Technology and Multi-Employer Employee Benefit Plans: June 2014

Wednesday, June 18, 2014

HIPAA Security Rule and Home Workers

The number of staff that work from home has continued to increase at benefit fund offices as it has with many other organizations. While this can be beneficial for both the Fund office and the remote worker, it also poses HIPAA related security concerns. Lack of security in the home computer environment can lead to a fund office network breach and/or unauthorized access to electronic personal health information (“ePHI”).

Without proper policies and security in place the following can occur:

Lack of a firewall or an improperly configured DSL or cable modem could allow unauthorized access by a hacker to the home worker’s computer. Once the hacker has gained access to the computer they could possibly use the connection to access the fund office network.
Depending on the security in effect, it may be difficult to prevent a home worker from copying files from the fund office network to the home worker’s PC. If there is any possibility of this happening, the home worker’s computer should be encrypted similar to the PC encryption at the fund office. This would help prevent unauthorized access to ePHI if the computer were to be stolen.
Lack of sufficient and up to date Microsoft security patches could allow unauthorized access by a hacker to a home workers computer. Once the hacker has gained access to the computer they could possibly use the connection to access the Fund office network.

These are just a few examples of potential security issues that can occur. Only through proper policies, staff training and technical safeguards can these threats be kept to a minimum. We recommend that HIPAA covered entities establish the same policies for home computers as they do for computers located at the fund office premises. Click here for a document by the Department of Health & Human Services which provides additional guidance to HIPAA covered entities that provide remote access to ePHI.

LaSalle Consulting Partners can help you develop and implement policies that help safeguard ePHI. Please contact me at 312-361-3313 if we can be of help.

LaSalle Consulting Partners, Inc.

LaSalle Consulting Partners, Inc. is recognized as one of the few consulting firms that have extensive experience providing technology solutions to Taft-Hartley Employee Benefit Plans. We provide technology consulting services to employee benefit plans which include Health and Welfare Benefit Plans, Pension Plans, and other funds established through Collective Bargaining.

Our clients include employee benefit plans of all sizes – from smaller plans to those with assets in excess of $1 billion. We have developed an expertise with employee benefit plans. We understand their unique facets of operation. We are familiar with benefit plan practices as well as the special standards and rules that apply to plans such as those imposed by HIPAA, the HITECH Act of 2009, and the HIPAA Omnibus Rule.

We have an expertise in the utilization of Microsoft Office 365 Cloud solutions tailored specifically for Taft-Hartley Funds. LaSalle Consulting Partners can help you implement cloud solutions that will allow you to communicate, collaborate and stay up-to-date, no matter where your business takes you.

Contact us at:
200 W. Madison St
STE 940
Chicago, IL 60606
312-361-3326

info@lpartnersinc.com
www.lpartnersinc.com