Let’s be honest: compliance can be complicated. With all the regulations, sometimes it feels like you’re making mistakes you don’t even know. 

But with Abyde, it doesn’t have to be. 

We have an A-list Customer Success team, ready to answer your questions. This week, we’re rolling out the red carpet for these compliance experts We’re interviewing our CS celebs on the HIPAA and OSHA questions they receive the most. Read below to get the inside scoop on what you need to know for your practice. 

A child on a parent’s insurance just turned 18, while I know they have to sign consent forms, do the parents need consent to see or request their records? 

Sorry, new grown-ups! Parents do not need consent to see their child’s records, they can do so for the purposes of insurance, or payment. It has to be the minimum information shared.

Oh no! An employee was poked with a contaminated needle and needs to be tested. Who is responsible for paying for the tests? 

The employer! It is the employer’s responsibility to take care of their employee in this situation. Whether it be through their insurance or Workers’ Compensation, or paying it directly, it is the employer’s responsibility. 

Why do I need a Business Associate Agreement, aren’t they already HIPAA compliant?

First, Business Associate Agreements are a requirement of HIPAA, and outline the rights and responsibilities of a Business Associate (BA) and a Covered Entity’s (CE) partnership. The BA agreement keeps both parties on the same page and protects your practice if there is a breach on their end, having this documented expectation of a BA’s responsibilities. 

Why do I need to ask my employees if they’ve received their Hepatitis B vaccination? 

Well, if the employee has the potential to be exposed to Bloodborne Pathogens (BBP) or Other Potentially Infectious Materials (OPIM), the employer has to give them the option to be vaccinated. Depending on the state, your employees must be vaccinated against Hepatitis B. 

Do the doctors have to do HIPAA/OSHA Training? They own the practice. 

Yes, even if doctors own their practice, they still need to ensure compliance with HIPAA.

All employees must complete training, even the owner of the practice. 

 HIPAA regulations are designed to protect patients’ sensitive health information, regardless of whether the provider is part of a large institution or an independent practice. 

Therefore, doctors who own their practice must undergo HIPAA training to understand their responsibilities and ensure that their practice adheres to HIPAA regulations.

Do I need to report my breach to the OCR? 

Just like a fender bender doesn’t require the same reporting as a 10-car pile-up, not all breaches need to be reported. For instance, breaches that affect 500 or more patients must be reported to the OCR. 

However, you will want to log ALL incidents in your Abyde Breach Log, even if OCR reporting isn’t necessary.

As you can see, our compliance experts are here to clear up any compliance confusion for you. At Abyde, we want to simplify compliance for your practice or business, and our awesome CS team is a testament to that. To learn more about how Abyde is the solution for all of your compliance worries, email us at info@abyde.com and schedule a compliance consultation here for Covered Entities, and here for Business Associates.