A 2023 report found that hackers breached more than 133 million healthcare records. Many of those incidents were tied to remote work. In such cases, protected health information (PHI) may end up on personal devices, in shared homes or in public spaces. For hospice operation managers, this shift introduces real compliance risk. HIPAA violations often begin with daily routines your staff may not think twice about.
Common HIPAA risks in remote operations
Compliance policies in hospice care are often built around in-office environments, where security controls are easier to manage. When staff work remotely, even part-time, those safeguards may break down outside the office. The change in setting creates new points of exposure that are harder to monitor, including:
- Using unsecured home networks: Most home Wi-Fi lacks enterprise-level encryption. Hackers can easily access PHI without proper protections in place.
- Relying on unprotected devices: Laptops or tablets without passwords, screen locks or timeouts may leave patient data accessible to others at home.
- Working from multiple locations: Using personal devices across homes, public networks or shared spaces weakens security. This inconsistency leads to increased risk.
- Taking sensitive calls in shared spaces: Conversations about patient information, even when casual, can be overheard. HIPAA still considers that a potential exposure.
Without proper safeguards, even routine tasks such as checking records or making calls can lead to violations. Regulators can still treat those lapses as breaches, regardless of where the work occurred.
Remote work requires stronger security
HIPAA does not change based on location. If your team mishandles PHI remotely, your organization remains responsible. That is why hospice teams need clear, consistent privacy rules. Compliance does not stop at the office door. It depends on how clearly you define, communicate and enforce your remote policies.