AHA and AMA Release Joint Cybersecurity Guidance for Telecommuting Physicians
The American Medical Association (AMA) and the American Hospital Association (AHA) have issued joint cybersecurity guidance for physicians working from home due to the COVID-19 pandemic to help them secure their computers, mobile devices, and home networks and safely provide remote care to patients.
Physicians are able to use their mobile devices to access patients’ medical records over the internet as if they were in the office, and medical teleconferencing solutions allow them to conduct virtual visits using video, audio, and text to diagnose and treat patients. However, working from home introduces risks that can jeopardize the privacy and security of patient data.
The AMA/AHA guidance is intended to help physicians secure their home computers and home network to protect patient data and keep their work environment safe from cyber threats such as malware and ransomware, which could have a negative impact on patent safety and well-being.
“For physicians helping patients from their homes and using personal computers and mobile devices, the AMA and AHA have moved quickly to provide a resource with important steps to help keep a home office as resilient to viruses, malware and hackers as a medical practice or hospital,” explained AMA President. Patrice A. Harris.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The guidance includes a checklist for computers, which lists several actions that should be taken to strengthen security and reduce susceptibility to threats such as phishing, malware, and ransomware. The guidance also provides a set of best practices to follow, such as the use of multi-factor authentication, lockout features for accounts, additional verbal authentication procedures, and regularly backing up data.
The AMA and AHA recommend the use of virtual private networks (VPNs) when accessing EHRs and other data repositories and suggest physicians should contact their EHR vendors to obtain recommendations on the use of VPNs and cloud-based technologies to improve security.
The guidance also covers mobile and tablet security and provides a similar checklist for securing those devices. THE AMA and AHA suggest physicians can use applications on mobile devices and tablets to connect to the office to order medications and tests. Apps such as TigerTouch can also be used on these devices to allow physicians to provide telemedicine services to patients. These apps also fully integrate with EHRs.
In addition to securing devices, steps should be taken to strengthen security for home networks. Vulnerabilities in home networks could be exploited to compromise any device that connects to the network, which could give an attacker access to patient data. The guidance also explains how to work with medical devices and identify and mitigate cyber risks.
The guidance on working from home during the COVID-19 pandemic can viewed on this link.
