Under the federal 21st Century Cures Act, all Medicaid-reimbursed home care providers across the United States will be required to utilize electronic visit verification (EVV) in home care visits as of January 1st, 2019. EVV is a specific type of technology that a caregiver can use during a home visit, such as a mobile app, that can capture information about the visit, including the times that the visit began and ended. The federal government believes that by issuing a mandatory EVV, they can reduce fraud and abuse rates with home health care providers.
This new regulation will push home health care providers, hospice and others organizations to use more mobile devices as part of their services. With this increased use of mobile devices comes concerns over the security of the devices and applications. One the greatest concerns, of course, is regarding end-to-end HIPAA (Health Insurance Portability and Accountability Act) compliance. These security concerns are indeed valid, according to the Department of Health and Human Services’ Office for Civil Rights (OCR). Data from the OCR suggests that mobile devices are commonly involved in data breaches, and between January 2015 and the end of October 2017, a total of 71 data breaches involving mobile devices had been reported to the OCR.
Managing Mobile Data Risks
Home health care providers will need to carefully examine how their use of an EVV will open them up to increased cyber risk and focus some of their attention on mitigating those risks. Here are some strategies that home health care providers should consider:
- Reduce financial risk through a cybersecurity insurance policy which would cover legal fees, privacy regulatory fines & penalties, data recovery and more – even in the event of internal negligence and mistakes on the part of employees.
- Log any and all mobile devices that are used for services as well as the type of information being accessed, stored and/or sent using the devices.
- Implement policies and procedures regarding the use of mobile devices in the workplace such as not using their personal devices for work-related purposes and prohibiting the downloading of third-party apps on work devices.
- Ensure that staff receive basic cybersecurity training.
- Review passwords and permissions, ensuring that all patient information is password protected and that any mobile apps have the minimum permissions required.
- Implement two-factor or multi-factor authentication whenever possible.
- Regularly update security programs and software on all devices.
About Connected Risk Solutions
At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.