Gaurav Modi, Author at Abyde

A Culture of Compliance – Your Get Out of Jail Free Card

April 18, 2023 Gaurav Modi Comments Off

April 18, 2023 Everyone wishes for the “Get Out of Jail Free” card in the game of Monopoly, so you can sell it and make money or free yourself from the slammer and continue your quest for wealth. But don’t you wish you had a card like this in real life so you could avoid paying a late fee, get out of an awkward situation, or get out of a speeding ticket? Imagine handing a police officer the card with your license and registration, I bet you would get a good chuckle! When it comes to healthcare compliance, demonstrating “good faith” could provide you with that much-needed “Get Out of Jail Free” card if you are investigated, audited, or are facing a violation. “Good faith” generally means that you have made a sincere and honest effort to comply with applicable laws, regulations, or standards pertaining to HIPAA and OSHA. So what do regulators look for when determining whether or not a practice has demonstrated “good faith”? First, you have implemented policies and procedures to include applicable forms or required logs. Next, staff has been trained in accordance with HIPAA and OSHA timeframes and requirements. And most importantly, whether or not you have completed a HIPAA Security Risk Analysis and OSHA Facility Risk Assessment that have identified risks, hazards, and mitigation efforts. While regulators may consider other factors, implementing a documented compliance program suggests you are committed to compliance and taking reasonable steps to protect your patients’ PHI and provide a safe and healthy workplace for staff. It is important to keep in mind “good faith” does not guarantee immunity from regulators. Every situation will have different mitigating factors, such as malicious intent or an identified hazard that went unmitigated. While you may be promoting a culture of compliance, ignoring the blatantly obvious could lead to you losing that “Get Out of Jail Free” card. Okay, how can you win at the HIPAA and OSHA compliance game? While it may be difficult to achieve compliance perfection, having a documented culture of compliance and, even more importantly, not letting your compliance program lapse will be key. These moves will show your “good faith” effort towards safeguarding patient information and employee safety and might even earn you the jackpot or a luxury Dark Blue property (IYKYK).

OCR HIPAA Telehealth COVID-19 Transition

HIPAA, Legislation

OCR Announces Transition Period for Compliance with HIPAA Rules for Telehealth

April 12, 2023 Gaurav Modi Comments Off

April 12, 2023 As of May 12, 2023, a 90-calendar day transition period will be in effect to provide covered healthcare providers with time to come into compliance with the HIPAA Rules in relation to their provision of telehealth. The transition period will expire on August 9, 2023, at 11:59 p.m. During this period, the OCR will continue to exercise its enforcement discretion. It will not impose penalties on covered healthcare providers for noncompliance with the HIPAA Rules that occur in connection with the good faith provision of telehealth. The Notice of Expiration of Certain Notifications of Enforcement Discretion Issued in Response to the COVID-19 Nationwide Public Health Emergency is available at: https://public-inspection.federalregister.gov/2023-07824.pdf – PDF. This notice marks the end of the enforcement discretion period that was put in place by the OCR to support the healthcare sector and the public in responding to the COVID-19 public health emergency. OCR Director Melanie Fontes Rainer has emphasized that the OCR is committed to supporting the use of telehealth by ensuring that healthcare providers can make the necessary changes to their operations privately and securely in compliance with HIPAA Rules. In addition to announcing the transition period, it’s worth noting that the OCR had previously issued four Notifications of Enforcement Discretion in the Federal Register regarding how the HIPAA Rules would be applied to certain violations during the COVID-19 nationwide public health emergency. These notifications and their effective beginning and end dates are: It’s important to note that these notifications will also expire at 11:59 pm on May 11, 2023, due to the expiration of the COVID-19 public health emergency. The OCR will no longer exercise enforcement discretion for violations that occur after this date, which is why the transition period has been put in place to allow covered healthcare providers to make any necessary changes to their operations to ensure they comply with HIPAA Rules when providing telehealth services. Questions regarding HIPAA and OSHA Compliance, please email Abyde at info@abyde.com or call (800) 594-0883

HIPAA, Legislation

HHS Announces New Divisions Within the OCR

March 14, 2023 Gaurav Modi Comments Off

March 14, 2023 EXTRA EXTRA READ ALL ABOUT IT!! The U.S. Department of Health and Human Services, through the Office for Civil Rights (OCR), announced the formation of a new Enforcement Division, Policy Division, and Strategic Planning Division. Why isn’t this front-page news? And why did the HHS need to form three new divisions? “OCR’s caseload has multiplied in recent years, increasing to over 51,000 complaints in 2022– an increase of 69 percent between 2017 and 2022,” said OCR Director Melanie Fontes Rainer. “…reorganization improves OCR’s ability to effectively respond to complaints, puts OCR in line with its peers’ structure, and moves OCR into the future.” The OCR will now reflect the structure set by the U.S. Department of Education’s Office for Civil Rights. The Strategic Planning Division will not only work to coordinate public outreach to protect civil rights and health information privacy. They will also expand data analytics and coordinate data collection across HHS leadership. With the OCR being proactive and educating the public on their rights, now would be the time to make sure you are being proactive with HIPAA. What is something to make sure you are staying compliant and one step ahead of the OCR? How about your Security Risk Analysis or the “Crown Jewel” of the OCR as we like to call it. It’s the first thing the OCR asks for when they come knockin’. So why not beat them to the punch? You’ll identify and assess potential threats and vulnerabilities to protected health information (PHI), as well as evaluate the effectiveness of the organization’s security measures and policies. A HIPAA Security Risk Analysis is an ongoing process that must be regularly reviewed and updated to ensure that the organization remains in compliance. Guess what, here at Abyde we automate the entire process for you. Extra, extra, HIPAA violations can result in severe consequences, including fines, legal action, and damage to a healthcare organization’s reputation. Therefore, it is critical for healthcare providers and organizations to prioritize HIPAA compliance and regularly review and update their policies and procedures to ensure they are in line with the latest regulations.

HIPAA

OCR Releases Annual HIPAA Compliance Reports

February 24, 2023 Gaurav Modi Comments Off

February 24, 2023 Believe it or not, the Office for Civil Rights kicked off NBA All-Star Weekend with their very own showcase of HIPAA enforcement’s latest and greatest. Last Friday the government released not one but two annual reports starring key HIPAA enforcement activities from 2021. While you probably won’t be seeing these reports featured on the next SportsCenter Top 10, the insights that they provide into recent healthcare data breaches and HIPAA noncompliance cases are certainly worthy of a highlight reel. So to give your practice some helpful pointers on how your compliance efforts should be focused, let’s break down the most important stats from each report: OCR’s 2021 Report to Congress on HIPAA Privacy, Security and Breach Notification Rule Compliance The biggest takeaway? Between 2017 and 2021, the OCR has seen a 39% increase in the number of HIPAA complaints received and in turn, has initiated 44% more compliance reviews. Meaning that not only are your patients paying more attention to non-compliance, but the government is too. OCR’s 2021 Report to Congress on Breaches of Unsecured Protected Health Information Now, what does all this data really mean? OCR Director, Melanie Fontes Rainer, made the intentions of these reports clear in her statement saying, “We will continue to provide guidance and technical assistance on compliance with the HIPAA Rules, as well as a vigorous enforcement program to address potential HIPAA violations.” Meaning that not only do each of those statistics provide eye-opening insight into what’s going on in the healthcare industry, but they help identify exactly what areas of compliance are too commonly overlooked. And when it comes to ensuring your practice has an all-star compliance line-up, here’s what the OCR identified as the top areas for needing improvement: So knowing what common compliance gaps exist and what a winning HIPAA program looks like, the ball is in your court. You wouldn’t put a rookie up against LeBron, and the findings from these reports are perfect examples of why you can’t go head-to-head with an evolving healthcare industry without having both compliance AND cybersecurity on your team.

Best Practices, OSHA

Heads Up: Dodge These Top OSHA Violations!

February 14, 2023 Gaurav Modi Comments Off

February 14, 2024 Hey there! Ever heard of OSHA? Think of them as the workplace safety cheerleaders, ensuring everyone stays healthy and happy at work. Ensuring a safe and healthy workplace is paramount for our heroes on the frontlines. Let’s delve into the top OSHA violations to see what you need to avoid and prioritize workplace safety: Bloodborne Pathogen Management: Proper handling of blood and bodily fluids is crucial, with appropriate PPE and training mandated for everyone’s protection. Respiratory Protection: Implement proper respirators and ventilation systems to safeguard staff from airborne contaminants and ensure optimal respiratory health. Personal Protective Equipment (PPE) Utilization: Equipping everyone with the correct PPE and ensuring its proper use and maintenance creates a vital barrier against workplace hazards. Recordkeeping Meticulousness: Maintaining accurate and timely records of injuries, illnesses, and safety hazards facilitates proactive risk identification and mitigation strategies. Lockout/Tagout Procedure Implementation: Prevent accidental equipment activation by strictly adhering to established lockout/tagout procedures during maintenance activities. Remember, adhering to these guidelines fosters a safer and healthier environment for everyone, ultimately contributing to a thriving healthcare ecosystem. Let’s prioritize safety and empower your practice to shine! Thankfully, Abyde can help your practice avoid these common OSHA violations. Our revolutionary OSHA for Healthcare software includes entertaining training, dynamically generated documentation, a thorough facility risk assessment, and much more! To learn more about how you can simplify your practice’s compliance, contact us at info@abyde.com and schedule a demo here.

Cybersecurity, Fines, HIPAA

Big Fish, Big Fine

February 3, 2023 Gaurav Modi Comments Off

February 3, 2023 A hacker dropped a line and an Arizona-based nonprofit health system got baited, hook line and sinker. Yesterday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights announced a settlement resolving a data breach. The breach, executed by a “threat actor”, disclosed the protected health information of 2.1 million consumers. Ouch! Outlined by the HHS, the HIPAA violations include: The investigation began back in 2016 after OCR received a receipt of a breach report. The hacker was able to access PHI such as patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medication, diagnoses and conditions, and health insurance information. As part of the settlement, the hospital paid $1,250,000 to OCR and agreed to a Corrective Action Plan. The plan highlights efforts to resolve their violations against the HIPAA Security Rule. Before you catch yourself becoming a victim of “here fishy fishy”, make sure all your ducks – or should we say fish – are in a row. As we continue to see the relevance and impact of cybersecurity incidents increase, you should be more alert and secure than ever. And if you’re thinking, well that was a hospital – that could never happen to me, be careful what your next Go Fish card is. Whether you’re a big fish in a little pond or a little fish in a big pond, hackers are targeting healthcare. This particular hospital is facing extensive hours of work to complete its Corrective Action Plan which includes conducting a risk analysis, developing a risk management plan, implementing and distributing policies and procedures, and regular follow-up with the HHS. Conveniently, these are all things Abyde can help with. Reach out today to find out how we can save you over 80 hours a year and a time-consuming Corrective Action Plan down the road.

Best Practices, HIPAA

Outsourced Doesn’t Mean Overlooked

January 26, 2023 Gaurav Modi Comments Off

January 26, 2023 We get it. The hiring market is tough out there right now and when your main goal is providing the best experience for your patients, you will do whatever it takes to build a strong team. But before you go sailing the high seas to find your next hire, you might want to make sure they’re paddling in the same direction. Are you considering outsourcing job roles to agencies that employ individuals in other countries? A company’s location and where its employees are located doesn’t necessarily mean they are or are not HIPAA compliant. As a practice, you are responsible for checking the company’s policies and procedures of any company you hire to ensure that they comply with all relevant regulations. If an organization outsources any function that involves access to PHI, it must have a written contract with the Business Associate. Here are some questions we recommend asking prior to working with an outsourced company: Let’s make sure all eyes are on the same prize – HIPAA compliance. Still not sure if you’re asking the right questions? Give us a buzz and we will walk you through the most important processes and policies to follow.

Best Practices, HIPAA

Brushing & Flossing Are Important to Your Practice, Too

January 19, 2023 Gaurav Modi Comments Off

January 19, 2023 You know the drill, no pun intended. The hygienist finishes a cleaning and hands the patient their goody bag full of all the fun things, including a toothbrush and dental floss. While this has become the norm for the practice and the patient, there is a good reason for it. Hygienists are taught to preach good oral hygiene, and it’s no secret that most patients that brush and floss regularly will experience better oral health and require less invasive treatment down the road. But what about those patients who don’t follow the advice or over time fall out of best practice? Yes, we’re looking at you, guy who only flosses the night before their appointment. The patient is typically aware of their intermittent compliance but since they are asymptomatic, they continue hoping for the best and vow to do better after the next cleaning. Then as it usually does, life happens and they cancel their next cleaning. And with the best of intentions, they plan to reschedule but keep forgetting. Disease begins to take hold. If the patient is fortunate, they return to the office before the issue is too serious and it can be resolved with a relatively simple treatment plan. Those less fortunate may require more involved and expensive procedures. So you’re probably wondering by now, how does any of this tie back to Abyde, a healthcare software company? Well, we’ve brought in one of our Abyde Ambassadors to tie it all together. Michael Wilgus shares his experience from the last 20 years in the industry. “Ironically, I have seen a similar scenario in hundreds of practices regarding HIPAA and OSHA compliance. A practice starts out with positive intent and implements what they believe is a strong and complete compliance program. Things get busy, there is turnover, and compliance gets pushed to the back burner. When violations or inspections occur (because they are not an if situation), they are usually due to a knowledge gap or are accidental, and may even be asymptomatic to the practice owner.” With HIPAA, if an event is reported, the Office of Civil Rights (OCR) may choose to implement a corrective action plan (think treatment plan) for the practice. That plan can be expensive, time-consuming, and involve an OCR specialist monitoring your progress regularly for an extended period. The U.S. Department of Labor isn’t missing out on the fun either. They are actively ramping up their OSHA program by hiring more investigators and estimate their budget to increase by 14.7%, going from $612 Million in the fiscal year 2022 to $701 million in 2023. The average penalty levied on a dental practice in 2022 for a HIPAA violation was measured in the tens of thousands of dollars; one estimate shows it to be approximately $45,000. Sacrificing the net revenue from months’ worth of crowns is something most practices cannot afford. When it comes to OSHA, the punch-to-the-gut penalties are nothing to chuckle at. And let’s not forget the recent increase in these dollar amounts. Achieving and maintaining compliance when using services from Abyde takes less time than a patient should spend brushing and flossing, and if we can humble brag for a minute – we make it easy and fun! Brushing and flossing are not only good for your patients but are also good for your practice. Ready to get your practice’s compliance hygiene up to par?

Fines, Legislation, OSHA

Inflation Strikes on Eggs and OSHA Fines

January 13, 2023 Gaurav Modi Comments Off

January 13, 2023 To keep up with inflation and the ever-changing cost-of-living adjustments, the U.S. Department of Labor announced changes to Occupational Safety and Health Administration (OSHA) civil penalty amounts today. As part of a Congressional act passed in 1990, the Federal Civil Penalties Inflation Adjustment Act, and amended by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015, the Department completes an annual review by January 15th to evaluate and adjust civil money penalty levels against inflation. We can expect the new penalty amounts, shown below, to take effect on January 17, 2023. Currently, penalties for serious and other-than-serious violations are $14,502 per violation. With the recent update, we are seeing over a $1,000 increase to $15,625. Repeated violations aren’t getting a break either with an increase to $156,259 per violation from the previous $145,027. Type of Violation Penalty SeriousOther-Than-SeriousPosting Requirements $15,625 per violation Failure to Abate $15,625 per day beyond the abatement date Willful or Repeated $156,259 per violation Curious about state-specific updates? Per the U.S. Department of Labor, states that operate their own OSHA Plans are required to adopt maximum penalty levels that are at least as effective as Federal OSHA’s. State Plans are not required to impose monetary penalties on state and local government employers. This new rule goes into effect on January 15, 2023. It will apply to any penalties assessed after January 15, 2023. Before you go egging the next OSHA enforcement officer you come in contact with, remember that these annual updates are in place to remind you of the importance of maintaining a safe and healthful work environment.

Fines, HIPAA

With the first settlement announcement of 2023, OCR selects…

January 4, 2023 Gaurav Modi Comments Off

January 4, 2023 We didn’t even make it through the first week of the new year before we saw the first settlement announcement. Yesterday, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announced a settlement with a Georgia full-service diagnostic lab. The potential violation marks the 43rd associated with the HIPAA Right of Access Initiative to date. This is now the third Right of Access settlement we have seen in the last month. The initial complaint was first filed back in August of 2021 when a personal representative was unable to obtain a copy of her deceased father’s medical records. While the lab finally complied in February of 2022, it took seven months for the requester to receive the records. The HIPAA right of access provision requires that patients be able to access their health information in a timely manner, typically within 30 days. The lab has agreed to pay $16,500 and implement a corrective action plan to resolve this investigation. The corrective action plan includes two years of OCR monitoring. OCR Director, Melanie Fontes Rainer, shared her thoughts, “Access to medical records, including lab results, empowers patients to better manage their health, communicate with their treatment teams, and adhere to their treatment plans. The HIPAA Privacy Rule gives individuals and personal representatives a right to timely access their medical records from all covered entities, including laboratories.” While we all have the same goal in common – to provide the best experience for our customers and patients – that doesn’t always equate to direct care. Ensuring that their needs and requests are met is essential to the overall experience. From the first time they Google you all the way to a request for records, you are making an impression. And whether it’s the first impression or the last, don’t you want it to be a good one?