In July 2020, managed IT services provider Blackbaud disclosed it was the victim of an unnamed ransomware attack. The company paid the ransom, according to a January 14, 2021 report by the HHS Cybersecurity Program titled “Distributed Attacks and the Healthcare Industry.”
Protenus, a Baltimore-based healthcare compliance analytics company, has released its annual Breach Barometer. It measured 758 health data breaches reported to the Department of Health and Human Services (HHS), the media, or some other source during 2020.
Q: Is it considered a HIPAA violation for facilities to keep patient charts outside of exam rooms or at a patient's bedside? Most providers prefer to have the charts handy to review just before seeing the patient. However, anyone could walk by the room and potentially get a glance at the information. Would this be considered an incidental disclosure?
Q: If an individual provides authorization for a disclosure, can the individual later revoke the authorization? Is the covered entity (CE) then required to “take back” or demand the erasure of any documentation by third parties that may have been made following the original authorization?
