When the severity of the novel coronavirus (COVID-19) became apparent in March, employers across the country sent their workers home. Nonclinical employees of healthcare organizations were among those who were forced to create a new office space in the living room or kitchen.
Q: OCR has announced that it will waive enforcement discretion for HIPAA violations that occur at COVID-19 community-based testing sites. The agency did, however, indicate that reasonable safeguards should be implemented. What are your safeguard recommendations for a testing site that is constructed in a parking lot?
Healthcare organizations can discover breaches in a variety of ways. Unfortunately, some organizations may not be aware that they have been breached until an outside party contacts them with the two dreaded words: dark web.
Q: A person handling PHI from a remote location admitted that he had clicked on what turned out to be a malicious link in his personal email while he was using a company laptop. The laptop contained access to patient data and PHI. This is the first time such an incident has taken place in my department. What should our response plan look like in this situation?
Q: Many media organizations are filming outside the premises or sometimes even in the hospital. When they interview hospital leaders and health officials, this can be done with things happening in the background. How can hospitals prevent accidental disclosures—a patient’s face showing up in the background during an interview, for example? What should the rules be for media looking to film at the facility?
Q: We’ve had staff members handling PHI remotely for the past month or so. We have not experienced any data breaches to my knowledge, but I’m a little worried as I read about the surge in hacks and ransomware targeting healthcare entities. What are the most important steps we can take as an organization to minimize the risk of being exploited?
