When buying a computer to work remotely, shoppers are still faced with the bevy of choices that can make the purchase experience seem a bit bewildering at times. Thankfully with the advent of consumer feedback through online reviews and the incredibly competitive nature of the computer manufacturing process, it is really difficult to buy a bad computer today.
Even better for users is the peace of mind that almost all computers being sold today are more than capable of performing the tasks of working remotely for abstractors, with the exceptions being only Chromebooks and the smaller Netbooks that were popular several years ago. The only concern left in purchasing a new computer is making sure it’s set up correctly for the work they intend to do.
In fact, setting up a computer to work in any capacity with electronic Protected Health Information (ePHI) is so important that Registry Partners, Incorporated requires the process to be checked by a staff member of the I.T. Department. Some items we check for, and ones that are good practice for your own knowledge, include the following:
- Making sure all Windows Updates are applied to the computer, so there aren’t any potential vulnerabilities in the operating system or installed software. Also, check to be sure the software installed is still actively supported by its developer to rely on future updates if a security flaw is found.
- A good, reputable anti-virus program is installed and up to date. Also, the user understands what timeframe they have for an active subscription, if any.
- An encrypted area on the hard drive where PHI can be stored or used. The Final Rule of HIPAA, released in 2013, is very clear the only safe harbors for ePHI are encryption and deletion. Password protection is not enough to satisfy the Final Rule’s requirements.
- The computer’s email program has a means for encrypting certain emails to be sent with ePHI included in the email communication. If no encryption method is used on that particular computer, then alternative means of transmitting ePHI securely should be taught to the user such as through encrypted Virtual Private Networks (VPNs).
- Removing some of the pre-installed software that comes with most computers sold in the United States today, often referred to as bloatware. This is software that is seen as bloating the computer for no advantage to the user, and it can often contain software that leeches data. The worst case of this to date was Lenovo’s Superfish software, installed on computers sold in early 2015, that was considered by many to be malware.
There are a number of other minor, but very technical, items or settings that I.T. staff can do to make sure a computer stays as safe as possible when connecting to the Internet as well as protecting ePHI that may reside on the machine. Even if a user doesn’t know what questions to ask, simply telling an I.T. professional that ePHI may reside on the computer should spark a mental checklist with the technician. It’s always easier to lock down the data that will be on the computer before a laptop goes missing than afterwards!
Contributing Author: Chris Robertson, Registry Partners Incorporated Security Analyst