Poorly secured home networks. Highly accessible workstations. Use of personal laptops that don’t adhere to security standards. Each of these (and more) is a vulnerability for revenue cycle staff working at home during COVID-19. Unfortunately, with vulnerability comes opportunity for hackers to target this newly remote workforce and access protected health information (PHI). Consider the following strategies to mitigate risk:
1. Require a signed telecommuting agreement.
Chris Apgar, CISSP, CCISO, president of Apgar & Associates, LLC, a privacy and security consulting company based in Tigard, Oregon, said remote revenue cycle staff must attest to the following:
Security patching, in particular, tends to go under the radar, says Ken Townsend, CISSP, vice president and chief information security officer at R1 RCM, an outsource revenue cycle management vendor headquartered in Chicago, Illinois. Patching is likely an afterthought for remote staff using their home computer because most users are focused on providing customer service — not keeping up with the latest vulnerabilities, he said. For health systems, it’s also difficult to routinely identify software bugs and vulnerabilities, and it’s challenging to take critical systems offline for routine maintenance, he adds.
Ken Townsend is the Vice President and Chief Information Security Officer at R1.