An Atlanta neurology clinic’s investigation of a ransomware attack on its network uncovered a separate cybersecurity incident going back more than a year. More than 170,000 individuals are affected.
Q: We recently became aware that several emails containing PHI were sent to an email address that was terminated. The emails were bouncing back to us and then were caught in our spam filter. Most of the emails sent to this address were encrypted, but one was not. Do we need to report this even though the email was never opened?
This month's Q&A answers our readers' questions about releasing protected health information via a health information exchange, sharing patient information with law enforcement, and paper record retention requirments.
