Q: As sports leagues attempt to make their return, many are going to be using daily COVID-19 testing as part of their protocol. Obviously, the leagues need to quarantine any individual who tests positive for the virus. But why is the covered entity that is performing the testing allowed to disclose a patient’s test results to the leagues?
Walgreen Co., the second largest pharmacy chain in the United States, recently reported a breach that may have involved the protected health information (PHI) of more than 72,000 individuals, according to data in the Office for Civil Rights (OCR) breach portal.
The novel coronavirus (COVID-19) pandemic upended the U.S. healthcare system in innumerable ways. Experts believe the new post-COVID-19 normal will not be exactly the same as it was pre-pandemic. For one, telehealth is here to stay.
Q: I have read recently about the uptick in “vishing,” or voicemail messaging scams, targeting remote healthcare workers. What are your recommendations for protecting against this type of threat?
Lifespan Health System, a Rhode Island-based healthcare provider, agreed to pay $1.04 million to the Office for Civil Rights (OCR) and implement a corrective action plan to settle potential HIPAA violations, OCR announced on July 27.
An organization’s privacy and security policies are only as effective as its training. All the right work can be done at the top level, but if the messages are not clearly disseminated to staff, an organization can find itself in a difficult position.
Q: When informing first responders that they have been in contact with a COVID-19–positive patient, is it sufficient to merely tell them that one of their patients ended up testing positive? Or does the name of the patient need to be provided?
Metropolitan Community Health Services (MCHS), a federally qualified health center that provides discounted medical services to underserved populations in rural North Carolina, agreed to pay $25,000 to the Office for Civil Rights (OCR) and adopt a corrective action plan to settle potential violations of the HIPAA Security Rule, OCR announced on July 23.
Q: I have read recently about the uptick in “vishing,” or voicemail messaging scams, targeting remote healthcare workers. What are your recommendations for protecting against this type of threat?
Q: Naturally, companies are curious to learn which of their employees have been exposed to COVID-19 as the workforce begins to return to the office. Under what circumstances can healthcare providers legally disclose a patient’s diagnosis to his or her employer?
