As unfortunate as it is, there are bad guys out there taking advantage of the pandemic currently gripping our nation. Whether it be people posing to be from the government and calling to get bank account information for direct deposit of the stimulus checks, people offering home COVID-19 test kits, or bogus emails allegedly from the CDC or the World Health Organization, there are people who are evil enough to take advantage of the fear many people are experiencing.
While the Office for Civil Rights has announced it will be exercising enforcement discretion for impermissible disclosures that might happen as the result of having to deliver health care services in a new way, that does not mean we should let our guard down. In these unprecedented times staff members may be more stressed than normal and, as a result, may not take the time to really consider their actions in terms of how they are impacted by HIPAA. Now is the time to shore up the IT system to ensure the proper safeguards are in place. In addition, a bit of extra training on the perils of phishing emails might be a good idea. It only takes one employee to open the door to the bad guys by clicking on one link in one email. Once that happens, it really doesn’t matter how strong the IT system may be because the employee gave the bad guys the “keys to the kingdom” by clicking on the phishing email link.
Train people at every level of the organization when to be suspicious, what to look for in a potential phishing email and continue to emphasize they should never click on a link unless they are completely certain the email is legitimate. In this very stressful time, encourage staff, especially those front line folks who are in the thick of providing services, to take a moment to consider each and every email they receive to make sure they are not opening the door for the bad guys.