Articles and Events

Maintaining Client Data Privacy and Security While Working from Home

 

In an effort to slow the spread of COVID-19, many employers are currently encouraging or requiring employees to work from home, some for the first time. With other concerns and challenges clamoring for attention, data privacy and security policies and procedures may not be a top priority. However, a shift to remote work can provide an opportunity for organizations and individuals to review and update how they approach client data privacy and security in remote environments. 

Whether you’re in the process of developing policies and procedures or looking for guidance on ensuring you’re personally doing everything you can to keep client data safe, we’d like to recommend a few tips for maintaining client data security and privacy when working from home.  

Note:

  • Your employer, HMIS administrator, and/or Continuum of Care may have specific regulations around data privacy and security, including the prohibition of accessing HMIS from home. Please review any existing policies first. 
  • Continuums of Care and System Administrators should review the 2004 HMIS Data and Technical Standards Final Notice for federal guidelines on data privacy and security in HMIS.

Use two-factor authentication.

Two-factor authentication (2FA) is a form of multi-factor authentication intended to confirm a user’s identity by adding a second level of user identity confirmation during log-in.

There are two options for using two-factor authentication in Clarity Human Services:

  • Use an authenticator app. ​Download an authenticator app, such as Google Authenticator or Microsoft Authenticator, to your mobile device. The app will prompt you to scan a QR code that displays in Clarity Human Services. 
  • Email code.​ A code will be emailed to the email address associated with your account in Clarity Human Services, which you’ll manually enter when logging in. 

Note: two-factor authentication is configured at the system level in Clarity Human Services. If you’re unsure if two-factor authentication is enabled in your system, please check with your local system administrator. For more information about using 2FA, see the “Getting Started” Help Center article.

 

 Pay attention to your surroundings.

A remote work environment can pose new opportunities for unauthorized individuals to view sensitive client data displayed on a device screen. The following measures can be taken to help prevent unauthorized viewing:

  • Establish policies for when it’s appropriate to share screens and what type of data can be shared. ​Although there are times it might be helpful to display client data in a shared screen (electronic signatures, assessments, etc.), displaying certain portions of a client record or report may expose private data the viewer is unauthorized to see. 
  • Consider privacy screens​. If appropriate, you can buy privacy screens that prevent viewing from side angles ​for most major devices.

Don’t put your family in the position of protecting your work.

If you’re using a computer or mobile device that could be used by other household members, set up a password-protected account on the computer for your work. Trusting your family not to look at your work does not meet any reasonable standard of privacy protection. You must ensure that they couldn’t if they wanted to.

Make sure your computer’s antivirus software is up to date.

Ensure the device you’re accessing client data from is protected and reputable antivirus software and that the software is current on all updates. 

Check your router password.

If your router has a simple password, change it to a more secure, strong password – at least 12 characters with a combination of numbers, lower-case and upper-case letters, and special characters. Do not store it in a place where others can see it without asking.

Avoid downloading client data.

If you need to download client data, avoid downloading data sets that include personally identifying information (PII). If you have access, data sets can be customized to exclude this information using Data Analysis. If you’re unable to download data without including PII, delete client names from the data as soon as you download it. Remember to delete files that you no longer need regularly and empty your Trash.  

Watch for scams.

Be vigilant about scrutinizing email, text messages, and social media links before opening. Make sure anyone else using your computer or home network is also aware of the heightened risk.

Most email applications allow you to see the actual full email address of the sender rather than a name without opening the message – often by hovering over the name. Make sure the message is coming from the correct email address. If the sender's email address or subject line is in any way suspicious, delete the message without opening it. If it seems important, contact the sender by some other method to see if they really sent it. Never follow instructions in a message to go to a website, follow a link, or send a reply without verifying it’s legitimate.

Don’t send client data by email unless you can encrypt it. 

Encrypting tools like Flowcrypt create an additional layer of encryption when sending sensitive data. The staff inbox in Clarity Human Services is another option for securely sharing client information.  

Secure paper documents.

If you have printed documents containing client PII, be sure to keep them in a secure place where other household members or guests cannot see them. Ideally, this should be in a locked cabinet, drawer, or briefcase. When no longer needed, ensure documents are shredded or otherwise destroyed.

Paper documents can also be scanned and uploaded to the client record using Files.  

Secure the connection.

Connecting to the internet via an unsecured network may expose client data Here are a few resources published by major internet providers on securing your wireless network:  

Store passwords securely. 

Passwords written down or stored locally on a laptop, phone, or other device are vulnerable to being discovered. Use a password manager like Lastpass with two-factor authentication. 

Further Reading...

If you find yourself working from home, check out the article Bitfocus recently published on the benefits of remote work. 

Need more help?

Have questions about any of the Clarity Human Services tools we mentioned above? Reach out to our friendly Technical Support team for answers. You can reach them by email, chat (the Help icon in the lower right-hand corner), or phone (800-594-9854), 5am-5pm PT.

Want to chat about topics that go beyond specific Clarity Human Services functionality, such as:

  • Best practices and how to configure your system to meet your specific needs
  • Community planning, communication, and training when implementing a mitigation plan
  • What to do when you have lots of ideas but no staff to implement 

The Bitfocus Professional Services team is ready to help: We are a team of experts who work with communities across the country to help make their plans a reality. Whether you need help planning, need more staff resources, or just want to explore options, reach out to your BFF for more information about how we can help.

Not sure what you need but know you need something? Contact Technical Support and they’ll route you to the right resources.