Q: Can an independent radiology facility mail postcards with a reminder that it's time for patients to schedule? The postcard would include the patient's name and address, obviously, but then either a check mark by screening mammogram or the words “follow-up exam.”
Oaklawn Hospital, a healthcare provider in Marshall, Michigan, recently reported a security incident that potentially impacted 26,861 individuals, according to the Office for Civil Rights (OCR) breach report.
Q: We recently took a survey and many of our employees admitted to saving their passwords in a Word® document or a Notes® file on their phone. Is this riskier than having passwords written down on paper and stored in a safe place at work or home? How can we discourage employees from writing down their passwords anywhere?
The healthcare industry in the United States has experienced a significant increase in ransomware attacks, and the trend has continued upward during the novel coronavirus (COVID-19) pandemic.
Q: In many school districts, children are required to complete immunizations before beginning school. Does a healthcare provider need to obtain consent from a parent to disclose proof of the student's immunization to the school district?
University of Missouri Health Care (MU Health Care), a health system located in Columbia, Missouri, on September 17 reported a security incident that potentially affected 189,736 individuals, according to the Office for Civil Rights (OCR) breach report.
From a compliance and security standpoint, few tasks are more important for healthcare organizations than the creation and regular maintenance of an information technology (IT) asset inventory.
Q: If an individual requests an electronic copy of protected health information (PHI) and the covered entity (CE) maintains that particular record only on paper, what is the standard procedure? Can a paper copy suffice? Does the covered entity need to find a way to deliver the record electronically?
Universal Health Services (UHS), one of the nation’s largest hospital management companies, on September 27 suffered a cyberattack that resulted in the company disconnecting all systems and temporarily shutting down its network.
When an organization discovers a hacker infiltrating the network, the natural response is to act quickly and shut down everything.
Of course, it’s important to show urgency in a response, but urgency without a well-constructed, well-rehearsed plan won’t do an organization any good. In fact, it may even exacerbate the issue.
