Your EHR is on the cloud and you can now access your patient’s records from all locations, What precautions and security should you have in place before accessing those records?
This is also applicable if you host your data in your office and have set up your network to allow remote network access.
Your office network should be configured to safeguard it from exterior threats. The only devices that are on your office network should be devices that are necessary for the office to function (e.g. computers, phone system, credit card terminals). Part of managing the security on your network involves completing the annual HIPAA risk assessment and addressing the associated risks throughout the year. If you connect your EHR to another network without proper consideration, you may be putting your patient’s data at risk of a HIPAA breach.
When you or members of your practice access your cloud-based EHR or remotely access your office from any location, you should require members of your team to do so to access patient records in a secure manner. Unless your office is managing the network your team is connecting from, you cannot assume that the network is secure. As such, devices that are brought outside the office should use a VPN before connecting to the internet. We do not know what other devices are connected to other networks. Nor do we know the security settings enabled for the router. However, by utilizing a VPN a secure connection can be established.
Learn about how to set up computers to work from home: https://tldsystems.com/work-home-computer-security.
Do you have questions about how to ensure your office is HIPAA compliance? Contact TLD Systems at (631) 403 6687 or email email@example.com.