Ensuring Remote Coding
By Angie Comfort, RHIT, CCS
MORE AND MORE HIM department managers are turning to remote coding. However, before implementing this staffing model, managers must answer several questions regarding the privacy and security of patient information, including: x What are the compliance risks? x How will privacy and security be achieved? x How will the remote employee be held accountable for the security of patient health information? Remote coding can create serious compliance risks because the organization loses significant control over its privacy and security practices. Some areas for concern are insufficient security of medical records and inadequate destruction of patient
Organizations must maintain strict policies and procedures
for remote coding, and remote coders must acknowledge them
before being allowed to work remotely. In addition organizations should create a security checklist, telecommuting agreement, and confidentiality statements for remote coders and
conduct an annual review of the code of conduct.
Remote Coding Policies and Documents
One of the first things an organization should do before implementing a remote coding program is create a remote coding/
telecommuting policy. The policy should include everything
from who coders should call for equipment issues to what
should happen if they need to report a compliance issue.
When putting the program together, it is important to lay out
all the rules and guidelines that remote coders need to follow.
Organizations should also ensure that coders are aware of and
understand all aspects pertaining to remote access and everything that will be required of them as remote coders.
In addition, the HIM manager should work with the information systems manager to make certain all areas from a system
perspective are covered and create a security checklist to ensure
privacy and security compliance. The checklist should cover the
organization’s policies and guidelines pertaining to remote coding and access, identification and authorization, access control,
auditing, integrity, physical security, security administration,
education, awareness, and enforcement.
The checklist should address the following questions:
x Is a remote access security policy in place?
x Are there automatic time-out or lock-screen capabilities
on the remote site equipment to control access during pe-
riods of nonuse?
x Are user sign-ons restricted to a single remote connection
to the organizational network?
x Do audit trails follow remote users as if they were inside
the physical organization?
x Is there a clear process for returning organization-owned
equipment upon an employee’s termination?
A remote coding agreement is another key element for maintaining remote coding compliance. It should contain statements
to ensure that the coder knows what the organization expects
from the employee in the remote coder role.
The employee and manager should sign the agreement to attest that each party understands the document. It may be ap-