The healthcare industry in the United States has experienced a significant increase in ransomware attacks, and the trend has continued upward during the novel coronavirus (COVID-19) pandemic.
Q: In many school districts, children are required to complete immunizations before beginning school. Does a healthcare provider need to obtain consent from a parent to disclose proof of the student's immunization to the school district?
From a compliance and security standpoint, few tasks are more important for healthcare organizations than the creation and regular maintenance of an information technology (IT) asset inventory.
Q: If an individual requests an electronic copy of protected health information (PHI) and the covered entity (CE) maintains that particular record only on paper, what is the standard procedure? Can a paper copy suffice? Does the covered entity need to find a way to deliver the record electronically?
When an organization discovers a hacker infiltrating the network, the natural response is to act quickly and shut down everything.
Of course, it’s important to show urgency in a response, but urgency without a well-constructed, well-rehearsed plan won’t do an organization any good. In fact, it may even exacerbate the issue.
Q: Under what circumstances can a CE disclose PHI to family and friends of the patient? Does the patient always need to verbally consent to the disclosure? For example, if a patient brings a friend or family member with him or her into the emergency room, should the doctor assume that the patient is OK with the friend or family member being privy to PHI?
