Healthcare organizations can discover breaches in a variety of ways. Unfortunately, some organizations may not be aware that they have been breached until an outside party contacts them with the two dreaded words: dark web.
Q: A person handling PHI from a remote location admitted that he had clicked on what turned out to be a malicious link in his personal email while he was using a company laptop. The laptop contained access to patient data and PHI. This is the first time such an incident has taken place in my department. What should our response plan look like in this situation?
Q: Many media organizations are filming outside the premises or sometimes even in the hospital. When they interview hospital leaders and health officials, this can be done with things happening in the background. How can hospitals prevent accidental disclosures—a patient’s face showing up in the background during an interview, for example? What should the rules be for media looking to film at the facility?
Q: We’ve had staff members handling PHI remotely for the past month or so. We have not experienced any data breaches to my knowledge, but I’m a little worried as I read about the surge in hacks and ransomware targeting healthcare entities. What are the most important steps we can take as an organization to minimize the risk of being exploited?
North Shore Pain Management (NSPM), a Massachusetts-based healthcare provider, reported on June 18 a network server breach affecting 12,472 individuals.
Two months into the COVID-19 pandemic, people are gradually beginning to return to work. What steps need to be taken to make sure data and devices are secure?
Q: When dealing with a public health emergency, which disclosures are permitted to the media and which are not? Does HIPAA allow for any identifiable information to be disclosed to news organizations if the intention is to protect the public at large?
The Office for Civil Rights (OCR) issued guidance June 12 for healthcare providers interested in contacting former novel coronavirus (COVID-19) patients about donating blood and plasma that could help other COVID-19 patients.
As soon as the novel coronavirus (COVID-19) entered the United States, reports began to surface detailing an increased rate of cyberattacks against healthcare entities. That trend is unlikely to change anytime soon.
Q: Like other hospitals, we have had many patients transported via ambulance with COVID-19 symptoms. Once these patients are tested for the virus, are we permitted under HIPAA to disclose their test results to the first responders who treated them and brought them to the hospital?
