Are Healthcare Business Associates Ready for Coronavirus?

Our healthcare system is geared up and activating plans to address the potential impact of coronavirus.   Providers are training staff, implementing infection controls and preparing  for  increased patient loads.   But if you are a business associate providing services to those providers, what do you need to do?


Remember that while the Coronavirus is getting lots of attention and the media is desperate to ‘find the victims’, it’s still protected health information. While information on patients with coronavirus can legally be provided to public health authorities, it cannot be legally provided to news media, co-workers, friends or other curious people.  Make sure any release of information follows both your agreement with the provider and the HIPAA regulations.


What if your employees can’t come to the office? Does that expose you to risks you haven’t considered? If you haven’t done a teleworking risk assessment, consider performing one to make sure you have adequate controls.  Common risks include:

  • Access to your device and possibly your network by employees’ family members or friends
    • Lost or stolen devices with access to protected health information
    • Interception of confidential data due to insecure connections between the teleworking device and your network

In addition, if you have employees teleworking who normally work in the office, how will vendors and customers get in touch with them? Can you forward your phone system to cell phones? Do you know how to get in touch with your vendors and customers if they also move to a teleworking model? 

Most organizations have addressed these controls with personnel who normally telework, but what if your entire workforce has to work remotely? Now is the time to make sure that ANY employee who may be working remotely has a secure connection and understands how to protect their device. If you have devices that are not encrypted or covered by a device management program, now is the time to correct that before your employee is on a two-week quarantine.   

Business Continuity

Review your business continuity recovery time objectives to determine if you have an issue related to equipment, and you are able to meet your recovery goals. Experts have predicted that due to the extensive quarantine and business shutdown in China, high tech shortages are very likely.  For example, both Apple and AT&T have already warned investors that they are experiencing shortages of some products. [1] 

This is also a great time to update your business impact analysis to identify your key personnel, key dependencies and critical applications. What does your staff need to keep these key areas functioning if they can’t get to the office? Do you have the necessary spare parts to address any equipment issues that could impact your operations? If you are relying on a vendor to provide that service, have you reached out to them to confirm they are prepared for potential disruptions to their supply chain?

Spending some time on preparation now can assist you not only with this event but in dealing with any future events that impact your operations. 

If you’d like more information, please contact us at


Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.