HIPAA Compliance for Remote ROI Staff

For many, adjusting to remote work has been a challenge. It involves adapting to a new routine and learning to use new programs to aid in collaboration and communication. Health information managers (HIM) and other remote release of information (ROI) staff members work with patient data every day. It’s essential for them to protect it.

The U.S. Department of Health and Human Services (HHS) eased HIPAA security rules to grant leniency for providers offering telehealth services. They did not extend this to other remote healthcare activities, however, so all HIPAA rules still apply for remote ROI staff. In a FAQ regarding telehealth and HIPAA regulations during the pandemic, HHS stated:

“Covered health care providers will not be subject to penalties for violations of the HIPAA Privacy, Security, and Breach Notification Rules that occur in the good faith provision of telehealth during the COVID-19 nationwide public health emergency. This Notification does not affect the application of the HIPAA Rules to other areas of health care outside of telehealth during the emergency.”

The Enforcement Rule, introduced in the HITECH Act, outlined four tiers of increasingly steep penalties for HIPAA violation based on the covered entity’s level of culpability. Common questions that remote healthcare information managers face when working to avoid non-compliance include:

• How can I help my remote ROI team succeed?
• How can I maintain clear communication with patients?
• What are the benefits of using new software?

Promote Security for your Team

Every employee with access to patient’s electronically protected health information (PHI) must guard against potential hackers. On-site devices are protected by the facility’s security, but remote ROI staff must take this matter into their own hands. When your team is scattered, it is important that they know how they can avoid compromising PHI.

To bolster security while working from home, adopt the following practices:

• Keep your computer password-protected, even if you live alone. In the unfortunate event that intruders enter your home, they should not be able to access any device with sensitive information.
• Change your passwords at least once every 30 days. Make sure each password includes a combination of capital and lowercase letters, numbers, and special characters. You can use a password generator for added security.
• Do not reuse passwords on different websites. A hacker will enter stolen login information into other websites. Don’t let them succeed.
• Ensure all routers processing PHI are password-protected. If your wifi signal is not password-protected, strangers will likely siphon it for their own purposes. Generally, this will be harmless, but an individual with sinister intentions could potentially access and manipulate other devices on the network. 
• Utilize a virtual private network (VPN) to protect your IP information. A VPN encrypts your internet activity and funnels it through a number of servers throughout the world to make both intercepting and tracking private information significantly more difficult.
• Employ two-factor authentication whenever possible for the best protection. This goes double for your email address, which will indirectly grant access to many of your accounts if invaded. The minor inconvenience of retrieving a code from your phone when you log in to the account is enormously outweighed by the added security.

Restrict Access to Sensitive Information

Strong management practices play a crucial role in the success of remote workers. Good practice involves granting employees access to only the minimum necessary information essential to fulfilling their job responsibilities. An HIM should set clear work expectations, enforce HIPAA regulations, and control remote employees’ access to electronic medical records to ensure compliance with the HIPAA Privacy Rule. 

With ChartRequest, healthcare providers can invite their team members to join their organization’s account. Once an employee’s account is added, the admin can give them a rank in the organization and edit their account privileges. Our software helps protect your remote ROI staff from leaks by helping healthcare providers control their access to PHI.

Maintain Communication with Patients

Some of these adjustments are not only new for first-time remote employees, but for the patients they serve. Adapting to today’s healthcare climate involves offering clear guidance to the people who need help navigating it. 

Share major updates via pre-recorded messages and on the front page of your facility’s website. This can help maintain clear communication without overwhelming your phone and email lines. Providing accessible information will help your patients answer their questions without you needing to pick up a phone.

To remain HIPAA compliant, any requests for electronic health records must be fulfilled within 30 days. Soon, that timeframe may be cut in half. Adopting software to manage information sharing, both within your organization and for your patients, will further reduce your communicative burden. 

With ChartRequest’s companion mobile app, your patients receive notifications of any new activity directly to their phones. They can also check the status of their records request at any time. This enhances transparency and reduces their need to call your facility for additional information. Our provider messaging system also allows requestors to ask any questions within the ChartRequest software.

Find the Right Software

Fulfilling medical records requests can be a complicated, time-consuming process even under the best conditions. The COVID-19 pandemic has only accelerated the demand for software to help maintain compliance while releasing critical information. 

Gillian Peralta, the president of SimScreen, stated in a company press release, “The COVID-19 pandemic will continue to challenge businesses in unique ways. Not only do they have to ensure the health and safety of both customers and workers, but they also are grappling with managing an ever-changing regulatory environment.”

Learning to use new software is a hurdle for every employee, but the best teacher is experience. ChartRequest helps healthcare providers streamline their record exchange workflow and manage their incoming ROI requests. Our HIPAA-compliant software protects personal health information and expedites the request fulfillment process, saving users time and effort.