As workplaces begin to re-open, organizations are looking to return their employees to their office work environments.

The Health Insurance Portability and Accountability Act (HIPAA) stipulates that employees are responsible for protecting the privacy of protected health information (PHI) at all times. This means employers must continually review and modify their security measures to ensure data safety, no matter the work environment.

How to Secure PHI When Returning to Normal Operations

As it was important to maintain compliance while moving your workforce to home or virtual environments during the crisis, so too is it important to do so when returning to normal operations.

Here are three things to remember for HIPAA compliance when returning to normal operations:

  1. Clear home workspace of all materials:
    • Take all files and notes to the office. Be sure to check file drawers as well.
    • Make sure the thumb drive you stored files on didn’t find its way to your kitchen junk drawer or change bowl.
  2. Return equipment to normal:
    • Double-check that all loaned or borrowed company-owned equipment has been returned to the company.
    • Make sure all data is properly stored on your company’s storage system; rather than on the employee’s laptop used at home.
    • Ensure the latest software updates and patches have been applied.
  3. Security awareness reminder:
    • Remind your staff of the proper security and privacy procedures when in the office.
    • Educate staff on any new or changed practices to be implemented.

Watch our webinar on-demand to learn practical tips to inoculate your remote workforce against malware, phishing, and other attacks that are harmful to your entire corporate network.

Securing Patient Data

The Privacy Rule requires covered entities to take reasonable steps to limit the use or disclosure of, and requests for, PHI to the minimum amount necessary to accomplish the intended goal. This provision requires a covered entity to develop and implement policies and procedures appropriate to reflect compliance with the entity’s business practices and workforce.

Healthcare providers and business associates should do their utmost to protect patient data during the entire lifespan of the crisis, and, even when authorized, should share the minimum possible amount of data required for a purpose, with the exception of treatment.


Understanding HIPAA compliance following the Covid-19 outbreak can be difficult. We can help you when returning to normal operations with Avertium's HIPAA Certification Program. Our team of healthcare security experts stands ready to answer your questions.

With Avertium, you get more rigor, more relevance, and more responsiveness. Don’t just comply, download our guide to HIPAA compliance today and show no weakness.

Chat With One of Our Experts




COVID-19 Tips & Tools healthcare HIPAA Compliance HIPAA GRC Government, risk, and compliance Blog