be looked at further to ensure data encryption. The pandemic is taxing enough, no need for cyberhackers and data breaches. Security is key.

The novel coronavirus has affected over 108 million people worldwide, with over 27 million reported COVID-19 cases in the United States alone.