Gaurav Modi

Abyde 2022 Year in Review
Abyde News

Abyde | 2022

December 31, 2022 Comments Off on Abyde | 2022

December 31, 2022 As we wrap up this year, we want to take a look back at our biggest wins. Of those, the ones that stand out most to us aren’t defined by dollar signs or broken records – although, we have seen some pretty impressive performance throughout 2022. When we look at all we have accomplished over the last twelve months, we are most proud of the impact we have made in our community and for our people. Now as AJR says, can we skip to the good part?  There is so much to be proud of this year, as you can see. We are set up to carry this same energy into 2023! As the New Year rolls around, we wish you all nothing but peace and prosperity. 

New Year HIPAA Compliance
Best Practices, HIPAA

NEW YEAR’S RESOLUTION: BE COMPLIANT

December 22, 2022 Comments Off on NEW YEAR’S RESOLUTION: BE COMPLIANT

December 22, 2022 The end of the year is right around the corner and while you’re enjoying the festivities with friends and family (we love a good holiday tradition!), you might already be thinking about New Year’s resolutions. And if you are, props to you for not being a procrastinator. We bet your goals for the year may include eating healthier and learning a new skill, but what about getting compliant? Ensuring your organization is HIPAA and OSHA compliant should be a top priority for every practice – and it’s an easy goal to check off your list! Here are some quick tips to help you start the new year off on the right foot:  Complete your annual Security Risk Analysis and Facility Risk Assessment  This should be your top priority as it is the first piece of documentation you will be asked for in the case of a HIPAA audit or OSHA investigation. The SRA sets a baseline for your organization by assessing all physical, technical, and administrative areas of risk and determining where your HIPAA program stands. Much like the SRA, the FRA is an assessment of your facility’s environment that will help to identify, minimize, and eliminate hazards in the workplace. Keep in mind that both the SRA and FRA must be documented and must be more than a generic checklist. They should provide you with actionable information and insights into all risks and hazards within your organization. Complete annual HIPAA and OSHA training All staff members including doctors and part-time employees must complete annual training. A best practice is to conduct training in a modular type format with a quiz at the end so you have documentation to prove that training has been completed. When it comes to OSHA training, each facility is different so you must incorporate site-specific training in order to address any site-specific hazards.  Update all Policies, Procedures, Programs, and Forms  This is a big one! Without proper documentation that accurately reflects all procedures within your organization, you are not considered to be compliant! If you have been using some templates you found online or have a dusty manual sitting on a shelf, this is your sign to trash it and update your policies to be practice-specific. Don’t forget to implement a plan to routinely review all policies with staff members so they are up-to-date with the latest information as well.  Get signed Business Associate Agreements  In order to be HIPAA compliant, run an inventory list of all vendors you work with that have access to Protected Health Information (PHI). Some examples would include your IT vendor, EHR/PM system, and encryption provider. Once you have gathered all vendor information, double-check that you have a signed Business Associate Agreement with them. If you do, great! If not, be sure to reach out to them right away. If you don’t have a BAA in place with every vendor then you run the risk of getting slapped with your own HIPAA fine if a breach occurs.  Update your Safety Data Sheets  When it comes to OSHA compliance, Safety Data Sheets are essential for tracking and managing any hazardous chemicals in the workplace. Make sure you have a Safety Data Sheet for any chemical which is known to be present in the workplace, in such a manner that employees may be exposed to it under normal conditions of use or in a foreseeable emergency. The big takeaway here – these MUST be readily accessible to all employees. If you do not have a safety data sheet for a particular chemical, you should contact the manufacturer to obtain one. And that’s it! If you follow these steps, there’s no doubt you will be in great shape when it comes to compliance. Still have questions or need help implementing a compliance program for your practice? Contact the experts (hey, that’s us!) at 800.594.0883 for all of your compliance goal-setting needs! While we might not be giving up Chick-fil-a, enrolling in a new gym, or even improving our culinary skills, our resolution always remains the same – make compliance the easiest part of running your practice.

Fines, HIPAA

A costly race against the clock

December 16, 2022 Comments Off on A costly race against the clock

December 16, 2022 On Thursday, the HHS Office for Civil Rights announced a settlement with a Florida primary care practice over a violation of the HIPAA Privacy Rule’s right of access provision. This marks the 42nd case under the Right of Access Initiative to date and the second settlement this week.  All the way back in mid-2019, a daughter, serving as personal representative, was attempting to retrieve her deceased father’s records. After multiple attempts, the practice failed to provide timely access. HIPAA’s right of access standard requires a covered entity to take action on an access request within 30 days of receipt. The practice exceeded that allotted time; the daughter received all requested records nearly five months after the initial request.  OCR Director, Melanie Fontes Rainer, stated, “The right of patients to access their health information is one of the cornerstones of HIPAA, and one that OCR takes seriously.”  The FL primary care practice has since paid its $20,000 fine to the OCR and is working to implement a Corrective Action Plan. The plan will be closely monitored over the next two years and includes updating, distributing, and training on all applicable policies and procedures.  In the age of immediacy, there is no exception when it comes to patient record requests. When a patient requests access to their records, prioritize their request. You have 30 days to take action or you could face not only an OCR investigation but a big fine – one we bet is not worth rearranging your priorities to put the patient first.

Corrective Action Plan Fine
Fines, HIPAA

Fool me once, shame on you… Fool me twice, here’s a Corrective Action Plan

December 16, 2022 Comments Off on Fool me once, shame on you… Fool me twice, here’s a Corrective Action Plan

December 16, 2022 On Wednesday, the HHS Office for Civil Rights announced a settlement with a California dental practice over impermissible disclosure of patient-protected health information (PHI). The practice faces potential violations of the HIPAA Privacy Rule by inappropriate use of social media to respond to patient reviews and disclosing protected health information.  OCR Director, Melanie Fontes Rainer, stated, “This latest enforcement action demonstrates the importance of following the law even when you are using social media. Providers cannot disclose protected health information of their patients when responding to negative online reviews.”  The practice faces a lofty fine of $23,000 and a Corrective Action Plan that will be monitored by the OCR for the next two years. Within the CAP, the practice is responsible for updating and maintaining all policies and procedures to comply with the Federal standards that govern the privacy and security of individually identifiable health information. Additionally, all members of the staff must receive training within 30 days of the updated policies and procedures to comply with the Privacy Rule within 30 calendar days of the implementation of the policies and procedures.  This is the second offense for the same office in the last 5 years. In November 2017, the OCR received a complaint regarding impermissibly disclosed PHI in online review responses. The protected health information included patient names, treatment, and insurance information. Through the investigation, the OCR found other violations including failure to provide an adequate Notice of Privacy Practices and implement Privacy policies and procedures.  As a word of advice from your HIPAA and compliance experts, review all PHI and Privacy Rule policies and procedures with any members of your staff that handle online reviews and social media responses. And while you’re at it, for those of you who may use a third party to handle reputation management, check those Business Associate Agreements, and remind them of our best practices.

Easy way to understand ePHI
Cybersecurity, HIPAA

Toothpaste, Baseball, and ePHI

December 2, 2022 Comments Off on Toothpaste, Baseball, and ePHI

December 2, 2022 Covered entities and business associates, like healthcare providers, that use online tracking technology should be aware of their ePHI management to HIPAA standards  OCR Recently Released a Bulletin Outlining the Proper Use of Tracking Tech in Accordance with HIPAA Compliance Have you ever talked about being out of toothpaste at work, and then when you get home there’s an ad for Colgate on your tablet as you decide what to order for dinner? It’s creepy, but it’s efficient. You’ve been targeted and the Colgate marketing department is doing its job. In this example, the transmission of your tracked demographics and shopping habits is not as sensitive as the transmission of your patient’s data.  Yesterday, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin regarding the correlation between sharing electronic protected health information (ePHI) and online tracking technology. While we aren’t experts in targeted advertising, we are HIPAA experts. There are rules that apply to regulated entities, like you, when collecting information through tracking technologies or disclosing ePHI to vendors you may be working with. The OCR put it plainly, “Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of ePHI to tracking technology vendors or any other violations of the HIPAA rules.”  Do you know if your PHI is being captured through online tracking? Are you monitoring what patient data is being shared with third-party vendors? Even more important, do you use Google Analytics or Meta Pixel – if so, you might want to listen up. Whether you set this tracking up yourself or a third-party agency did, without permissible disclosures from your patients, if their ePHI is shared through the tracking technology, you are putting your practice and patients at risk.  Let’s head around the bases to make sure you’re covering your bases.  Nice base hit – you made it to first. The first thing you can do is ensure you have Business Associate Agreements (BAA) in place with all third-party vendors, especially those who create, maintain, or receive ePHI. While you’re cross-checking if your vendors meet the definition of a business associate, make sure your agreements denote the permitted use case for ePHI.  And the crowd goes wild – way to steal second. Before you think well I’ll just ask the vendor to delete any protected data before they use or save it, that’s not going to cut it. Per the OCR, “Any disclosure of PHI to the vendor without individuals’ authorizations…requires that there is an applicable Privacy Rule permission for disclosure.” Through the Privacy Rule, patients are empowered to have more control over their health information to access and make any changes as needed and boundaries are set on the use and release of health records, including the minimum necessary standard for information disclosures.  A bunt from your teammate gets you over to third – nice work! Before we round out to home, ask yourself if the risk is worth the reward. And if you’re still unsure, check in with your Security Risk Analysis and scorecard – another benefit to Abyde’s ongoing compliance. We work with you to identify the potential risk and exposure associated.  As we make our way to home base, we will summarize with this: if ePHI is involved in any of the data the tracking technology is sharing, HIPAA rules need to be followed. Here are the final words from the OCR, “all disclosures of PHI to tracking technology vendors are specifically permitted by the Privacy Rule and that, unless an exception applies, only the minimum necessary PHI to achieve the intended purpose is disclosed.”

New York OSH Center Case
Fines, OSHA

A New York Health Center’s Case is Denied Under OSH Act

November 28, 2022 Comments Off on A New York Health Center’s Case is Denied Under OSH Act

November 28, 2022 Hey, ref – blow the whistle already! Back in June of 2021, the U.S. Department of Labor filed suit against a New York health center due to an alleged violation of the OSH Act. It was reported that the NY health center suspended and later terminated an employee who had reported personal concerns about exposure to COVID-19. The employee, also known as the whistleblower did so under the OSH Act, which protects workers from retaliation when reporting a hazardous work condition.  The health center proceeded to file a motion in October of 2021, preventing the department from seeking damages for the whistleblower. Fast forward to September of this year, a federal court has rejected the health center’s case under the protection of the OSH Act.  Regional Solicitor of Labor, Jeffrey Rogoff adds, “This is a significant decision reaffirming the U.S. Department of Labor’s independent authority to pursue legal actions and relief for employees in the name of the public interest. The Office of the Solicitor of Labor will continue to aggressively bring cases seeking to vindicate the rights of whistleblowers, who are essential to the proper functioning of laws protecting the health and safety, wages, and wellbeing of the American workforce.” More investigations from the OSHA’s Division of Whistleblower Protection Programs are underway in New York. So what can we take away from this? As a reminder, the Whistleblower Protection Program enforces the provisions of more than 20 federal laws. These protect your employees from retaliation from raising or reporting their concerns about hazards of violations of various workplace safety and health. Make sure your office is a safe place where employees can voice their concerns, but more importantly you are taking the proper steps upfront to ensure your practice meets the necessary safety and health standards.

2023 Seminole 100
Abyde News

Abyde Honored in 2023 Seminole 100

November 22, 2022 Comments Off on Abyde Honored in 2023 Seminole 100

November 22, 2022 Abyde has been named one of the fastest-growing companies owned or led by Florida State University alumni. They will be honored during the 6th annual Seminole 100 Celebration on Saturday, February 25, at the university’s Student Union ballrooms. Florida State University’s Seminole 100 is powered by the Jim Moran Institute of Entrepreneurship in partnership with the FSU Alumni Association. The top 100 fastest-growing FSU alumni-owned or alumni-led businesses are recognized at a celebration each year on FSU’s campus, during which each company learns its numerical ranking and received its award. This event recognizes and honors FSU’s entrepreneurs and allows them to share valuable business insights.  This marks the second award for Abyde in 2022 as one of the fastest-growing companies. Abyde’s revolutionary solution is used by thousands of practices across the country, guiding them through mandatory compliance requirements such as risk management programs, training for doctors and staff, customized policy documentation, and more. As industry leaders, the software provides practices with the tools and assistance they need to achieve stress-free HIPAA and OSHA compliance. “We’ve been honored over the years with different awards, but as a proud FSU Alumni, being named to the Seminole 100 is extra special,” said Matt DiBlasi, Abyde President and Co-founder. “I learned so many business and life lessons while going to school at FSU that have carried into what we do every day and who we are at Abyde. I’m humbled to be honored with so many other great companies and leaders who embody the Unconquered spirit.” “The alumni on the Seminole 100 list represent 12 schools and colleges across Florida State University and show the immense value of a degree from FSU,” said Julie Decker, president and CEO of the FSU Alumni Association. “The accomplishments of these alumni exemplify what is possible with tenacity and innovation. We are proud to recognize them for all they have achieved as leaders and entrepreneurs.”  The 2023 Seminole 100 includes companies from several industries such as construction, finance, legal, marketing, and realty. Of this year’s 100 companies, 80 are based within the state of Florida and a total of 12 U.S. states are represented as part of the 2023 Seminole 100.  To qualify for the Seminole 100, a company must have operated for at least three years and generated revenue by Jan. 1, 2019. In addition, the business must have been owned or led by an FSU alumnus for three consecutive years before applying.  Nominations for the 2024 Seminole 100 are currently open on seminole100.fsu.edu. Applications will open on May 1 and be accepted through July 23, 2023. View the full press release here.

Abyde Values Leadership
Abyde News

Servant Leadership, the Abyde Way

November 14, 2022 Comments Off on Servant Leadership, the Abyde Way

November 14, 2022 Let’s set the stage for you. On the second Wednesday of every month, Abydian employees gather in our Tank with breakfast (usually catered Chick-fil-a – because that’s our favorite) at 7:45 am to participate in our Leadership Council. One of the biggest takeaways to date is the concept of servant leadership. Before we go in-depth about what that means to us, think about what leadership as a whole means to you!  Servant leadership by definition can vary from one organization to the next and even person to person. At Abyde, everyone has the opportunity to lead in some capacity whether they are managing people and projects or not. We encourage the mentality of leading up rather than a top-down approach. So how can you recognize servant leadership? When the everyday, routine things bring you and those around you success and joy, you are on the right track. It’s about the ability to recognize your actions’ power and impact on the rest of your organization. “We are a team and if someone needs help, I’m always willing to be a helpful hand. This might mean learning something new and growing not only professionally and personally,” said Customer Success Specialist, Sean Harris. Alright stop, collaborate and listen – while Vanilla Ice may be more of a 90s wonder, his words couldn’t sing more true for modern-day servant leaders. If you want to start implementing this in your practice, here are a few things to consider: As cliche as it may be, there is no ‘i’ in team. We believe that we are better together – our ideas, culture, and achievements are best shared as one cohesive unit. One of our teammates, Matt Leatherman said it best, “thinking of others in a team atmosphere is huge. Even if I have hit quota, I like to pass my stronger leads to others to help propel them forward. Understanding we succeed as a team, not individuals, is so important.” The power of one’s success is significant, but the achievements of a team far surpass the benefits of a solo contributor.  Servant leadership can be exercised throughout your entire day, not just in your professional life. Be the person you would look up to. Show others empathy, celebrate the small wins, and be your team’s biggest advocate. “We make a living by what we get. We make a life by what we give.” Winston Churchill

Abyde Values Community Involvement
Abyde News

Abyde Values: Community Involvement

November 3, 2022 Comments Off on Abyde Values: Community Involvement

November 3, 2022 At Abyde, we pride ourselves on our exceptional customer experience, revolutionary software, and thought-leading education. But at the end of the day, we are more than that. Abyde upholds a set of values that guide our employees and company. Community Involvement is one of our values, led by our AbydeCARES team. It was created around the premise that even though we excel in serving our customers, we also are committed to serving our community and our people. That’s why CARES stands for Creating Community and Cultural Awareness Requires Everyone to Serve. And while that’s more of a mouthful than a sandwich from Katz’ Deli, this best represents our mindset that if we’re not giving back to our community and our people, then there’s no reason to be in business. Through AbydeCARES, we have volunteered just over 600 hours and donated more than $30,000. Shout out to some of our incredible CARES partners this year:  How we support them: One of our most cherished partners, we contribute to all of their annual efforts from collecting shoes for their Kick One Back event to attending their birthday bash.  How we support them: During one of their Clear the Shelter weekends, we got down and dirty with their resident dogs and cats helping to get 113 animals adopted.  How we support them: Early this year we bagged hundreds of grocery hauls to later be distributed to our friends in the Tampa Bay area.  How we support them: We teamed up to head out on our routes delivering hot and cold meals directly to doorsteps, easing the burden for those in need.  How we support them: Our team has put in blood, sweat, and tears (ok, maybe not the last one) building homes.  We look forward to adding another partner to the list when we support Keep Pinellas Beautiful by participating in a beach clean-up later this month.  Fostering a sense of community and selflessness promotes a positive culture and opens the door to team building across your organization in a way that far exceeds the day-to-day grind. Our team makes it possible to set the standard for how culture should inspire innovation, growth, and success.  “We make a living by what we get, but we make a life by what we give.” –Winston Churchill  We encourage you to go out there and make a life. Create purpose outside your company’s four walls – we know from experience the impact it will have on your heart.  

Healthcare OSHA Safety and Health Committee
Best Practices, OSHA

All Hands In For the OSHA Safety and Health Committee

October 21, 2022 Comments Off on All Hands In For the OSHA Safety and Health Committee

October 21, 2022 Book clubs are cool. Fantasy football leagues deserve their moment. But do you know what the elite of all groups and clubs is? For us, it’s an OSHA safety committee. The US Department of Labor says, “the safety and health committee is an integral part of the safety and health program, and helps ensure effective implementation of the program at the establishment level.”  We know firsthand that a group is always better together. So what does a safety and health committee even do? The committee helps improve the organization’s understanding of workplace safety and encourages co-workers to follow best practices in order to prevent workplace injury and illness. Additionally, they review current safety programs and recommend changes, as needed, to all safety and health procedures. Think of this committee as a soundboard for employees to voice their concerns and recommendations. Although practices cannot always prevent injuries or illnesses, implementing a safety committee is a significant step to help lower injury and illness rates. And we all know, lower rates equate to happier employees.  The safety and health committee should meet regularly (we recommend a monthly cadence – quarterly at a minimum) and bring its findings to the OSO (OSHA Safety Officer). And because we like to give advice away for free ninety-nine, here are a few ideas to get you started:  Maintaining safety and health is very important, to say the least. And if the US Department of Labor hasn’t given you any indication of that, this is not a solo job. Now let’s get all hands in because it is everyone’s responsibility to ensure a safe work environment. On three… LET’S GO OSHA! Want more on state specifics guidance? Give us a call to discuss industry guidelines.

Are you prepared for OSHA's Workplace Violence Prevention requirements? Learn what you need to do to be compliant.

DOWNLOAD CHECKLIST
X