Joint Cybersecurity Guidance for Telecommuting Physicians Issued by AHA and AMA

The American Hospital Association (AHA) and the American Medical Association (AMA) have made a joint cybersecurity guidance for work at home doctors during the COVID-19 outbreak so that they would be guided in keeping their computers, mobile devices, and home networks secure as they provide remote care to patients.

Doctors can use their mobile devices in accessing patient medical records online just as what they do in the clinic. The audio, video and text messaging of teleconferencing platforms can be used for virtual consultations to examine and treat patients. But there are risks to patient data privacy and security when working from home.

The AMA/AHA guidance is supposed to assist doctors safeguard their home computers and network and protect patient information and their work environment from cyber threats such as malware and ransomware that can adversely impact patent health and safety. It gives crucial steps to make sure the resilience of a home office against infections, malware and threat actors.

The guidance includes a checklist for computer systems that specifies a variety of steps necessary to strengthen security and minimize vulnerability to threats such as phishing, malware and ransomware. The guidance furthermore provides a number of best practices to follow, which include using account lockout feature, multi-factor authentication, extra verbal authentication procedures, and constant back up of records.

The AMA and AHA recommend utilizing virtual private networks (VPNs) when accessing EHRs and other information databases. Doctors should connect with their EHR vendors to advice on utilizing VPNs and cloud-based technologies to improve security.

The guidance also details the security of mobile devices and tablets and gives a comparable checklist for making those devices safe. The AMA and AHA tell physicians to utilize applications on mobile devices and tablets to link to the office to protect medicines and assessments. Apps such as TigerTouch could also be used on these devices to make it possible for doctors to provide telemedicine counseling to patients. These apps also fully merge with EHRs.

Apart from securing devices, doctors have to boost the safety of their home networks. Vulnerable home systems could be exploited and devices connecting to the network could be compromised giving an attacker access to patient data. The guidance also specifies the proper use of medical equipment and identify to prevent cyber threats.

The guidance on working from home during the COVID-19 pandemic is available on this page.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at