As your organizations begin to reopen and get back to the new “normal” be diligent with who has remote access to the office and operating systems containing electronic Protected Health Information (ePHI).

While it may have been imperative to set up remote access for multiple staff members during the Pandemic, is it still necessary?

Just as you would with your operating systems – Windows, EMR/EHR, Practice Management, Google Docs, Drop Box – there must be a documented list of users that is reviewed regularly and disabled immediately when the user is no longer employed or eligible for access to specific systems.

Additionally, keep track of which vendors have access to your systems. Be sure that access is documented and removed when any changes occur with vendors.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!