Hybrid Work: Clinical Faculty and Staff Working in the Covered Entity

Updated July 1, 2021

The following tips, services, and support are available for Yale School of Medicine Faculty and Staff working in the Covered Entity. 

Hybrid Work in the Covered Entity

According to the Health Insurance Portability and Accountability Act, Covered Entity means an entity that is subject to HIPAA. Yale University is the Covered Entity for HIPAA compliance purposes. Because Yale is a Hybrid Entity, only Yale’s designated Covered Components are subject to HIPAA requirements. Please consult the University’s minimum security standards, to ensure that data has the appropriate level of security for the data they use. HIPAA requirements remain in place for those working in the Covered Entity, including the present coronavirus (COVID-19) emergency.

Telehealth visits should be conducted whenever possible using MyChart. In cases where MyChart cannot be used, Zoom may be used as long as other Yale Privacy, Security, and Consent policies are followed. For more information contact ymtelehealth@yale.edu.

The Designated Covered Components include the School of Medicine Clinical Departments, Yale Medicine, YCCI, the School of Nursing, Yale Health and the Department of Psychology. 

The following YSM departments are not designated Covered Entity components: The School of Public Health, the Animal Resources Center, and the basic science departments: Cell Biology, Cellular and Molecular Physiology, Comparative Medicine, History of Medicine, Immunobiology, Microbial Pathogenesis, Molecular Biophysics & Biochemistry, Neurobiology, and Pharmacology.

Telephone and Voicemail
Please be sure to adjust your voicemail if you are working at home and check your voicemail frequently (e.g., every 15-30 minutes). We suggest also to include your email address in the actual voicemail message. 

If a university phone line is forwarded to a personal cell phone, and staff are interacting with patients or discussing PHI needs, staff are required to follow minimum security standards to protect patient privacy. 

Devices and Printers

Printers
Printing at home is not permitted under any circumstance; if your role requires you to print university data, you may be considered an essential employee and thus need to work onsite—talk to your supervisor.

VPN Service:

  • Not required for Zoom, Canvas, Workday, Office 365, Eli Apps, and Software Library.
  • Is required for Banner Student Systems, Citrix (Epic) from managed workstations, Yale Budget Tool (YBT), and Hopper.

Devices
Please work with your supervisor to determine which of the following options best applies to you if working from home.

Option #1: Yale-Issued Laptop (Preferred Method)
If you have been assigned a university managed laptop you will, with the already installed VPN, be able to get to any application you can access from your office and networked file shares. 

Review guidance for using the VPN. If you haven’t already, please fill out the required form with your supervisor.

Option #2: Personal Device (Laptop/Desktop)
You are permitted to access Workday, Outlook Web Access, and Epic without the VPN. You may, due to a policy exception during the COVID-19 pandemic, access applications using the VPN (instructions below). You should not save any documents, emails, spreadsheets to your personal device.

To access Epic:  

  1. Open your web browser and navigate to MyApps, where you will be greeted with the login screen. Enter your YNHHS username and password and click “Log On”.
  2. If you do not have Citrix installed on your personally owned computer already, you will be prompted to install the Citrix client. Do this by checking the box on the prompt then clicking “Install”.
  3. If Citrix is already installed, you may receive a prompt to open the Citrix Receiver. Proceed by clicking the button reading “Open URL: Citrix Receiver”.
  4. From this point you can access Epic via the “Apps” button.

To access Yale email

  1. You must access Outlook Web Access from your browser.
  2. Please use the Epic In Basket for patient-related communications rather than your university email.

Additional Security Expectations for Personal Devices that access University & YNHHS services include that you are expected to:

  • be running anti-virus software with up-to-date definitions;
  • have an operating system that is actively receiving security patches (Windows XP and Windows 7 do not qualify);
  • have a fully encrypted local hard drive;
  • all software, including web browsers, fully patched; and
  • no Yale data saved or printed locally.

Note: If your personally owned device is not aligned with these guidelines, ITS will work with you and your department to bring your home environment into alignment. You may, in the meantime, continue to use MyApps and Outlook Web Access.

Option #3: University Desktop (Most Difficult Method)
Please ensure you have collected the serial and model number of the workstation base unit and monitor. For support with tracking this information, request a Remote Work Equipment Checklist form from your supervisor. Supervisors can receive it from their Human Resources Generalist (HRG).

Before taking systems home, you and your supervisor must consult with your department’s DSP to ensure that you:

  • pre-load any needed software (e.g., AnyConnect VPN, Zoom, USB WiFi drivers) that will require admin privileges to install; and
  • have a plan for how to connect your workstation to your broadband service’s router. If your home work space is close enough, you can use a standard Ethernet cable to connect the desktop workstation to the broadband router. If it is not close enough, you should work with your DSP to obtain a USB WiFi adapter, which will require installing necessary drivers;
  • have the necessary broadband service that will allow you to connect over the internet from home; set the internet address to use dynamic addressing (DHCP). 
     

Hybrid Work Tips

  • Practice connecting to the services you will need
  • Ensure that you can connect with your team (e.g., using shared calendars)
  • Check to be sure your software is up to date
  • Confirm that you can remotely access your desk phone voicemail
  • Download necessary software on laptops, desktops, and mobile devices (managed workstations may not require additional software for remote work)
  • Update contact information in Workday, including your cell phone number, if applicable
  • If it is time for your annual password change, review IT’s guidance on NetID and Password Management  and reset your password
  • Be sure to pack your laptop A/C adapter (and any other adapters or peripherals you will need) 
     

Frequently Used Services or Resources

Box@Yale
Share files using this cloud-based file sharing and storage work space. Note: Only Secure Box@Yale is approved for High Risk data (ePHI).

Epic / MyApps Portal (YNHHS) 
Launch Epic in one of two ways:

Note: Please use the Epic In Basket for patient-related communications rather than your university email.

Multifactor Authentication (MFA-Duo)
Obtain off-campus access to Yale’s network and other resources, including Yale’s Central Authentication System (CAS). MFA-Duo recommends using a registered mobile device to securely access Yale resources from home.

MyApps Portal (YNHHS)
(Used for non-managed workstations)

Access select Epic environments via the internet

Outlook Web Access - Email 
Send emails and update your calendar using Outlook Web Access. 

Note: Please use the Epic In Basket for patient-related communications rather than your university email.

Virtual Private Network (VPN) 
Securely access Yale’s restricted services and resources on the University or Yale New Haven Health System (YNHHS) network from a non-Yale internet source using VPN. Connect online by visiting access.yale.edu or via downloaded AnyConnect software; start AnyConnect each time you wish to use  restricted Yale resources.

VPN is required to access secure sites off-campus (requiring NetID and password authentication), such as the Banner Student Systems, Citrix (Epic) from managed workstations, Yale Budget Tool (YBT), and Hopper. VPN is not required for Zoom, Canvas, Workday, O365, Eli Apps, and Software Library. Disconnect from VPN when you are no longer using restricted Yale resources. 

Workday (Including Time and Absence)
Yale’s unified system for managing human resources, payroll, and finance operations. 

Access Workday

Zoom Audio and Video Conferencing
Zoom allows you to host scheduled and on-demand audio and video conferences, at all hours of the day (24/7). Connect via a local Yale phone number or via the Zoom application.