The following is a guest article by David Matalon, Chief Executive Officer at Venn
Telehealth has expanded access to care and fundamentally changed how healthcare organizations deliver services, with projections suggesting telehealth may account for up to 30% of U.S medical visits in 2026. Behind every telehealth appointment is a broad workforce that includes coders, billing specialists, insurance professionals, and contractors – most of whom work remotely, hybrid, or even offshore. This increasingly blended workforce reflects real changes in how care and support services are delivered. As more people rely on telehealth services, there’s a growing demand for professionals enabling virtual care – as well as solutions that ensure data remains secure across these distributed workforces.
However, traditional security model approaches – such as shipping corporate-managed laptops to onboard this distributed workforce, or virtual desktops which rely on remote hosting, are too slow and complex to support the speed and scale needed. This current mismatch is fueling the need for a more flexible, device-agnostic security model that will enforce compliance without restricting how and where work gets done.
Ensuring HIPAA Compliance Across a Distributed Workforce
With 73% of healthcare leaders expecting half of their workforce to be hybrid in 2026, maintaining HIPAA compliance across diverse devices and environments will be critical for protecting patient data. It’s well known that HIPAA requires organizations to implement safeguards that include strong policies and controls that prevent the unauthorized access, use, or disclosure of electronic protected health information (ePHI). As a default, these responsibilities extend to anyone who accesses this data, including contractors, vendors, offshore workers, and other business associates.
For healthcare organizations, enforcing consistent security policies can be challenging with remote contractors using personal or third-party devices that companies don’t fully control or manage. For an industry severely understaffed, maintaining a high level of control and consistent protection for ePHI is difficult. Without strong access controls and monitoring, the risk of unauthorized access or disclosure increases.
Legacy security for these scenarios was built around the endpoint. IT leaders would lock down the device, control the hardware, and manage everything installed on it, with the assumption being that protecting the machine protected the data on it. But that model doesn’t hold up when your workforce is spread across geographies, on personal laptops, contractor machines, and home offices.
Ensuring HIPAA compliance in a distributed environment requires a reframe: protecting the work itself. Encrypting and isolating work applications and ePHI directly on the endpoint, regardless of what device is being used to access them.
Enabling Secure, Device-Agnostic Access for Telehealth Workforces
To fully embrace this next phase of telehealth, healthcare organizations need workforce models that are more flexible by design, and the security infrastructure to match.
Allowing employees and contractors to use their own devices can remove much of that friction. It makes the onboarding process a lot faster and gives organizations more flexibility in how they want to build and scale their workforce.
But device flexibility only works if compliance travels with it. HIPAA doesn’t change based on who owns the laptop, so the obligation to control access to ePHI applies regardless of whether someone is using a corporate-issued machine or their own. That’s the challenge that a device-agnostic model solves: giving people the freedom to work on any device, while ensuring the organization never loses control of the data.
Building a Secure, Flexible Future for Telehealth Workforces
The practical shift starts at the endpoint. Rather than restricting access by locking down entire devices, IT teams can isolate ePHI and healthcare applications inside a protected workspace directly on the user’s machine, fully separated from personal activity.
This allows healthcare organizations to onboard remote workers and contractors in minutes instead of days, without shipping laptops or spinning up complex virtual desktops. Offboarding is just as fast, since access can be revoked instantly, with no equipment to retrieve. For an industry dealing with persistent staffing pressure and high contractor turnover, that agility matters.
As telehealth continues to reshape care delivery, the organizations best positioned to scale are those that stop treating device ownership as their security strategy. HIPAA compliance doesn’t require that IT teams control the hardware; it just requires that they keep sensitive data secure, regardless of what device it’s on. A model that isolates and protects ePHI at the endpoint, regardless of what device it sits on, gives healthcare organizations the flexibility to grow their distributed workforce without compromising the trust patients place in them.
About David Matalon
David Matalon is the Founder and CEO at Venn, the leader in flexible workforce enablement. As a 5-time founder, David has experience running companies focused on securing and delivering applications for distributed workforces. He led businesses that worked on virtual desktop (VDI) technologies and security/compliance for remote teams. Venn is the innovator behind Blue Border, a purpose-built technology that creates a secure, IT-controlled work environment on a user’s own PC or Mac—separating work and personal activity without locking down the device or relying on virtual desktops. He earned his undergraduate degree from NYU’s Stern School of Business and holds a master’s degree from Columbia University. You can follow him on LinkedIn here.
