"Anytime someone works from home, they have special training needs," says attorney Michael Roach with Michael Best & Friedrich in Chicago. First and foremost in today's HIPAA-laden compliance environment, practices should work hard to ensure that home coders don't compromise patients' privacy. Practices need to establish clear confidentiality policies and procedures for all off-site employees, says St. Paul, Minn.-based attorney Gordon Apple. Practices and home coders should also ensure that they receive proper computer security training and that they have a system that will accommodate the secure flow of information, he says. Another area of concern is access to the computer you might use off-site. Ideally, you would have a computer solely for work, and no one else would be allowed to use it, Roach says. At the very least, you need to ensure that access controls are built into your system. To help cover your bases, Burton suggests that home coders follow these computer security tips: Run virus scans and use firewalls to prevent hackers and viruses. Ensure that documents are not saved on disks/CDs, retained in hard copy, or saved on alternate drives. Stay in touch with technical support. Be sure information is not misrouted, and don't try to fix something you are not trained to handle. Make sure your passwords and access codes are set up correctly. Report breaches to your privacy officer or IT manager. Prohibit others from using your workstations.
Take precautions to avoid accidental or intentional misuse of confidential information. Secure your residence from mail interception. Use a guaranteed delivery service and always sign when sending and receiving packages. Don't Neglect Good Old-Fashioned Paper Technical security issues aren't the only ones to consider. You must also ensure that paperwork isn't floating around that contains protected health information. This will require you to raise your consciousness level, Roach says. Keep all paperwork in a locked filing cabinet, and don't run errands with a car full of PHI, he says. And remember, HIPAA isn't the only game in town. Make sure you have received all the appropriate compliance training, Roach says. You should have a copy of your compliance program and attend compliance training sessions with other employees.