First Healthcare Compliance CONNECT December 2020

CONNECT 

December 2020 

A Monthly Publication for the Healthcare Compliance Community 

Q&A: HIPAA Compliance 

for Business Associates 

Infographic: 

Naughty or Nice? 

The Rules for Giving and 

Receiving Gifts 

1st Talk Compliance: 

Why Payers Can’t Ignore the 

Interoperability Rules and 

Should Comply Sooner Rather 

Than Later 

COVID-19 Healthcare 

Compliance Toolkit

Got a Minute? Please Rate Us! 

The health of our company depends on the members 

of our community spreading the word about us. 

Share Your Success Story 

An endorsement by you is the greatest compliment 

we could receive! Please take a moment of your time 

to rate us online so that others can benefit from your 

experience. It’s a simple way to help us grow and 

improve. 

We appreciate your support and look forward to 

hearing from you! 

In This Issue: 

FAQ Corner 

Q&A: HIPAA Compliance for Business 

Associates 

Infographic: Naughty or Nice? 

The Rules for Giving and Receiving Gifts 

COVID-19 Healthcare Compliance Toolkit 

2 

First Healthcare Compliance, LLC © 2020

Compliance Super Ninja 

Carolyn Keith, Practice Administrator 

Practice Administrator, Allergy & Asthma Center 

How would you describe your experience with First Healthcare 

Compliance? 

As a medical administrator it is sometimes hard to remember when 

all of the staff regulations and training needs are to be completed. 

First Healthcare is like having an extra human resources person that 

reminds you when training, recertifications or license renewals are due for 

each employee. This is so helpful, in the medical field where practices have 

to do more with less. Having these reminders gives me the assurance that we 

remain compliant. 

What do you enjoy most about working with Allergy & Asthma Center? 

I enjoy working at AAC (Allergy & Asthma Center) because my job is never boring. It is never 

the same thing everyday. 

Would you rather receive one large gift or many small gifts? Why? 

Yes I like gifts, but small or big, it is always a nice surprise. 

1st Talk Compliance: Why Payers Can’t 

Ignore the Interoperability Rules and Should 

Comply Sooner Rather Than Later 

Upcoming and On-Demand Webinars 

Contact Toll Free: 888-54-FIRST 3

FAQ Corner 

COVID-19 FAQs 

from the CDC 

How do I report a problem or bad reaction after getting a COVID-19 

vaccine? 

CDC and FDA encourage the public to report possible side effects (called adverse events) to the Vaccine Adverse 

Event Reporting System (VAERS). This national system collects these data to look for adverse events that are 

unexpected, appear to happen more often than expected, or have unusual patterns of occurrence. Reports to 

VAERS help CDC monitor the safety of vaccines. Safety is a top priority. 

Healthcare providers will be required to report certain adverse events following vaccination to VAERS. Healthcare 

providers also have to adhere to any revised safety reporting requirements according to FDA’s conditions of 

authorized use throughout the duration of any Emergency Use Authorization; these requirements would be posted 

on the FDA’s website. 

CDC is also implementing a new smartphone-based tool called v-safe to check-in on people’s health after they 

receive a COVID-19 vaccine. When you receive your vaccine, you should also receive a v-safe information sheet 

telling you how to enroll in v-safe. If you enroll, you will receive regular text messages directing you to surveys 

where you can report any problems or adverse reactions you have after receiving a COVID-19 vaccine. 

https://www.cdc.gov/coronavirus/2019-ncov/vaccines/faq.html 

Explore the FAQs tab in your compliance solution 

to find answers to your compliance questions! 

CLIENT 

ALERT 

4 


Should medical waste or general waste from healthcare facilities treating 

persons under investigation (PUIs) and patients with confirmed COVID-19 be 

handled any differently or need any additional disinfection? 

Medical waste (trash) coming from healthcare facilities treating COVID-19 patients is no different than waste 

coming from facilities without COVID-19 patients. CDC’s guidance states that management of laundry, food service 

utensils, and medical waste should be performed in accordance with routine procedures. There is no evidence to 

suggest that facility waste needs any additional disinfection. 

More guidance about environmental infection control is available in section 7 of CDC’s Interim Infection Prevention 

and Control Recommendations for Patients with Confirmed COVID-19 or Persons Under Investigation for COVID-19 

in Healthcare Settings. 

https://www.cdc.gov/coronavirus/2019-ncov/hcp/faq.html 

Risk Management Considerations for 

the Healthcare Compliance Officer: 

Training, Incident Management, Governing Boards, 

and Measures Unique to COVID-19 

It’s no secret that healthcare is one of America’s most 

heavily regulated industries with substantial fines and penalties 

for non-compliance. Complex regulations and mandates make 

compliance management a necessity. Healthcare organizations 

particularly rely on the skills and attributes of their compliance 

officer to navigate the expansive regulatory framework. 

DOWNLOAD NOW 


6 



Q&A: HIPAA Compliance for 

Business Associates 

Catherine Short 

Rachel V. Rose, JD, MBA, presented the webinar “HIPAA Compliance for 

Business Associates” recently and a recording can be viewed here. Rachel 

returned to answer many commonly asked questions from the webinar. 

Are business associates subject to HIPAA penalties? 

Yes. As stated in both the HITECH Act and the Final Omnibus Rule, 78 Fed. Reg. 5566 (Jan. 25, 2013), 

business associates, which include subcontractors, can be held directly liable for HIPAA violations. For 

example, in 2016, a business associate’s failure to safeguard the protected health information of nursing 

home residents led to a $650,000 monetary penalty being assessed by HHS OCR. (https://www.hhs.gov/ 

hipaa/for-professionals/compliance-enforcement/agreements/catholic-health-care-services/index.html) 

If you were to give business associates and subcontractors one item that they need to do annually, 

what would it be? 

Annual Risk Analysis because all technical, administrative and physical safeguards would be identified and 

corrected. 

Is an indemnification provision required in BAAs? 

No. In my practice, I see them included quite a bit; however, this particular provision is not a requirement 

under 45 CFR §164.504(e)(1) or that HHS indicated was preferred. See https://www.hhs.gov/hipaa/forprofessionals/covered-entities/sample-business-associate-agreement-provisions/index.html. 

8 


Are class action cases something that should be considered as part of an enterprise risk management 

program? 

Yes. The financial, legal, and reputational costs can be great and need to be considered. A good example of 

a HIPAA data breach which led to both an HHS OCR enforcement action of $16 million and a class action 

lawsuit settlement in excess of $115 million is Anthem BlueCrossBlueShield. An article that I wrote for 

Physicians Practice details these issues – https://www.physicianspractice.com/view/class-action-lawsuitscan-result-from-a-protected-health-information-data-breach. 

Should business associates be familiar with the 21st Century Cures Act, as well as the ONC and 

CMS Final Rules? 

Yes. There is an intersection between HHS HIPAA App Guidance and the ONC 

and CMS Final Rules, in terms of patients accessing their data through apps. Be 

aware of unsecure apps and stay abreast of the compliance dates. 

Rachel V. Rose – Attorney at Law, PLLC (Houston, Texas) – represents clients 

on healthcare, cybersecurity, securities and qui tam matters. She also teaches 

bioethics at Baylor College of Medicine. She has been consecutively named by 

Houstonia Magazine as a Top Lawyer (Healthcare) and to the National Women 

Trial Lawyer’s Top 25. She can be reached at rvrose@rvrose.com. 

Be sure to look up a recording of this webinar on YouTube and a recording with Rachel on our podcast, 1st 

Talk Compliance. Take a look at our brand-new book: HIPAA Privacy and Security, and our online compliance 

training courses such as What is HIPAA?, and HIPAA Business Associate Agreements Under HITECH. And 

check out Rachel’s other blogs Q&A: HHS Final Rules, Patient Access to PHI & Health Apps Intersect, Recent 

HHS Guidance Underscores the Importance of HIPAA Compliance and Q&A: HIPAA and Health Apps. 

The Most Comprehensive 

Healthcare Compliance Course 

The Fundamentals is a user-friendly, four-module online course 

designed to help healthcare professionals understand the 

essential principles and practices of compliance. 

BUY COURSE NOW 


Navigating Workplace Violence 

Prevention Under OSHA 

Workplace violence is a serious issue, especially in 

healthcare facilities. The Occupational Safety and Health 

Administration (OSHA) responded in 2015 by updating and 

publishing their guidelines on how to best prevent workplace 

violence. The OSHA workplace violence prevention 

guidelines help employees and employers alike by providing 

the necessary steps to maintain a safe work environment. 

DOWNLOAD NOW 

COVID-19 Healthcare Compliance 

Updates 

In response to the global outbreak of the novel coronavirus 

disease (COVID-19), the Secretary of Health and Human 

Services declared a public health emergency on January 31, 

2020. Federal agencies have taken action by issuing updates 

and guidance to navigate the crisis. This ebook provides 

healthcare providers with important developments and 

resources that impact federal healthcare laws. 

DOWNLOAD NOW 

10 


COVID-19 Healthcare 

Compliance Toolkit 

Healthcare compliance amidst COVID-19 presents 

new challenges for hospitals and healthcare providers. 

At top importance is the question of how to slow or 

stop the spread of COVID-19, while ensuring that your 

organization stays compliant. 

Now more than ever, your compliance department needs to 

have the necessary tools to help track, analyze, and respond 

to compliance challenges. To help navigate the process, we’ve 

gathered our best COVID-19 resources below. If you need further 

assistance, please contact us here. 

VIEW TOOLKIT 


hosted by Catherine Short 

Catherine Short speaks with Dr. Chris Hobson, Chief Medical Officer for Orion Health. The topic 

of today’s program is “Why payers can’t ignore the interoperability rules and should comply 

sooner rather than later.” The Interoperability and Patient Access final rule approved by CMS and 

ONC is intended to advance patient participation through access to their health information and to 

drive advanced interoperability and innovation across the U.S. These rules will have significant impact 

on payer organizations who are currently facing unprecedented times; with multiple pressures brought 

on by the COVID-19 pandemic, uncertainty as to the likely model for healthcare funding and delivery 

going forward, and calls to reduce inequity within the healthcare system, to name a few. 

Listen weekdays at 

7:30am, 3:30pm, 11:30pm ET 

Check out our Show Page! 

Looking for the latest compliance insights? 

Subscribe to our feed and don’t miss a thing! 

12 


WORD SEARCH 

P Z O X H T D Y C Q J F K D K J M H D U 

C Y R Q D I L I G E N C E G L T E E A P 

N G E I M B I D H J G F I J U P G L J D 

K O O T G J J M C B M K P M N R E Q H X 

S L E Y S M P R H P I I T D E J E U L W 

C O R O N A V I R U S W O F S D B A P V 

G N C O T L W W M N L W O E V W N P W G 

Y H X Y O E M M O J A M T E S S G A S H 

U C O T R C M I E B U S G N P L H J P X 

O E K K P N T C O M M U N I C A T I O N 

P T M A N A G E M E N T W C G T J X F O 

Z V O D L D G A L Y D A G I R N D K J C 

Y Q G U S I Q W K A U D W D O E Q Y W S 

K H G K F U N X B B C S D E E M G O Y V 

S E W Y R G N N T W K I S M V A O P J G 

R N M I F X H W S P F R D Y N D T A F D 

S Q O K C O V Z U Y U H Z E U N Y E V S 

X T J O E C N A I L P M O C M U E R C S 

E R A C H T L A E H A S J O F F J E U J 

M O S S E N I S U B Z K Z F B C D G X S 

MEDICAL COMPLIANCE MANAGEMENT 

COMMUNICATION WASTE CORONAVIRUS 

REGULATIONS DILIGENCE HEALTHCARE 

PANDEMIC FUNDAMENTALS MEDICINE 

GUIDANCE TECHNOLOGY BUSINESS 


Upcoming and On-Demand Webinars 

Training 

JAN 12, 2021 

JAN 26, 2021 

ON DEMAND 

ON DEMAND 

ON DEMAND 

HIPAA Business Associate Agreements Under 

HITECH 

Big Data & False Claims Act Risk Due to COVID-19 

CPT Code & Documentation Changes, Including 

E/M for 2021 - CMS & AMA Come Together to 

Benefit Providers 

HIPAA Compliance for Business Associates 

Hybrid Patient Care Models: How Medical Practices 

Thrive After COVID-19 

Register 

Register 

All Upcoming Webinars 

All On Demand Webinars 

IMPORTANT 

In the interest of your security, login 

credentials are for individual use only and 

not to be shared. Please contact Client 

Services if you require additional manager 

level users and/or if there has been a change 

in contact information. 

NEW FEATURES! 

Training Zone - New required training 

modules have been added titled “Fraud 

Waste and Abuse Training” and “General 

Compliance Training”. These modules 

replace the CMS training 

materials. 

CLIENT 

ALERT 

Training Zone - has a New Assign Training 

to Employee feature: Assign by Job Title to 

all employees with a specific Job Title or 

select multiple Job Titles. 

New COVID-19 Resource section 

available from the dashboard for 1st 

Performance, 1st Professional, and 1st 

Premium. 

Join us on Social Media! 

Contact our Client Services Team with your questions! 

888.54.FIRST or clientservices@1sthcc.com 

14

First Healthcare Compliance CONNECT December 2020

Create successful ePaper yourself

Delete template?

Save as template?