Q: When informing first responders that they have been in contact with a COVID-19–positive patient, is it sufficient to merely tell them that one of their patients ended up testing positive? Or does the name of the patient need to be provided?
Metropolitan Community Health Services (MCHS), a federally qualified health center that provides discounted medical services to underserved populations in rural North Carolina, agreed to pay $25,000 to the Office for Civil Rights (OCR) and adopt a corrective action plan to settle potential violations of the HIPAA Security Rule, OCR announced on July 23.
Q: I have read recently about the uptick in “vishing,” or voicemail messaging scams, targeting remote healthcare workers. What are your recommendations for protecting against this type of threat?
Q: Naturally, companies are curious to learn which of their employees have been exposed to COVID-19 as the workforce begins to return to the office. Under what circumstances can healthcare providers legally disclose a patient’s diagnosis to his or her employer?
As the healthcare industry continues to transition from face-to-face appointments to telehealth during the novel coronavirus (COVID-19) pandemic, reports of video conference hijacking are emerging nationwide.
American Medical Technologies, a California-based provider of healthcare supplies, notified individuals in late June that their data was potentially breached during a 2019 security breach.
When the severity of the novel coronavirus (COVID-19) became apparent in March, employers across the country sent their workers home. Nonclinical employees of healthcare organizations were among those who were forced to create a new office space in the living room or kitchen.
Q: Many media organizations are filming outside the premises or sometimes even in the hospital. When they interview hospital leaders and health officials, this can be done with things happening in the background. How can hospitals prevent accidental disclosures—a patient’s face showing up in the background during an interview, for example? What should the rules be for media looking to film at the facility?
Q: OCR has announced that it will waive enforcement discretion for HIPAA violations that occur at COVID-19 community-based testing sites. The agency did, however, indicate that reasonable safeguards should be implemented. What are your safeguard recommendations for a testing site that is constructed in a parking lot?
