12.09.2019 Views

First Healthcare Compliance CONNECT September 2019

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

®<br />

<strong>CONNECT</strong><br />

An Exclusive Monthly Publication for Clients<br />

<strong>First</strong> <strong>Healthcare</strong><br />

<strong>Compliance</strong> Announces<br />

Expert Presenters for<br />

HIPAA Privacy and<br />

Security Summit<br />

Surviving an OCR Audit<br />

– Lessons Learned<br />

Q&A: HIPAA and<br />

Health Apps<br />

<strong>First</strong> <strong>Healthcare</strong><br />

<strong>Compliance</strong> Welcomes<br />

Nicholas Heesters of<br />

OCR as Distinguished<br />

Speaker<br />

Medical Cannabis – How<br />

it’s Working in Maryland<br />

& Nationally<br />

New Training<br />

Modules<br />

Client FAQ Corner<br />

<strong>September</strong> <strong>2019</strong>


Got a Minute? Please Rate Us!<br />

The health of our company depends on our best<br />

clients spreading the word about us.<br />

That’s you!<br />

Share Your Success Story<br />

An endorsement by you is the greatest compliment we<br />

could receive! Please take a moment of your time to rate<br />

us online so that others can benefit from your experience.<br />

It’s a simple way to help us grow and improve.<br />

We appreciate your support and look forward<br />

to hearing from you!<br />

In This Issue:<br />

Share Your Success Story<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> Announces Expert Presenters for HIPAA Privacy and Security<br />

Summit<br />

Surviving an OCR Audit – Lessons Learned<br />

2<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>


<strong>Compliance</strong> Super Ninja<br />

Pamela Setufe, MHA, FACMPE, CPCS, CPCO<br />

Chief <strong>Compliance</strong> Officer, Director of Contracting, Credentialing & Insurance Risk Gonzaba Medical Group<br />

How would you describe your experience with <strong>First</strong> <strong>Healthcare</strong><br />

<strong>Compliance</strong>?<br />

Amazing! The response from the support team, especially Desiree has been great. I<br />

can always count on the support and technical staff to help address any questions<br />

or help I need in a timely manner. The system is easy to use, and I want to add that<br />

the trainings are also up to date with the current changes in healthcare law and<br />

regulations. Thank you for a great product and service!!!<br />

What do you enjoy most about working with Gonzaba Medical Group?<br />

Gonzaba Medical Group is where to send your family, if you want a trusted provider to<br />

care for them in San Antonio, TX. I have been working here since January 2008 and I<br />

can’t stop talking about the miracles that happen here every day. I especially love the<br />

diversity of what I do in my role…and one thing I truly appreciate is how everybody<br />

strives to live by the purpose of GMG, which is to “Serve our Patients Como Familia –<br />

Like Family”. Most of our facilities are considered a one-stop-shop, and if not, care is coordinated to make sure our patients only<br />

see specialists that have proven outcomes that yield healthier lives for our family. I tell people, what can be better than to work<br />

at a place where everyone you work with is considered family, and all you do together all day is to take care of family members<br />

(patients) who come to pay us a visit! Simply the best!<br />

Would you rather travel the US to see the sights in a motorhome or by plane? Why?<br />

Motorhome of course...! – I definitely want to see and explore the sights and sounds of the US in<br />

person and up close. Even though traveling by plane would be faster, nothing beats engaging with<br />

the locals on the ground, enjoying the diverse sights, food, music and cultures along the way…<br />

definitely something to add to the bucket list!<br />

Client FAQ Corner<br />

1st Talk <strong>Compliance</strong> - Medical Cannabis – How it’s Working in Maryland & Nationally<br />

Q&A: HIPAA and Health Apps<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> Welcomes Nicholas Heesters of OCR as Distinguished Speaker<br />

Contact Toll Free: 888-54-FIRST 3


Surviving an OCR Audit – Lessons Learned<br />

By Catherine Short<br />

Raymond Ribble is the founder of SPHER<br />

Inc. and co-founder of Fusion Systems<br />

Co., Ltd. Ray leads the SPHER organization<br />

as they deliver privacy & security<br />

cybersecurity solutions in healthcare.<br />

He will lead the presentation Surviving<br />

an OCR Audit – Lessons Learned at the<br />

upcoming HIPAA Privacy and Security<br />

Summit on November 14.<br />

SPHER represents the leading SaaS-based privacy<br />

monitoring security solution for HIPAA <strong>Compliance</strong>,<br />

Meaningful Use, and MIPS offering overall protection of<br />

patient health information.<br />

Ray participates in a number of healthcare groups, speaks<br />

at universities, industry conferences and webinars, while<br />

actively contributing to the growing awareness of the need<br />

to identify unauthorized access to PHI and breach detection.<br />

With over 25 years in the technology industry, Ray has been<br />

involved in delivering solutions for multiple industries from<br />

Aerospace with Northrop, to investment banking financial<br />

systems in Asia for many of the world’s top banks, to the<br />

recent creation of machine learning-based solutions for the<br />

US <strong>Healthcare</strong> markets.<br />

Ray remains active in international businesses and<br />

technology communities including: PHI Protection Network,<br />

Medical Identity Fraud Alliance, the American Chamber of<br />

Commerce in Japan (ACCJ) as past Co-Chairman of the ICT<br />

Committee, the Japan America Society, the YMCA, as well<br />

as many charities.<br />

Ray holds a BSc. in Aerospace Technology & Management<br />

from Western Michigan University, and completed his<br />

advanced Japanese Studies at UCLA.<br />

4<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>


Client FAQ Corner<br />

Are healthcare providers required to provide HIPAA training to<br />

independent contractors?<br />

If the individual is not part of the provider’s workforce and they perform certain<br />

functions or activities that involve the use or disclosure of protected health information<br />

on behalf of, or provides services to, the provider, then they are a business associate.<br />

Workforce is defined as employees, volunteers, trainees, and other persons whose<br />

conduct, in the performance of work for a covered entity (provider) or business<br />

associate, is under the direct control of such covered entity or business associate,<br />

whether or not they are paid by the covered entity or business associate.<br />

It is common to overlook a business associate who has been working in your<br />

organization for a long period of time. If the individual is an independent contractor,<br />

issued a 1099 form, and performs functions that involve PHI, he/she must sign a<br />

Business Associate Agreement. And not doing so can be costly. Every time a business<br />

associate accesses your patients’ information without the proper agreement, your<br />

organization is potentially exposed to very large fines stemming from noncompliance<br />

with the HIPAA Privacy Rule. Equally important is hiring independant contractors that<br />

are aware of their HIPAA requirements. If they have not participated in an annual<br />

HIPAA training program, then it is best to assign these individuals training from our<br />

system.<br />

Explore the FAQs tab in your compliance solution to find<br />

answers to your compliance questions!<br />

Contact Toll Free: 888-54-FIRST 5


<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> Announces Expert<br />

Presenters for HIPAA Privacy and Security Summit<br />

By Julie Sheppard, BSN, JD, CHC<br />

Delaware Law School and <strong>First</strong> <strong>Healthcare</strong><br />

<strong>Compliance</strong> Announce Schedule of<br />

Expert Presenters for HIPAA Privacy and<br />

Security Summit<br />

November 14, <strong>2019</strong><br />

The HIPAA Privacy and Security Summit is a joint effort<br />

of Widener University Delaware Law School and <strong>First</strong><br />

<strong>Healthcare</strong> <strong>Compliance</strong> to provide timely updates for<br />

professionals serving in healthcare, business and legal<br />

roles. The full day event will be held on November 14,<br />

<strong>2019</strong> in Ruby R. Vale Moot Courtroom at the Delaware<br />

Law School and will include continental breakfast, lunch,<br />

CLE and CEUs, and a complimentary copy of the HIPAA<br />

Privacy and Security book by <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>.<br />

Registration is open to the public.<br />

Expert presenters will discuss regulations and real-life<br />

scenarios related to HIPAA privacy and security including<br />

Business Associates, responses to cybersecurity incidents,<br />

audits, breaches, HIPAA best practices and more. Attendees<br />

will be eligible to receive multiple learning credits. The fastpaced<br />

schedule provides ample opportunity for networking<br />

in addition to expert educational sessions.<br />

8−8:15 a.m.<br />

Registration and Continental Breakfast<br />

8:15−8:30 a.m.<br />

Opening Remarks and Welcome<br />

8:30−9:30 a.m.<br />

Iliana Peters, Esq.<br />

It’s Midnight. Do you know where your data<br />

is?<br />

9:30−9:40 a.m. Break<br />

6<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>


9:40−10:40 a.m.<br />

Jo-Ellyn Sakowitz Klein, CIPP/US<br />

Buying a Breach: HIPAA Best Practices in<br />

M&A<br />

10:40−10:50 a.m. Break<br />

10:50 a.m. -11:50 a.m.<br />

Rebecca Rakoski, Esq.<br />

HIPAA is Not the Only Game in Town: How<br />

New Domestic and International Data<br />

Privacy Regulations are Changing the Face<br />

of <strong>Healthcare</strong><br />

11:50 a.m. − 12:20 p.m.<br />

Lunch Break and Announcements<br />

12:20−12:50 p.m.<br />

Distinguished Speaker<br />

Nicholas P. Heesters, Jr., MEng, JD, CIPP<br />

Health Information Privacy Security<br />

Specialist<br />

HIPAA <strong>Compliance</strong> & Enforcement<br />

U.S. Dept. of Health and Human Services<br />

Office for Civil Rights<br />

12:50−1:50 p.m.<br />

Rachel Rose, Esq.<br />

HIPAA and the HITECH Act: Recent Case Law,<br />

Statutory Changes and<br />

Penalty Assessments<br />

1:50−2:50 p.m.<br />

Ray Ribble, President of Spher, Inc.<br />

Surviving an OCR Audit – Lessons Learned<br />

2:50−3:00 p.m. Break<br />

3:00−4:00 p.m.<br />

Jennifer Brady, Esq.<br />

Business Associates under HIPAA:<br />

<strong>Compliance</strong> Requirements, Liability<br />

Considerations, and the Anatomy of a<br />

(Business Associate) Breach<br />

4:00−5:00 p.m.<br />

Kathleen McNicholas MD, JD, CHC, CCEP<br />

HIPAA and Ethics<br />

REGISTER NOW<br />

Early Bird<br />

Tickets Ends<br />

October 1!<br />

Contact Toll Free: 888-54-FIRST 7


Q&A: HIPAA and Health Apps By Catherine Short<br />

Rachel V. Rose, JD, MBA, presented the<br />

webinar “HIPAA and Health Apps.” Rachel<br />

returned to answer many commonly<br />

asked questions on our blog.<br />

How has HIPAA evolved to address mobile<br />

technology?<br />

HIPAA was signed into law in August 1996. Subsequently,<br />

the Privacy Rule and Security Rule were implemented.<br />

In 2009, the HITECH Act passed and with it came an<br />

increased focus on security of protected health information<br />

(PHI) and breach notification. Finally, on January 25, 2013,<br />

the Final Omnibus Rule was published (78 Fed. Reg. 5566<br />

(Jan. 25, 2013)). In general, the U.S. Department of Health<br />

and Human Services – Office for Civil Rights has primary<br />

jurisdiction over HIPAA enforcement for covered entities,<br />

business associates and subcontractors. Other agencies<br />

such as the Federal Trade Commission (FTC) and the Food<br />

and Drug Administration (FDA) also play a role.<br />

In terms of mobile technology and health apps in particular,<br />

HHS recently published FAQs – a series of five questions<br />

and answers that target a covered entity’s liability when<br />

transferring a patient’s data to an app. Additionally, over the<br />

past couple of years, the FDA has released guidance on<br />

mobile medical apps – specifically those medical apps the<br />

8<br />

FDA will regulate and those that it won’t, which depends on<br />

the app’s function.<br />

What is covered under ePHI?<br />

ePHI, which is also known as electronic protected health<br />

information, is protected health information that is<br />

produced, saved, transferred or received in an electronic<br />

form. This can include USB drives, CD-ROMS, email, apps<br />

and VoIP technology. The management of ePHI is covered<br />

under the Security Rule.<br />

What steps can companies take to ensure<br />

compliance?<br />

One can think of compliance as an inverted triangle –<br />

start with a broad base at the top and narrow the focus<br />

into different departments and the relevant technical,<br />

administrative and physical safeguards set forth in the<br />

Security Rule. The top should include forming an enterprise<br />

risk management team and conducting an annual,<br />

comprehensive risk analysis that every team member<br />

reads. From there, understanding the ingress and egress<br />

of protected health information, the vulnerabilities and<br />

compliance solutions identified in the risk analysis can be<br />

addressed.<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>


Get our eBook by Andrew Wilson!<br />

• What is Telemedicine?<br />

• Telemedicine FAQ’s<br />

• Elements of a<br />

Telemedicine Program<br />

• Are You Ready For<br />

Telemedicine?<br />

And don’t miss Andrew’s past<br />

webinar with us, “Telemedicine<br />

<strong>Compliance</strong> Primer – Using<br />

Delaware as a Model” available<br />

in podcast or on YouTube format.<br />

Download your copy today<br />

Are there any National Institute for<br />

Standards and Technology (NIST)<br />

publications that address privacy,<br />

security and mobile apps?<br />

Yes. Two key NIST special publications are SP 800-124,<br />

Rev. 1, Managing the Security of Mobile Devices in the<br />

Enterprise and SP 800-53, Rev. 5, Security and Privacy<br />

Controls for Info Systems and Organizations. Both of these<br />

publications provide useful frameworks for achieving<br />

compliance to ensure that the confidentiality, integrity and<br />

availability of the data is maintained, even on an app.<br />

Be on the lookout for Rachel on our radio program, 1st<br />

Talk <strong>Compliance</strong> in October <strong>2019</strong>. Take a look at our<br />

brand-new book: HIPAA Privacy and Security, and our<br />

online compliance training courses such as What is<br />

HIPAA?, and HIPAA Business Associate Agreements<br />

Under HITECH. And check out Rachel’s other blog Recent<br />

HHS Guidance Underscores the Importance of HIPAA<br />

<strong>Compliance</strong>. Come hear Rachel Rose speak live at the<br />

HIPAA Privacy and Security Summit, November 14, <strong>2019</strong><br />

at Delaware Law School.<br />

Rachel V. Rose – Attorney at Law, PLLC (Houston,<br />

Texas) – represents clients on healthcare, cybersecurity,<br />

securities and qui tam matters. She also teaches bioethics<br />

at Baylor College of Medicine. She has been consecutively<br />

named by Houstonia Magazine as a Top Lawyer<br />

(<strong>Healthcare</strong>) and to the National Women Trial Lawyer’s Top<br />

25. She can be reached at rvrose@rvrose.com.<br />

Be on the lookout for Rachel on our radio program<br />

1st Talk <strong>Compliance</strong> in <strong>September</strong> <strong>2019</strong>. 1st Talk<br />

<strong>Compliance</strong> in <strong>September</strong> <strong>2019</strong>.<br />

Contact Toll Free: 888-54-FIRST 9


<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> Welcomes Nicholas<br />

Heesters of OCR as Distinguished Speaker<br />

By Catherine Short<br />

Delaware Law School and <strong>First</strong> <strong>Healthcare</strong><br />

<strong>Compliance</strong> announce that Nicholas<br />

Heesters of the HHS Office of Civil Rights<br />

will serve as the Distinguished Speaker<br />

at the second annual HIPAA Privacy and<br />

Security Summit on November 14, <strong>2019</strong>.<br />

Nicholas Heesters is a certified information privacy<br />

professional with over 25 years of experience supporting<br />

technology and information security across many diverse<br />

industries. Mr. Heesters earned his Master of Engineering<br />

in Computer and Software Engineering from Widener<br />

University and Juris Doctor from the Widener University<br />

School of Law. Currently, Mr. Heesters leads a team of<br />

security professionals supporting OCR’s HIPAA Security<br />

Rule compliance and enforcement activities for the U.S.<br />

Department of Health and Human Services Office for Civil<br />

Rights.<br />

HIPAA is an important issue among healthcare, business,<br />

and legal professionals nationwide. This presentation will<br />

focus on trends in breaches of protected health information<br />

(PHI) reported to OCR as well as updates with respect to<br />

OCR’s HIPAA policy and enforcement activities. Attendees<br />

will have the opportunity to participate in a helpful question<br />

and answer session.<br />

The HIPAA Privacy and Security Summit is a joint effort of<br />

Delaware Law School and <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> to<br />

provide resources for professionals facing the challenges<br />

of HIPAA compliance. The full day event will be held in<br />

Ruby R. Vale Moot Courtroom at the Delaware Law School<br />

and will include continental breakfast, lunch, and multiple<br />

opportunities for continuing education credits. Attendees<br />

are eligible to receive 7.5 CLE credits (6.5 substantive, 1<br />

10<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>


ethics) in Delaware, New Jersey, and Pennsylvania. This<br />

program has been approved for 7.5 continuing education<br />

unit(s) by Practice Management Institute® and PAHCOM.<br />

The <strong>Compliance</strong> Certification Board (CCB)® has approved<br />

this event for up to 10.2 CCB CEUs. Continuing Education<br />

Units are awarded based on individual attendance<br />

record. Granting of prior approval in no way constitutes<br />

endorsement by CCB of this event content or of the event<br />

sponsors. Registration is available to the public.<br />

About Delaware Law School: Widener University is a<br />

metropolitan university that connects curricula to social<br />

issues through civic engagement. Dynamic teaching,<br />

active scholarship, personal attention, applied leadership,<br />

and experiential learning are key components of the<br />

Widener experience. Delaware Law School is the<br />

<strong>First</strong> State’s only law school, providing a Juris doctor,<br />

legal graduate and paralegal degree programs with<br />

an emphasis on developing legal professionals who<br />

reflect the Delaware Way and its traditions of civility,<br />

integrity and mutual respect. The school offers signature<br />

programs in corporate and business law, environmental<br />

law, family health law and policy, trial advocacy, and<br />

dignity rights.<br />

The most comprehensive<br />

healthcare compliance course<br />

The Fundamentals is a userfriendly,<br />

four-module online<br />

course designed to help<br />

healthcare professionals<br />

understand the essential<br />

principles and practices of<br />

compliance.<br />

Written by our “dream team”<br />

of healthcare providers and<br />

attorneys, The Fundamentals<br />

course is packed with useful, easy-to-understand<br />

information that covers HIPAA, OSHA, employment law<br />

and enforcement of federal healthcare laws.<br />

The course takes less than four hours to complete, and<br />

the modules can be viewed in any order. A certificate<br />

of course completion is provided following successful<br />

completion of the online course and exam.<br />

Buy Course Today<br />

Early Bird<br />

Tickets Ends<br />

October 1!<br />

Contact Toll Free: 888-54-FIRST 11


hosted by Catherine Short<br />

Catherine Short speaks with Gene M. Ransom, III, CEO of the largest and oldest physician<br />

organization in Maryland, MedChi, The Maryland State Medical Society. As MedChi’s chief<br />

executive, Ransom spearheads MedChi’s mission as an advocate for physicians, patients, and<br />

the public health of Maryland. Today, we will be discussing “Medical Cannabis – How it’s<br />

Working in Maryland & Nationally.” We will be examining the use of Medical Cannabis in<br />

Maryland, review the legal framework regarding its use, and discuss the practical aspects of<br />

the dispensing of medical cannabis from the healthcare provider’s perspective, including the<br />

unique role of the recommender.<br />

Listen weekdays at<br />

7:30am, 3:30pm, 11:30pm ET<br />

Check out our Show Page!<br />

Looking for the latest compliance insights?<br />

Subscribe to our feed and don’t miss a thing!<br />

12<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>


WORD SEARCH<br />

J L P V R L H C N R D Z M R F Z S L Q B<br />

H K J M J C H O A H E A L T H C A R E K<br />

Y P M D M O Z H E V B A Q R T P Z V W E<br />

V O L P G O Z O F K D Q Y X M B B T M L<br />

Y A D K Q L A D N A L Y R A M V T H D A<br />

Z F L I V A O A Y G O L O N H C E T C L<br />

W D M S D R A D N A T S T K E J T B I D<br />

L K H W T D H H F H I P A A A R Q S I Y<br />

W C E C N A I L P M O C I S H G K U E U<br />

S A C T V Y V H C A N N A B I S E M J A<br />

M R I X U R Y X N M M B H Q E U Z M L B<br />

M K D R X P X C Y B E R S E C U R I T Y<br />

P R O T E C T I O N H E Y A J S D T K J<br />

F M T C M E F S C Q K A I T K J Q K A I<br />

D Y E T L W R Q W L D C D E L A W A R E<br />

G C U I U W F V F D E H H J P Q Q X O E<br />

V C B J F J H O T S X C Z X L J F O J S<br />

U O F U P E Z E A J W Q X Y C A V I R P<br />

M T B B D H G R V M Z M Q P M K D B Z R<br />

G V S S E C U R I T Y R Y Z V R F X M Z<br />

SUMMIT CYBERSECURITY COMPLIANCE<br />

DELAWARE PRIVACY SECURITY<br />

STANDARDS MOBILE HEALTHCARE<br />

CANNABIS TECHNOLOGY MARYLAND<br />

HIPAA BREACH PROTECTION<br />

Contact Toll Free: 888-54-FIRST 13


New Training Modules Now Available!<br />

Training<br />

Eliminating Kickbacks in Recovery Act<br />

(EKRA): Summary and Status<br />

HIPAA and Health Apps<br />

Managing Drug Use in the Workplace<br />

Got Diversity. Get Inclusion! and the<br />

Pending FLSA Changes<br />

How to Navigate the Ever-Changing<br />

Anti-Harassment Regulations<br />

Join us on Social Media!<br />

Contact our Client Services Team with your questions!<br />

888.54.FIRST or clientservices@1sthcc.com<br />

14<br />

<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2019</strong>

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!