Cybersecurity is something we address at the workplace, but have you considered the cybersecurity threats that you may face at home. Due to the current pandemic, more people are working from home and accessing patient information from home computers. It is time to start addressing cybersecurity threats we face outside the workplace and taking steps to mitigate those threats. Join us this month as we explore how your office should address the cybersecurity threats of working from home.
Whether you are accessing your cloud-based EHR (or other cloud-based software with patient information) from the workplace or from home, we should only be utilizing secured hardware to access the software. At the office, there are often policies that computers should only be used for work purposes. Work computers should not be used to open personal e-mails, access social media or play online games. What about home computers that are connecting to cloud applications or even to the office network? Do you mix personal and work on those computers in your home? Are you using the same computer for accessing patient information and to access person e-mails, social media, playing online games, at home? Why are you treating this computer differently from any computer in the office? If you plan to access patient records from home, you should have a dedicated computer at home for work purposes that has the same policy as the work computers to minimize the chance of breaching patient information.
To those who say that you do not have the resources to invest in a separate device, I hear you. A second option, and when I say second, I mean a very far second option, would be to create a separate user profile to use when accessing patient information. What does this mean? In the control panel (windows) or system preferences (mac) you can create a separate user account on the computer. This second user account should be set up with the policies that your office. That should include not accessing personal e-mails, not downloading unnecessary programs or files, not accessing social, etc.
Now that we’ve addressed any computer at home that accesses patient information should not be treated differently than an office computer, what is your office’s computer policy? Some of our recommended policies that may look familiar to you include:
- Each user has their own login credential to access the computer
- 3-5 attempts to login before getting locked out
- Before stepping away from the computer, log out
Ensure that you are implementing the same policies on any computer used to access patient information outside of the office as the computers in the office.
If you or your staff are using home or personal devices to accesses patient information, these devices need to be tracked in your Risk Analysis. In TLD Systems you can track these devices, where they are being kept and how they are connecting to access patient information. You are also given tools to track the operating system and anti-virus software. It is essential to keep the software up to date.
You can also subscribe to the TLD Systems Newsletter where we publish many of the security announcements that you need to know about in order to protect your computers, your information, and the information you have about your patients. To subscribe to our newsletter, click HERE