Serving the home health, home care and hospice industry since 1999.

by Tim Rowan, Editor

An analysis of responses to our survey indicate that letting, or forcing, some staff to continue working from home if and when the COVID-19 pandemic eases is an attractive idea to many of our readers. Here is a summary of your answers and some representative comments. Following our report, read on for some pertinent excerpts from a warning issued by NetMotion, the Seattle-based company that provides security and continuous connectivity software for mobile workers. (Due to rounding, results may not always equal exactly 100%.)

The demographic breakdown of survey respondents was:
Medicare HHA: 38%
Hospice: 17%
Private Pay, Medicaid, MCO home care: 33%
Technology company: 19%
Consulting firm: 10%
Other (staffing agency, event producer, DMEPOS company, palliative care): 12%

1. Did your company have some or all office staff working from home in 2020?

Yes: 85%
No: 15%

2. If yes, have some or all of your office staff returned to work in the office?

Yes, all are back: 18%
Yes, some are back: 38%
No, all who went home are still working at home: 26%

3. Are you considering, or have you already decided, to keep some staff working from home after the COVID-19 evergency subsides?

No, we will eventually bring everyone back: 11%
Maybe, we are discussing; no decision yet: 18%
Yes, it is working; we will allow certain office staff to work from home indefinitely: 15%
It is working so well, we will encourage work from home for all office staff for the foreseeable future: 11%
Complicated decision, explained in comments section: 3%

Comments with Question 2:

  • We switch off days so we have 1/2 of the office staff in the office at 1 time.
  • A skeleton crew of staff continue to work from the office.
  • Mail room and IT are back in the office
  • All office workers went home in March and have stayed there
  • Very few folks (like HR) have been back in office working but in general no, we have not been given the OK to return to office. In fact it's been pushed back given the increase in cases across the country.
  • We were out for about 8 weeks.

Comments with Question 3:

  • Several staff recognize the value of working from home, but we are part of a larger organization and need buy-in and approval from higher up.
  • Working towards a hybrid model. Staff who desire to work 100% in the office may do so. Others will have a mix of office and remote work on a weekly basis.
  • Also looking to downsize on office space.
  • About 90% of our staff will continue to work remotely. We will have staff that will come in a couple of times a month to complete those tasks that they are unable to do remotely, and will continue to look for work-arounds for those things to allow for all remote work. Staff are loving it and productivity has not suffered, if anything it has improved.
  • We are using a hybrid model. Partial time stratified in the office and the rest of the time working from home.
  • We moved to 100% in COVID, and will not be going back to as much office as we had before. In fact, we are actively looking at reducing office space / rent expense.
  • Our admin staff have continued to work in the office. However the office has been closed to those outside of our admin team since March.
  • We are a full service home care agency with multiple branch offices. We will be able to reduce our brick and mortar footprint (and monthly rent) by two buildings as we are able to consolidate.


NetMotion Warns:
Working From Home Requires Additional IT Security Provisions

Not going back to "normal" any time soon? NetMotion security expert Mark Chisholm has published a warning on the company's blog site, titled, "Remote employees are dangerously exposed to risky content."

As our survey found, working from home has become a reality for many home health and home care providers, and hospice and palliative care organizations. This puts pressure on IT and security teams to ensure that employees not only remain as productive as possible, but also that they keep themselves and protected health information as secure as possible.

Do remote workers pose a greater cybersecurity risk than their counterparts at the office?

From Chisholm's blog:

"NetMotion recently aggregated a sample of anonymized network traffic data, searching specifically for evidence of users attempting to access flagged (or blocked) URLs, otherwise known as risky content. The analysis, which is derived from data gathered between May 30th – June 24th, 2020, revealed that employees clicked on 76,440 links that took them to potentially dangerous websites.

"All of these sites were visited on work-assigned devices while using either home or public Wi-Fi or a cellular network connection. The data also revealed several primary risk categories, which were identified using machine learning and based on the reputation scores of over 750 million known domains, more than 4 billion IP addresses and in excess of 32 billion URLs. The assumption is that a large number of employees connected to [an employer's] protected, internal (non-public) network would have been prevented from accessing this risky content."

These are the key findings:

  • Employees, on average, encounter 8.5 risky URLs per day, or 59 per week
  • Remote workers also access around 31 malware sites per month, and 10 phishing domains. That equates to one malware site every day, and one phishing domain every 3 days
  • The most common types of high-risk URLs encountered, in order of prevalence, were botnets, malware sites, spam and adware, and phishing and fraud sites
  • Over a quarter of the high risk URLs visited by employees were related to botnets
  • Almost 1 in 5 risky links led to sites containing spam, adware or malware
  • Phishing and fraud, which garner an outsized proportion of news, account for only 4% of the URLs visited
  • The 'other' category, representing 51% of the data in the chart above, is made up of low-severity risky content, such as websites that use proxies, translations and other methods that circumvent URL filtering or monitoring.


Botnets: URLs or IP addresses found to launch attacks, including DOS, proxy jacking, spam messaging, SQL injections and others.

Malware: malicious content including executables, drive-by infection sites, malicious scripts, viruses, trojans and code.

Spam and adware: sites that illegally track or gather information, generate popups or install programs without the user's consent.

Phishing and fraud: sites posing as a reputable site, usually to harvest personal information. Sites are often short-lived

Note: Even if a site is suspected of hosting malware, it does not necessarily mean that the worker downloaded malware to their device. The same applies to other threats, such as phishing; the fact that an employee visited a risky site associated with phishing attacks does not mean that the target's credentials were necessarily exposed.


©2020 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Home Care Technology: The Rowan Report. One copy may be printed for personal use; further reproduction by permission only.