Healthcare organizations can discover breaches in a variety of ways. Unfortunately, some organizations may not be aware that they have been breached until an outside party contacts them with the two dreaded words: dark web.
Q: A person handling PHI from a remote location admitted that he had clicked on what turned out to be a malicious link in his personal email while he was using a company laptop. The laptop contained access to patient data and PHI. This is the first time such an incident has taken place in my department. What should our response plan look like in this situation?
Q: Many media organizations are filming outside the premises or sometimes even in the hospital. When they interview hospital leaders and health officials, this can be done with things happening in the background. How can hospitals prevent accidental disclosures—a patient’s face showing up in the background during an interview, for example? What should the rules be for media looking to film at the facility?
Q: We’ve had staff members handling PHI remotely for the past month or so. We have not experienced any data breaches to my knowledge, but I’m a little worried as I read about the surge in hacks and ransomware targeting healthcare entities. What are the most important steps we can take as an organization to minimize the risk of being exploited?
Two months into the COVID-19 pandemic, people are gradually beginning to return to work. What steps need to be taken to make sure data and devices are secure?
Q: When dealing with a public health emergency, which disclosures are permitted to the media and which are not? Does HIPAA allow for any identifiable information to be disclosed to news organizations if the intention is to protect the public at large?
