Originally Posted by
evergrn
Yes, my work in healthcare deals with PHI (protected health info). But I'm not aware that there have been any recent changes to HIPAA rules as far as what we are talking about here. So if there are now more red tapes remoting into work during vacation or there's seemingly more privacy infringement against me now as opposed to 2 years ago, then those are not due to any changes in laws and regulations. It's probably due to corporate decisions and how the industry is trending. I could be wrong.
It's not necessarily changes to HIPAA, but how they protect the data and potentially their liabilities. Same thing is happening in many sectors. Everyone is trying to secure their data and preventing breaches. This isn't aimed at you specifically. But consider all the measures going on... VPN, geofencing, MFA... then there are the things you don't necessarily see (logging and analysis) VLANs, VPC, authentications, etc.
Think of the damage if you were compromised...Your laptop and phone stolen... the "bad actors" somehow got your credentials... A lot of peoples' medical records could be copied or modified (as an example). The healthcare system you work for could be "punished" in a bad way so they opt to secure things down as much as possible. I know some companies that scan their network monthly for vulnerabilities and have let people go for purposely creating vulnerabilities (some for convenience... like an open file share... some reasons just stupid...eg hosting a minecraft server within the corporate network).
As new vulnerabilities are identified, many companies will come up with a solution/fix to address them. They might be a bit kludgy sometimes, often inconvenient but it is meant for everyone's benefit.