Many professions were forced to abruptly shift to and adopt remote workspaces to be able to safely operate during the pandemic. Many physicians, real estate brokers, psychologists, and other licensed professionals who normally operated solely in person, have suddenly found themselves in a wholly foreign environment – likely their own spare room, interacting with clients and patients through a computer or phone. Certainly, many professionals have adapted to this method of practice over the last year, and some have even embraced it, or prefer it over pre-pandemic practices; however, a daunting oversight for many is the mere fact of cybersecurity. For many of these licensed professionals, client confidentiality and information protection, including HIPAA-aligned protocols, are legally required to operate. For a variety of reasons, including the necessity to suddenly shift to remote work, some professionals may not even realize that they are vulnerable to attack and that their patient/client information could be compromised at any moment.
For most of the licensed professionals listed above (and many who are not listed), patient/client confidentiality and privacy are an integral part of their practice. In addition to the requirement to follow HIPAA, it could also be the policy of the professional to contractually, and ethically, ensure confidentiality and privacy. Practicing from home greatly alters the ability to invoke the same standards that are possible in a private office space. A home office space may include visits from partners, children, roommates, or a variety of other possible visitors, and a closed door does not do much for privacy in the same way that a dedicated office space does. Licensed professionals must conscientiously think about the ways in which these conditions can affect the experience of their patient/client and agree upon a policy with those in their home office space to respect and follow client privacy policies.
Unless the home office was prepared in advance and made to mimic the kinds of resources available to the public office space, it is likely that the same types of cybersecurity programs are not in place. There have been reports of “smart” devices recording sound without the consent of the user, which could result in storage of private personal data, and criminals could access this information. Even though it is not the fault of the professional, it is ultimately their responsibility to protect their clientele through all routes possible.
There are various programs and methods one can utilize to ensure that their home office and their work can proceed with the same levels of expertise as their public office. It is never too late to review these policies and practices, and to rectify any deficiencies so that moving forward, all parties are more protected.
Williams & Nickl has represented thousands of licensed professionals and their licensed business entities who face issues with IDFPR. If you find yourself in such a situation, Williams & Nickl can provide the help you need.