ABYDE FOR NORTH CAROLINA MEDICAL SOCIETY MEMBERS

It's time for stress-free compliance.

  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

LATEST COMPLIANCE NEWS

Mid-Year Healthcare Compliance 2025

Mid-Year Check-Up: Are You Up-to-Date on Healthcare Compliance?

June 26, 2025   Healthcare compliance is an ever-evolving landscape, with new initiatives and updates announced to better protect patients and staff. As the year progresses to its midpoint, it’s crucial to seize this opportunity to stay informed on the latest developments in the field.  HIPAA and OSHA both have new significant updates that will directly impact practices.    New HIPAA Security Rule Legislation In December 2024, the Office for Civil Rights (OCR) released proposed updates to the HIPAA Security Rule.  One of the pillars of the Health Information Portability and Accountability Act, the Security Rule focuses on the safeguards that must be deployed to keep Protected Health Information (PHI) secure.  In response to the rise of large breach ransomware attacks, which have nearly tripled in the last several years, the OCR is increasing cybersecurity requirements when handling patient PHI.  For instance, under this new legislation, some new requirements include an asset log, network segmentation, and multi-factor authentication. These requirements are all heightened precautions when protecting patient data.  Under this new legislation, the vendors your practice works with will also experience increased scrutiny. For example, under this proposed rule, Business Associates (BAs) now must have their compliance practices verified by a cybersecurity expert annually. BAs must also alert Covered Entities within 24 hours after a breach with a contingency plan.  These soon-to-be added responsibilities demonstrate the vital role BAs play in protecting patients. The comment period for these updates wrapped up in March, and the OCR is reviewing all 4,000 comments before a final rule is announced.    Workplace Violence Prevention Legislation  When healthcare workers are five times as likely to experience workplace violence, federal legislation is soon to follow.  While Workplace Violence Prevention currently falls under the General Duty Clause of OSHA, or the basic requirement of providing a safe workplace for employees, state-level legislation focused on this continues to go into effect. State legislation regarding this vastly differs. Nearly every state has heightened charges for attacking a healthcare worker, being classified as a felony rather than a misdemeanor. Still, now many are requiring specialized training and reporting requirements specifically addressing violence in healthcare workplaces. For example, California, Texas, and Virginia all have comprehensive healthcare workplace violence plans. California even requires near misses and threats to be logged for the state.  While federal legislation has not been released yet, a Notice of Proposed Rulemaking (NPRM) will likely be announced this year.    HIPAA Audit Program & Risk Analysis Initiative The OCR has reintroduced the HIPAA Audit Program, randomly selecting HIPAA-regulated entities and reviewing their current HIPAA programs. The last time this program was in effect was in 2017.  The last round of audits found that 86% of Covered Entities could not produce a compliant Security Risk Analysis (SRA) when prompted by the OCR. The SRA is a thorough assessment of the safeguards and routines currently in place to secure PHI.  Practices frequently overlook the Security Risk Analysis (SRA), yet it’s a primary defense, proactively addressing concerns. In fact, the OCR’s October 2024 Risk Analysis Initiative specifically targets practices that fail to complete an SRA, and this initiative has already resulted in nearly a million dollars in fines.   Right of Access Fines Improper patient records release continue to be a common pitfall for practices. Records must be provided to patients within 30 days of a request. With over 50 enforcements of the Right of Access Initiative, millions of dollars have been paid by practices.   This easily preventable fine highlights the significant impact of patient complaints (the leading cause for investigations) and the OCR’s diligence in addressing Right of Access violations.   Getting Prepared for the Rest of the Year While it feels like new initiatives are frequently being announced by the OCR, it is your practice’s responsibility to implement new updates. With the right HIPAA compliance program, smart software can ensure your practice will always be prepared, with new legislation instantly updating in the software.  To learn more about what’s next in HIPAA, watch our latest webinar regarding current events in HIPAA here.

Read More »
OSHA Healthcare Fine

OSHA’s Rapid Response: Why Every Practice Needs a Safety Culture

June 19, 2025 The success of your practice hinges on the safety of your staff. When staff feel unsafe, OSHA quickly demonstrates its commitment to staff protection.  A recent healthcare OSHA fine highlights how efficiently OSHA complaints are handled.  Opulent Pediatrics faced expedited penalties following a staff complaint, just months after the initial complaint.  From the case opening in March to its resolution in June, OSHA underscored the severity and importance it places on staff complaints. Complaints are also the most common way HIPAA investigations are initiated.  This rapid response showcases the need for practices to provide a safe work environment and foster a culture of compliance, empowering staff members to communicate needs and concerns.    What Happened? In March 2025, a staff member of Opulent Pediatrics sent a formal complaint to OSHA due to unsafe working conditions. The Roanoke regional office investigated the pediatric practice unannounced, not providing time for the practice to address any concerns.  Following their investigation, it was discovered that the practice violated several safety requirements, such as bloodborne pathogen safety, improper medical services, or missing first aid unavailable to staff, improper handling of wiring and equipment, and insufficient hazard communication documentation. After the investigation, by April, OSHA noted seven citations and issued an initial penalty of over $14,000. It’s inferred that the practice was willing and cooperative, with the final fine totalling over $2,000 by the abatement date in May.    Protecting Staff in Healthcare While Opulent Pediatrics dodged a more significant fine, this enforcement action demonstrates OSHA’s swift investigative response to complaints. From the initial investigation to its conclusion, the case only took three months. OSHA can and will investigate without notice, so ensure your OSHA program documentation is readily available.  With the right tools, ensuring staff safety can be simplified. In this case, training and proper documentation could have avoided these fines. Consider how an intelligent OSHA software solution centralizes training, such as for bloodborne pathogens, hazard communication, and all other OSHA documentation, making it easily accessible to every staff member within a compliance hub. Moreover, by prioritizing safety in your practice, staff can feel empowered to communicate concerns.  To learn more about streamlining OSHA compliance in your healthcare practice, schedule a consultation with an expert today. 

Read More »

READY TO BE STRESS-FREE?