The onset of the COVID-19 pandemic has driven the healthcare industry through several simultaneous changes and challenges. Record patient levels, hospital staff shortages, remote work, and HIPAA exemptions have all made appearances at one point or another. Healthcare organization CEOs and other management figures have dealt with many of these situations on the fly, without much warning. As we progress through 2022 and beyond, what should the industry expect from a change perspective? Continue reading to find out how you can stay ahead of the curve!
Healthcare Staff Shortages
Healthcare staff shortages have been a problem, across North America, for years. Even before COVID-19, it was common for the influx of patients during flu season to outnumber the available staff to care for them in many settings. This combined with staff who were off sick themselves compounded an already difficult situation.
Citing data from the U.S. Bureau of Labor Statistics, this CBS article notes that approximately 400,000 healthcare workers have exited the field since the beginning of COVID-19. You might be wondering - why is there a shortage of healthcare workers? The root cause is attributed to burnout, but it can also be related to other personal reasons.
How can staffing issues in healthcare be solved? The answer is not immediately clear. Schools and healthcare organizations have reverted to financial incentives for current and future staff. We can see a few of these instances in examples provided by the American Hospital Association:
- In the state of Pennsylvania, the Geisinger Commonwealth School of Medicine is providing $40,000 of yearly financial support for up to 175 employees who want to get into a nursing career. This includes a five-year work commitment as an inpatient nurse.
- In the state of Maine, Northern Light Maine Coast Hospital is accepting financial support from the local community to underwrite program costs associated with training future nurses and medical assistants.
More measures like the ones above and strategic thinking outside the box may be needed to ease the impact of the hospital staff shortages and other staffing issues in healthcare many organizations are experiencing.
HIPAA Compliance Working From Home
Whether out of necessity or a desire for new scenery, employees across many industries have embraced fully remote and hybrid work arrangements in recent times. It may sound like a complicated task for those in healthcare, but with the right technology and HIPAA telecommuting policy, it is very much possible.
So, how can healthcare organizations support the demands of a workforce that has become comfortable telecommuting while maintaining HIPAA compliance working from home? One of the best ways to remain compliant is by using approved software to communicate with patients and others in the field. Approved in this sense, refers to secure. Microsoft Teams, Zoom and Skype are great, collaborative, work from home tools, but they are often not secure enough to meet HIPAA standards. On the surface, programs utilized from home should possess the following characteristics:
- Offer end-to-end encryption
- Ensure there is a Business Associate Agreement (BAA) in place
- Ask the product manufacturer about their access and auditing processes. As a provider, you'll always want to be able to know who has accessed personal health information (PHI) and when
Other tips for a HIPAA compliant home office:
- Encrypt wireless routers using WPA2-AES. Ensure your routers are also equipped with strong passwords to further avoid a hack
- IT professionals should encrypt disk drives
- Promote the use of two factor authentication
- Ensure the installation of antivirus and anti-malware for end-to-end device protection
- Make the use of a VPN mandatory to access company resources. Take it a step further by requiring it for Internet usage
- Encrypt all PHI before sending
- Use an encrypted email client
- IT professionals should configure all personal devices that are used for work purposes to ensure they do not pose a threat to the company network
For a more in-depth look at HIPAA-compliant workforces, check out this guide.
CEOs Worry About Cybersecurity Concerns
In today's hyper-connected world, cybercriminals are always looking, and often finding, new ways to expose unsuspecting victims. The advancement of mobile technology and hybrid work arrangements have created further entry points for exposure. When it comes to healthcare organizations, the stakes are higher. Loss of PHI in the United States can result in large fines administered by the Department of Health and Human Services as well as public backlash and distrust. Depending on the scale of a breach and the circumstances around it, CEOs can also face jail time. It is easy to see why cybersecurity can make even the most seasoned of CEOs worry. It can tear down an organization right before one's eyes.
Case Study: Broward Health, Fort Lauderdale, FL
On January 12th, 2022, Broward Health was served with a class-action lawsuit by a patient who had their PHI stolen during a cyberattack. The healthcare organization notified 1.35 million patients that their data may have been compromised - a loss of mass proportions.
The cybercriminals made off with a host of information including addresses, banking information, social security numbers, medical history and more. If the class-action lawsuit prevails, it could present a financially damaging situation for the healthcare organization in question. However, many could argue that significant damage was already done in the form of public distrust.
What to Watch for?
Outside of antivirus programs, the best way to maintain the security of PHI and abide by HIPAA standards, is to conduct regular employee training on cybersecurity. Oftentimes, cybercriminals gain access to a network through unsuspecting employees who do not know what to look for.
Phishing is one of the greatest threats to most organizations that use email as a form of communication. Emails may look authentic, but looking into small details, such as message urgency, link redirects, and spelling errors can thwart an attack before it occurs.
Read more: Keep your guard up and learn about other Top Cybersecurity Threats to Healthcare in 2022
Patients Want More Telehealth
Much like employees who want to work remotely, many healthcare patients have grown to enjoy the convenience of telehealth services. A service that mainly benefitted those living in rural communities, telehealth gathered much popularity among the masses during the COVID-19 pandemic. With businesses closing their doors, it was often the only way that some could seek medical attention. Though inflated during the pandemic, demand for telehealth technology is still strong. According to numbers from the Telehealth Global Market Report 2022, conducted by Reportlinker.com and shared through GlobalNewswire, the market expects to reach $271.69 billion in 2026 at a compound annual growth rate (CAGR) of 27.6%. In this case, the telehealth market refers to the sales of telehealth services to providers.
Although telehealth is a convenient practice, it is not without its challenges. Gone are physical waiting rooms and in-person front-desk staff. Enter virtual waiting rooms, chatbots driven by artificial intelligence, and video capability. Healthcare providers that quickly pivoted to telehealth services at the start of the COVID-19 pandemic may be able to attest to tech challenges and missing functionality that dragged on for months. Furthermore, ensuring HIPAA compliance throughout the process is another challenge altogether. Simply deciding to start a telehealth practice is not as simple as texting your patients via SMS or video chatting them through Microsoft Teams - unless you plan to violate HIPAA! Telehealth technology is built with strong encryption capabilities that everyday consumer products cannot match. There are platforms available that can act as an all-in-one solution for telehealth - virtual waiting rooms, chat boxes, and video capability combined. The idea of at-home care can be comfortable and convenient, though it is far from simple when the forms of technology involved can be easily breached by cybercriminals. This is especially true when working on a home router, which is not always as secure as those set up by IT professionals in an office or other professional landscape.
Learn how you can create a HIPAA-compliant patient customer service center with Giva's Telehealth & Telemedicine Support Software
Still unfamiliar on the benefits of telehealth? What are you waiting for! Check out the Top 3 Advantages of Telehealth/Telemedicine for Patients & Providers
The Bottom Line: Embrace the Changing Landscape with Caution
The COVID-19 pandemic has forever changed the way people work and seek services. Much of this is driven by work-from-home trends and the expanded use of technologies. Although it may seem convenient - and most of the time, it is - there are risks. Cybercriminals are moving quickly to capitalize on vulnerabilities in new technologies. Whether it be a video chatting platform like Zoom or medical components like pacemakers, there are few areas yet to be uncovered. In healthcare, remaining relatively safe from hackers and subsequent HIPAA fines can involve regular training to keep up with current threats, especially phishing, securing personal networks, and familiarizing yourself with federal regulations. Cybercriminals have identified vulnerabilities new and old in healthcare, and it is your job to avoid them to protect PHI, reputations, and bottom lines.