Raymond Ribble, founder of SPHER, Inc., presented the webinar “Healthcare Cybersecurity Awareness Training” recently and a recording can be viewed here. Ray returned to answer many commonly asked questions from the webinar.
How do I make sure my home PC is encrypted?
Ensuring that a home computer is encrypted requires different actions depending on the type of computer. The answer depends on whether you are using a MAC or PC.
The instructions for ensuring a Mac computer is encrypted are as follows:
- On your Mac, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane
- Click Turn On FileVault. You might be asked to enter your password.
- Choose how to unlock your disk and reset your login password if you forget it:
- Click Continue.
The instructions for ensuring a PC is encrypted are as follows:
- Sign into Windows with an administrator account (you may have to sign out and back in to switch accounts).
- Select the Start button, then select Settings > Update & Security > Device encryption.
- If device encryption is turned off, select Turn on.
I am using the EHR regularly, is there a risk that I could get hacked and expose my office as well?
Yes, there is always a risk. Our home set-ups are inherently less secure than an office environment. I advise you to start by speaking with your IT and administrative senior managers. Consider the login process to the EHR, is it a two-factor authentication process? If you are accessing a portal, then IT may be able to establish a secure VPN tunnel to allow the work-from-home employees to log in and use when accessing those systems. Of course, encryption of your PC and placing strong security on your home router and modem will help greatly. Each environment will vary, so I really do advise you to consult the IT manager and ask for them to review the environment to ensure it is secure.
Is there a way for me to see what my remote users are doing from home, what are they accessing?
Yes, there are a few ways to make that happen. This is a great question because it addresses the HIPAA requirement for auditing and monitoring access to PHI. In most cases the EHR/EMR has an audit log. If you have access to those logs, then you can conduct a manual review of the person in question and see what types of queries they are making in the application. Your office may use a network monitoring tool such as SPLUNK that allows IT to see the traffic associated with access to and movement of data within your systems. And last but not least, you can use a solution such as SPHER that actively monitors all user access regardless of their location and allows you to monitor 100% of user activity and run compliance analytics to review any abnormal behaviors that are detected.
When working from home should I use my WiFi or a hard line (cable) to connect to the internet?
It is always BEST to use the hardline cable, if you have that capability. You can buy a long cable for that purpose at Best Buy or your favorite computer store. If you select to use WiFi then I recommend you to go into the settings and “Turn Off” the WiFi broadcast, called SSID. This makes it harder for your neighbors or a hacker to drive by and see your WiFi network. You’ll know the login data and be able to access it from the house.
Raymond Ribble, founder of SPHER, Inc. a leading SaaS-based compliance analytics solution and co-founder of Fusion Systems Co., Ltd. an international IT Consulting business with operations throughout Asia and across multiple industry verticals. He is active in multiple international businesses, having lived in Japan and mainland China for close to 20 years. He is active in numerous healthcare privacy groups such as HIMSS and MGMA, speaking at healthcare industry events, and works to contribute to the growing awareness of the need to identify internal and external malfeasance to prevent data breaches.
Ray’s career began as an aerospace engineer at Northrop Corporation, advancing into international financial systems consulting and solutions development across Asia for many of the worlds’ top investment banks. Ray’s firm was prominent in working with the HITECH Program serving over 2000 provider groups across Southern California in attesting to Meaningful Use and addressing the increasingly complex privacy and security mandates.
Be sure to view a replay of Ray’s webinar “Healthcare Cybersecurity Awareness Training.” You can also view his webinars, HIPAA Security Rule – How to Manage Adherence,Surviving an OCR Audit, as well as others, including podcasts. Check out our COVID-19 Healthcare Compliance Toolkit as well as other recent educational resources on Cybersecurity.