Q: Under what circumstances can a CE disclose PHI to family and friends of the patient? Does the patient always need to verbally consent to the disclosure? For example, if a patient brings a friend or family member with him or her into the emergency room, should the doctor assume that the patient is OK with the friend or family member being privy to PHI?
CHSPSC, LLC, a business associate providing services such as IT and HIM to hospitals and physician clinics owned by Community Health Systems in Franklin, Tennessee, agreed to pay $2.3 million to the Office for Civil Rights (OCR) and to adopt a corrective action plan to settle potential HIPAA violations.
Q: We recently took a survey and many of our employees admitted to saving their passwords in a Word® document or a Notes® file on their phone. Is this riskier than having passwords written down on paper and stored in a safe place at work or home? How can we discourage employees from writing down their passwords anywhere?
Inova Health System, a nonprofit healthcare provider based out of Merrifield, Virginia, reported a breach on September 9 affecting 1,045,270 individuals, according to the Office for Civil Rights (OCR) breach portal.
Q: Following a breach, many organizations post a breach notification letter to their website. Is there a particular spot on the site that it must be posted? Can the link to the notification letter be posted anywhere on the homepage?
Q: Many organizations have outsourced their PHI disposal for years. With coronavirus limiting the number of people coming in and out of medical facilities, what are your suggestions for organizations that now have to take care of PHI disposal themselves? What are the most important things to remember when handling this process?
Utah Pathology Services, Inc. experienced an email hack in late June that may have exposed the personal information of 112,124 individuals, according to the Office for Civil Rights (OCR) breach report.
