Legislation

2024 OSHA Law Updates for Healthcare
Legislation, OSHA

2024 OSHA Law Updates for Healthcare

January 24, 2024 Comments Off on 2024 OSHA Law Updates for Healthcare

January 24, 2024 Greetings, safety champions!   At Abyde, we’re obsessed with keeping workplaces hazard-free, which means staying on top of regulatory shifts like OSHA’s 2024 updates. So, grab your safety goggles and buckle up, because we’re about to unpack the need-to-know changes that impact your business. Electronic Injury Reporting Changes: OSHA is now requiring electronic injury reporting of Form 300 – Log of Work-Related Injuries and Illnesses, and Form 301 – Injury and Illness Incident Report for high-hazard industries with 100+ employees on a yearly basis. The Form 300A – Summary of Work-Related Injuries and Illnesses still also needs to be completed. In addition, all companies have to use their legal company names while filing these electronic reports to improve the quality of OSHA’s data. Increased Penalty Fines OSHA is throwing some serious punches when it comes to violations. As of January 16th, all OSHA’s maximum penalties increased from $15,625 per violation to $16,131 per violation. The maximum penalty for repeated violations will increase from $156,259 per violation to $161,323 per violation. Now, that’s one costly mistake! Changes to Hazard Communication Standard Last updated in 2012, It is expected that OSHA will finalize updates to the Hazard Communication Standard. The new HCS will align with the latest edition of the Globally Harmonized System of Classification and Labeling of Chemicals (GHS). This means a shift in how we categorize chemical dangers, with new hazard classes and pictograms potentially finding their way onto labels and Safety Data Sheets (SDSs). Championing Compliance with Abyde At Abyde, we’re your compliance crew, cheering you on every step of the way.  We’ve got a toolbox full of resources to help you understand and promote a culture of compliance in your practice. For more information on how your organization can simplify OSHA compliance for your practice, email info@abyde.com or set up an compliance consultation here. 

HHS Resources on Telehealth Privacy and Security
Cybersecurity, HIPAA, Legislation

Understanding the New HHS Resources on Telehealth Privacy and Security: A Guide for Healthcare Providers and Patients

October 19, 2023 Comments Off on Understanding the New HHS Resources on Telehealth Privacy and Security: A Guide for Healthcare Providers and Patients

October 20, 2023 The telehealth usage surge has revolutionized healthcare delivery, particularly amid the COVID-19 pandemic. While the technology offers numerous benefits, it also raises questions about the privacy and security of Protected Health Information (PHI). Addressing this, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently released two essential resources to educate healthcare providers and patients. In this article, we delve into the key takeaways from these resources and discuss their implications for HIPAA compliance. What Has Been Released? OCR has issued two resource documents: For Healthcare Providers Although HIPAA doesn’t mandate healthcare providers to educate patients about the risks involved in telehealth, the new resource provides valuable guidelines for those who choose to do so. Topics covered include: For Patients Patients are provided with recommendations to protect and secure their health information, such as: Why Is This Important? “Telehealth is a wonderful tool that can increase patients’ access to health care and improve health care outcomes,” says OCR Director Melanie Fontes Rainer. By educating patients and providers about privacy and security risks, OCR aims to build confidence and encourage the responsible use of telehealth technologies. Practical Tips for Health Care Providers Recommendations for Patients Final Thoughts The newly released resources by OCR offer a comprehensive guideline for navigating telehealth’s privacy and security aspects. Healthcare providers should seize this opportunity to improve their practices and educate their patients, enhancing the telehealth experience. For more information on how to stay compliant with HIPAA and other regulations in the healthcare sector, feel free to contact Abyde, your trusted partner in HIPAA and OSHA Compliance.

OCR’s COVID-19 Telehealth Enforcement Discretion Transition Period Ends
Best Practices, HIPAA, Legislation

OCR’s COVID-19 Telehealth Enforcement Discretion Transition Period Ends

August 10, 2023 Comments Off on OCR’s COVID-19 Telehealth Enforcement Discretion Transition Period Ends

August 10, 2023 OCR is Turning Up the Heat as their Telehealth Enforcement Discretion is Sizzling Out! Ah, the sweet heat of summer! That particular time when our ice creams seem to have a faster meltdown than our resolutions of getting that “beach body” (for the third year in a row). Speaking of melting, there’s a hot update simmering in the healthcare compliance oven: the OCR’s telehealth enforcement discretion transition period is officially sunsetting. But before you start sweating more than after a midday August jog, let’s fan ourselves with the facts. What’s Cooking? During the pandemic’s peak, the OCR graciously set our minds (and compliance teams) at ease with a relaxed telehealth enforcement period. Because of the implications of the Public Health Emergency, the government loosened the restrictions on telehealth applications to ensure that patients were still receiving the necessary care needed in a practical manner. Unfortunately, like most summer love stories, the enforcement discretion had to come to an end.  How Can You Protect From Getting Burned? The sun might be blazing outside, but you don’t have to get scorched. Here’s a simple telehealth-protection formula:

OCR HIPAA Telehealth COVID-19 Transition
HIPAA, Legislation

OCR Announces Transition Period for Compliance with HIPAA Rules for Telehealth

April 12, 2023 Comments Off on OCR Announces Transition Period for Compliance with HIPAA Rules for Telehealth

April 12, 2023 As of May 12, 2023, a 90-calendar day transition period will be in effect to provide covered healthcare providers with time to come into compliance with the HIPAA Rules in relation to their provision of telehealth. The transition period will expire on August 9, 2023, at 11:59 p.m. During this period, the OCR will continue to exercise its enforcement discretion. It will not impose penalties on covered healthcare providers for noncompliance with the HIPAA Rules that occur in connection with the good faith provision of telehealth. The Notice of Expiration of Certain Notifications of Enforcement Discretion Issued in Response to the COVID-19 Nationwide Public Health Emergency is available at: https://public-inspection.federalregister.gov/2023-07824.pdf – PDF. This notice marks the end of the enforcement discretion period that was put in place by the OCR to support the healthcare sector and the public in responding to the COVID-19 public health emergency. OCR Director Melanie Fontes Rainer has emphasized that the OCR is committed to supporting the use of telehealth by ensuring that healthcare providers can make the necessary changes to their operations privately and securely in compliance with HIPAA Rules. In addition to announcing the transition period, it’s worth noting that the OCR had previously issued four Notifications of Enforcement Discretion in the Federal Register regarding how the HIPAA Rules would be applied to certain violations during the COVID-19 nationwide public health emergency. These notifications and their effective beginning and end dates are: It’s important to note that these notifications will also expire at 11:59 pm on May 11, 2023, due to the expiration of the COVID-19 public health emergency. The OCR will no longer exercise enforcement discretion for violations that occur after this date, which is why the transition period has been put in place to allow covered healthcare providers to make any necessary changes to their operations to ensure they comply with HIPAA Rules when providing telehealth services. Questions regarding HIPAA and OSHA Compliance, please email Abyde at info@abyde.com or call (800) 594-0883  

HHS Announces New Divisions Within the OCR
HIPAA, Legislation

HHS Announces New Divisions Within the OCR

March 14, 2023 Comments Off on HHS Announces New Divisions Within the OCR

March 14, 2023 EXTRA EXTRA READ ALL ABOUT IT!! The U.S. Department of Health and Human Services, through the Office for Civil Rights (OCR), announced the formation of a new Enforcement Division, Policy Division, and Strategic Planning Division. Why isn’t this front-page news? And why did the HHS need to form three new divisions? “OCR’s caseload has multiplied in recent years, increasing to over 51,000 complaints in 2022– an increase of 69 percent between 2017 and 2022,” said OCR Director Melanie Fontes Rainer. “…reorganization improves OCR’s ability to effectively respond to complaints, puts OCR in line with its peers’ structure, and moves OCR into the future.” The OCR will now reflect the structure set by the U.S. Department of Education’s Office for Civil Rights. The Strategic Planning Division will not only work to coordinate public outreach to protect civil rights and health information privacy. They will also expand data analytics and coordinate data collection across HHS leadership. With the OCR being proactive and educating the public on their rights, now would be the time to make sure you are being proactive with HIPAA. What is something to make sure you are staying compliant and one step ahead of the OCR?  How about your Security Risk Analysis or the “Crown Jewel” of the OCR as we like to call it. It’s the first thing the OCR asks for when they come knockin’. So why not beat them to the punch? You’ll identify and assess potential threats and vulnerabilities to protected health information (PHI), as well as evaluate the effectiveness of the organization’s security measures and policies. A HIPAA Security Risk Analysis is an ongoing process that must be regularly reviewed and updated to ensure that the organization remains in compliance. Guess what, here at Abyde we automate the entire process for you.  Extra, extra, HIPAA violations can result in severe consequences, including fines, legal action, and damage to a healthcare organization’s reputation. Therefore, it is critical for healthcare providers and organizations to prioritize HIPAA compliance and regularly review and update their policies and procedures to ensure they are in line with the latest regulations.

2023 OSHA Fines Increase
Fines, Legislation, OSHA

Inflation Strikes on Eggs and OSHA Fines

January 13, 2023 Comments Off on Inflation Strikes on Eggs and OSHA Fines

January 13, 2023 To keep up with inflation and the ever-changing cost-of-living adjustments, the U.S. Department of Labor announced changes to Occupational Safety and Health Administration (OSHA) civil penalty amounts today. As part of a Congressional act passed in 1990, the Federal Civil Penalties Inflation Adjustment Act, and amended by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015, the Department completes an annual review by January 15th to evaluate and adjust civil money penalty levels against inflation.  We can expect the new penalty amounts, shown below, to take effect on January 17, 2023. Currently, penalties for serious and other-than-serious violations are $14,502 per violation. With the recent update, we are seeing over a $1,000 increase to $15,625. Repeated violations aren’t getting a break either with an increase to $156,259 per violation from the previous $145,027.  Type of Violation Penalty SeriousOther-Than-SeriousPosting Requirements $15,625 per violation Failure to Abate $15,625 per day beyond the abatement date Willful or Repeated $156,259 per violation  Curious about state-specific updates? Per the U.S. Department of Labor, states that operate their own OSHA Plans are required to adopt maximum penalty levels that are at least as effective as Federal OSHA’s. State Plans are not required to impose monetary penalties on state and local government employers.  This new rule goes into effect on January 15, 2023. It will apply to any penalties assessed after January 15, 2023.  Before you go egging the next OSHA enforcement officer you come in contact with, remember that these annual updates are in place to remind you of the importance of maintaining a safe and healthful work environment.

North Carolina Increases State OSHA Penalties
Fines, Legislation, OSHA

North Carolina Department of Labor Increases State OSHA Penalties and Updates Investigation Timelines

October 13, 2022 Comments Off on North Carolina Department of Labor Increases State OSHA Penalties and Updates Investigation Timelines

October 13, 2022 Do you get surprised and frustrated when policies change? How about when your bill was more expensive than you originally thought? We can relate. The North Carolina Department of Labor increased state OSHA penalties and investigations to match current Federal OSHA standards through the Appropriations Act. Starting October 1st, fines will increase and follow the same pattern every January 1st. Prior to this change, if a practice was fined the maximum under NC OSHA the cost to the practice would be: Wow, that’s a lot of dough – and we’re not talking about the pizza or cookie kind! And if you though that was expensive, here is what a violation will cost now: Notice anything special about the fines above? Some can be “per day”. We all know time is money and there’s no exception when it comes to OSHA. Not only are the penalties changing, but the time frame to issue citations is as well. Previously, citations could be levied up to six months from initial reporting. Also being implemented on October 1st, NC OSHA has six months from the first inspection to levy a citation, not from initial reporting like before. Don’t get me wrong – we love a good limbo at a party, but not when it comes to OSHA citations! The famous Pablo Piccaso said, “Action is the foundational key for all success”. With North Carolina amending a few OSHA policies, take the time to educate yourself to avoid any costly violations.

2022 New Office for Civil Rights Director
HIPAA, Legislation

The Department of Health and Human Services Appoints Melanie Fontes Rainer as the New Office for Civil Rights Director

September 19, 2022 Comments Off on The Department of Health and Human Services Appoints Melanie Fontes Rainer as the New Office for Civil Rights Director

September 19, 2022 Did you check the news??? There’s a new sheriff in town and her name is Melanie Fontes Rainer! Recently announced, the Department of Health and Human Services (HHS) has appointed former Acting Director, Melanie Fontes Rainer, as the new Director of the Office for Civil Rights (OCR). Fontes Rainer has extensive experience in her career, serving as an Acting Director for the OCR and before that Counselor to Secretary Becerra.  Secretary Becerra stated, “Melanie has devoted her entire professional career to public service and has worked tirelessly to ensure that health care is accessible, affordable, and available to all, no matter where you live or who you are.” Fontes Rainer brings over 10 years of experience in civil rights, healthcare policy, and patient privacy. She was also involved in the 21st Century Cures Act, the Affordable Care Act, and the No Suprise Act. Fontes Rainer took part in ground-breaking settlements and created the first office that focused on health care rights and access in California. Melanie’s background, combined with her passion, will prepare her for the challenges she will face in her new role as OCR Director.  It is important to take into account that after Lisa J. Pino, former OCR Director, was appointed last year, we saw a surge in enforcement cases right away. Only a few months into Pino’s appointment as director, the OCR announced five Right of Access settlements in one day. This year we have already seen 17 including a record-breaking day with 11 settlements announced in just one day alone. With settlements totaling $1,992,140 already in 2022, the OCR clearly isn’t done yet. As we can see, between HIPAA violations, cybersecurity issues, and personal information privacy, practices continue to face challenges this year. But we can also see that Fontes Rainer is here to help, bringing years of expertise and fiery passion to the table. She enforces healthcare regulations, promotes healthy practice operations, and protects patient health information across the country. With years of dedication to civil rights and medical privacy, we can definitely expect to see a lot of settlements surfacing with Fontes Rainer in town.  

HIPAA Telehealth and Public Health Emergency Expiration
HIPAA, Legislation

HHS’s Recent HIPAA Guidance on Telehealth and Public Health Emergency Expiration

July 11, 2022 Comments Off on HHS’s Recent HIPAA Guidance on Telehealth and Public Health Emergency Expiration

July 11, 2022 Think you finally got the hang of telehealth? Don’t get too comfy just yet! The OCR recently released guidelines on how covered health care providers and health plans should utilize their remote communication technology to deliver audio-only telehealth services while also complying with HIPAA requirements. Why is Telehealth important? Let’s start at the beginning. Telehealth contributes to increasing a practice’s value and security by expanding access to health care across the nation and providing certain users who have difficulty using audio and video telehealth technologies. When systems are not properly secured, they pose risks to patient safety, health, and data. Cyberattacks and ransomware are extremely common in Telehealth and may quickly create issues that disclose medical information and other sensitive information. As a practice, it is critical and worthwhile to maintain excellent Telehealth especially now a days with the increased funding and resources the OCR has available. OCR Director, Lisa J. Pino, states, “Audio telehealth is an important tool to reach patients in rural communities, individuals with disabilities, and others seeking the convenience of remote options. This guidance explains how the HIPAA Rules permit health care providers and plans to offer audio telehealth while protecting the privacy and security of individuals’ health information.” With the OCR’s Telehealth Notification system possibly being taken down as early as July 15th, 2022, we recommend that practices stay alert and take every precaution by using your friendly, easy to use HIPAA-compliant software (hint Abyde) to assure full compliance today. The first step in remaining alert is to follow the guidance issued by the OCR in response to the recent news that the Telehealth Notification system may be shut down. The guidance below specifies the conditions under which telehealth may be utilized.  The HHS is authorizing HIPAA-covered businesses to conduct telehealth and audio-only services using remote communication technology. However, these services must be provided in a private environment to the best of the entity’s abilities, and the individual’s identification must be verified. Even though HIPAA does not apply to audio-only telehealth services delivered through electronic communication methods, when offering telehealth services through mobile devices or applications, practices may face HIPAA compliance issues. Therefore, practices should identify all potential risks and vulnerabilities to PHI confidentiality as part of the risk analysis process prior to the completion of the PHE. Abyde will do anything possible to make sure you’re on top of your compliance game because the OCR may show up at any time! Allow us to guide you through these future changes – from our incredibly simple software to our readily available education, we will be your buddy in ensuring that you are prepared for any obstacles that show up at your door.

OCR HIPAA Budget Proposal
HIPAA, Legislation

MORE MONEY, MORE PROBLEMS? OCR Budget Proposal Will Result in Greater Enforcement and More Fines

May 16, 2022 Comments Off on MORE MONEY, MORE PROBLEMS? OCR Budget Proposal Will Result in Greater Enforcement and More Fines

May 16, 2022 If you think the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) isn’t zeroed in on compliance, think again. OCR recently announced its request for a 55% increase in its overall funding, for a total of $60.2 million for the 2023 fiscal year. While this number may seem shocking, their plans for the money may make your jaw drop.  Let’s take a look at why the increase is needed.  Nearly 46,000 complaints were received in FY 2021, a dramatic increase from nearly 2,000 in 2003. Just this year, they’re expecting more than 28,000 related strictly to HIPAA. OCR states, “given the trend in complaints to OCR as well as the priorities articulated by the Administration, OCR anticipates a significant increase in the number of civil rights, information breaches, and cybersecurity complaints.” OCR opens an investigation for any breach that affects more than 500 people. In 2021, there were 714 of those instances, more than 30% growth over the last two years. Currently, OCR is limited to how many of these they can conduct a full investigation on. Imagine how powerful this could be if granted the resources to execute the necessary amount?! In addition, OCR is looking to add more regional investigators to address the backlog of existing complaints. With a goal of clearing the backlog by FY 2026, $8 million will be allocated to address the existing complaint inventory. OCR supports adding new regional investigators to “resolve new civil rights and HIPAA cases, address the backlog of complaints, and initiate compliance reviews in the Administration’s priority areas.” With a staff of 77 in 2020, they plan to add an additional 37 investigators and supervisory investigators in FY 2023. The budget accounts for a total increase of 64%, equating to 91 new employees. More staff could mean more knocks on your door!  Still think that you’re the one that got (or will get) away?! This next bit is for you. Increasing fines and the institution of injunctive relief are more immediate than 2023.  Not sure what a HIPAA violation could cost you? Don’t go get a tattoo of these any time soon – OCR is requesting increases based on a federal court evaluation. In 2019, then-OCR Director Roger Severino published a “notice of enforcement discretion” complementing the HITECH Act basing violation amounts on the party’s awareness and fault. While you could imagine this leaves some room for interpretation, the tiered fine structure will remain in place. Changing lanes, Injunctive relief essentially restrains a party from a certain action. OCR regulator, Adam Greene openly notes the HITECH Act “provides attorneys general with authority to seek injunctive relief.” Green continues to state, “If OCR were given authority to obtain injunctive relief, then it could require entities to take or discontinue actions –such as by requiring an entity to provide an individual with access to records or to discontinue a use or disclosure of protected health information – rather than only being able to penalize the entity after an act or omission occurs.” If you still aren’t convinced that OCR means business, let’s wrap up with a summary of what their request for extra dollar signs means for you. An increase in budget simply equates to an increase in resources – more employees to not only attack the existing backlog but the ability to complete more in-depth and frequent investigations. Higher fines and more meaningful corrective action plans mean greater penalties and violation costs. We hope you take your compliance seriously, OCR certainly is! Let us navigate these upcoming changes with you – from our simple software to our readily available education, we will be your companion in confidence that you are set up for any OCR changes that come our way.