First Healthcare Compliance CONNECT August 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>CONNECT</strong><br />
<strong>August</strong> <strong>2022</strong><br />
<br />
A Monthly Publication for the <strong>Healthcare</strong> <strong>Compliance</strong> Community<br />
FAQ: Why should we<br />
have confidentiality<br />
agreements with our<br />
employees?<br />
Infographic: The 4<br />
Outs to Survive an Active<br />
Shooter in a <strong>Healthcare</strong><br />
Facility<br />
Bipartisan Legislation<br />
Introduced to Ban Selling<br />
Health and Location Data<br />
Q & A: Employment<br />
and Labor Law<br />
1st Talk <strong>Compliance</strong>: The<br />
Insecurity of Everything:<br />
The Vital Importance of<br />
Hardware Data Security
Got a Minute? Please Rate Us!<br />
The health of our company depends on the members<br />
of our community spreading the word about us.<br />
Share Your Success Story<br />
An endorsement by you is the greatest compliment<br />
we could receive! Please take a moment of your time<br />
to rate us online so that others can benefit from your<br />
experience. It’s a simple way to help us grow and<br />
improve.<br />
We appreciate your support and look forward to<br />
hearing from you!<br />
In This Issue:<br />
FAQ Corner: Why should we have<br />
confidentiality agreements with our<br />
employees?<br />
Infographic: The 4 Outs to Survive an Active<br />
Shooter in a <strong>Healthcare</strong> Facility<br />
Bipartisan Legislation Introduced to Ban<br />
Selling Health and Location Data<br />
Q & A: Employment and Labor Law<br />
2<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>
<strong>Compliance</strong> Super Ninja <br />
Gail Little-Osberg, Practice Manager<br />
Attachment and Trauma Center of Nebraska<br />
How would you describe your experience with <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>?<br />
Great, the initial training was very good, and the ongoing compliance for staff and practitioners is<br />
comprehensive but doesn’t bury them in the weeds either.<br />
I appreciate the many webinars and how thorough you all have been in addressing things such as COVID and<br />
the changes that have occurred over the past 2 years in <strong>Healthcare</strong>.<br />
What do you enjoy most about working with Attachment and Trauma Center of<br />
Nebraska?<br />
The variety of taking care of a practice, working with a great team of therapists and of course, staying up to<br />
date on HIPAA and <strong>Compliance</strong>.<br />
Would you rather have a photographic memory or have the best social skills of all<br />
time? Why?<br />
Both, I am finding the memory is getting a little more sketchy as<br />
the years roll by, so that would be fantastic.<br />
Social Skills are something that should be taught from birth<br />
throughout one’s life, especially now, so this is always a MUST.<br />
1st Talk <strong>Compliance</strong>: The Insecurity of<br />
Everything: The Vital Importance of Hardware<br />
Data Security<br />
Contact Toll Free: 888-54-FIRST 3
FAQ Corner<br />
Why should we have confidentiality agreements with our employees?<br />
The purpose of the employee confidentiality agreement is to ensure that an employee of a provider will<br />
maintain the confidentiality of protected health information. Employers that are regulated under HIPAA<br />
typically require employees to sign an employee confidentiality agreement to verify that they know the<br />
rules and restrictions on patient data. It also helps document that the employer took the necessary steps<br />
to educate employees about the HIPAA policy for employees. The employee confidentiality agreement<br />
can help protect organizations from claims that employees were not advised and trained on rules and<br />
regulations in the event of a disclosure.<br />
Explore the FAQs tab in your compliance solution<br />
to find answers to your compliance questions!<br />
CLIENT<br />
ALERT<br />
The Most Comprehensive<br />
<strong>Healthcare</strong> <strong>Compliance</strong> Course<br />
The Fundamentals is a user-friendly, four-module<br />
online course designed to help healthcare professionals<br />
understand the essential principles and practices of<br />
compliance.<br />
BUY COURSE NOW<br />
4<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>
Contact Toll Free: 888-54-FIRST 5
Bipartisan Legislation Introduced to<br />
Ban Selling Health and Location Data<br />
Guest Author: Rachel V. Rose, JD, MBA<br />
The new legislation would tighten the<br />
use of patients’ health and location<br />
information.<br />
The HIPAA Privacy Rule, which had the U.S.<br />
Department of Health and Human Services<br />
(HHS) modify certain standards on <strong>August</strong> 14<br />
2002, established parameters for certain types<br />
of marketing and the sale of protected health<br />
information (PHI). Found at 45 CFR §§ 164.501,<br />
164.508(a)(3), the HIPAA Privacy Rules provides<br />
individuals with certain privacy rights and important<br />
controls over how their PHI is used and disclosed.<br />
As HHS iterates on its website, “[w]ith limited<br />
exceptions, the Rule requires an individual’s written<br />
authorization before a use or disclosure of his or<br />
her protected health information can be made for<br />
marketing. So as not to interfere with core health<br />
care functions, the Rule distinguishes marketing<br />
communications from those communications about<br />
goods and services that are essential for quality<br />
health care.” There are different applications<br />
of “marketing” and the one that constitutes<br />
the disclosure of PHI “in exchange for direct or<br />
indirect remuneration, for the other entity or its<br />
affiliate” requires the express written consent of<br />
the individual patient, which must be prominently<br />
placed on the HIPAA Authorization Form and give<br />
the patient (or the patient’s legal representative)<br />
the option of “opting out” of the sale at any time.<br />
And, depending on the nature of the relationship<br />
between the covered entity, business associate, and/<br />
or subcontractor, a business associate agreement<br />
(BAA).<br />
In 2018, HHS Office for Civil Rights (OCR)<br />
announced a $100,000 settlement with Filefax,<br />
Inc. – a company that once provided storage and<br />
disposal services for medical records – for allowing<br />
an unauthorized person to remove PHI, leave it<br />
unsecured outside the facility, and attempting to<br />
sell the PHI without the patient’s express written<br />
authorization. The take-away – its not legal.<br />
Fast forward to June <strong>2022</strong>, in light of Roe v. Wade<br />
being overturned, privacy rights which have been<br />
protected under the 14th Amendment of the<br />
U.S. Constitution under an individual’s “zone of<br />
privacy” are at risk. A bipartisan group of Senators<br />
introduced the Health and Location Data Protection<br />
Act, which, if passed, may mitigate the effects<br />
of Roe v. Wade being overturned and would fill a<br />
significant gap in U.S. privacy law. The data broker<br />
6<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>
industry is a $200 billion dollar a year industry.<br />
Three of the key features of the bill are as follows:<br />
Ban data brokers from selling or transferring location<br />
data and health data. The bill forbids data brokers<br />
from selling or transferring location data and health<br />
data and requires the Federal Trade Commission to<br />
promulgate rules to implement the law within 180<br />
days, while making exceptions for HIPAA-compliant<br />
activities, protected <strong>First</strong> Amendment speech, and<br />
validly authorized disclosures.<br />
Ensure robust enforcement of the bill’s protections.<br />
The bill empowers the Federal Trade Commission,<br />
state attorneys general, and injured persons to sue<br />
to enforce the provisions of the law, allowing for<br />
remedies such as damages and<br />
injunctions to stop any illegal<br />
practices.<br />
Provide funding to the Federal<br />
Trade Commission to act. The bill<br />
provides $1 billion to the Federal<br />
Trade Commission over the next<br />
decade to carry out its work,<br />
including the enforcement of this<br />
law.<br />
In the meantime, HIPAA’s<br />
Privacy Rule coupled with the<br />
14th Amendment’s “zone of privacy” may be a<br />
solution. Individual states have also begun to follow<br />
California’s lead and pass legislation similar to the<br />
California Privacy Protection Act (CCPA). Regardless<br />
of an individual’s stance on abortion, all Americans<br />
should take issue with companies, whether medical<br />
device companies, big tech companies, or data<br />
brokers (among others), selling or disclosing<br />
information without the express written consent<br />
of the person in a manner that does not constitute<br />
a contract of adhesion. Rare situations, such as a<br />
grand jury subpoena, exist for the government to<br />
directly request such information without violating<br />
a person’s individual Constitutional rights, which is<br />
why both substantive and procedural due process<br />
exist. It is critical that patients are aware of their<br />
rights and that companies are aware of what’s legal<br />
and have adequate compliance programs in place.<br />
About the Author<br />
Rachel V. Rose, JD, MBA, advises clients<br />
on compliance, transactions, government<br />
administrative actions, and litigation<br />
involving healthcare, cybersecurity,<br />
corporate and securities law, as well<br />
as False Claims Act and Dodd-Frank<br />
whistleblower cases. She also teaches<br />
bioethics at Baylor College of Medicine in<br />
Houston. Rachel can be reached through<br />
her website, www.rvrose.com.<br />
Originally posted on: physicianspractice.com<br />
Navigating Workplace<br />
Violence Prevention Under<br />
Workplace violence is a serious issue, especially in healthcare facilities. The<br />
OSHA workplace violence prevention guidelines help employees and employers<br />
alike by providing the necessary steps to maintain a safe work environment.<br />
DOWNLOAD NOW<br />
Contact Toll Free: 888-54-FIRST 7
Q & A: Employment<br />
and Labor Law<br />
Catherine Short<br />
Catherine Walters, Partner<br />
at Bybel Rutledge LLP, is<br />
a management side labor<br />
and employment attorney<br />
representing employers of<br />
all sizes. As a member of the<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong><br />
editorial council, Catherine<br />
is a frequent presenter at<br />
educational events. For more information<br />
regarding this topic please view a related<br />
webinar and listen to an episode of 1st<br />
Talk <strong>Compliance</strong> for further discussion and<br />
learning.<br />
Below Catherine answers some common questions<br />
and provides explanations of a few timely topics<br />
related to employment and labor law.<br />
Could you explain what the OFCCP is and<br />
discuss the related issues?<br />
The OFCCP means Office of Federal Contract<br />
<strong>Compliance</strong> Programs. It’s basically considered to<br />
be the federal watchdog with respect to federal<br />
(Continuted on page 10)<br />
contractors who receive federal monies<br />
to perform work or provide products. The<br />
OFCCP enforces a number of laws as to<br />
employers. Primarily it enforces Executive<br />
Order 11246, which requires affirmative<br />
action on behalf of minorities and<br />
females. Then there’s the Rehabilitation<br />
Act, Section 504 of the Rehabilitation<br />
Act, which requires employers to provide<br />
affirmative action and equal opportunity<br />
to individuals with disabilities. There’s also<br />
the Vietnam Veterans, VEVRAA. OFCCP enforces<br />
the Vietnam Veterans law as well, and it requires<br />
affirmative action on behalf of protected veterans.<br />
It’s not just Vietnam veterans at this point, affirmative<br />
action is typically applicable to federal contractors<br />
with varying sizes of federal contracts, and numbers<br />
of employees 50 or more employees, and you must<br />
have a written plan. What we see on an annual basis<br />
is employers who must update their affirmative<br />
action plans. Annually, a federal contractor will<br />
update those plans. The OFCCP is the one that not<br />
only monitors those plans but accepts charges of<br />
discrimination and investigates those. They’re really<br />
focused on discrimination and much of their focus is<br />
on systemic discrimination, as opposed to individual<br />
8<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>
COVID-19 <strong>Healthcare</strong><br />
<strong>Compliance</strong> Toolkit<br />
<strong>Healthcare</strong> compliance amidst COVID-19 presents new challenges for<br />
hospitals and healthcare providers. At top importance is the question<br />
of how to slow or stop the spread of COVID-19, while ensuring that your<br />
organization stays compliant.<br />
Now more than ever, your compliance department needs to have the necessary tools to help track,<br />
analyze, and respond to compliance challenges. To help navigate the process, we’ve gathered our<br />
best COVID-19 resources below. If you need further assistance, please contact us here.<br />
VIEW TOOLKIT<br />
COVID-19 <strong>Healthcare</strong><br />
<strong>Compliance</strong> Updates<br />
In response to the global outbreak of the novel coronavirus<br />
disease (COVID-19), the Secretary of Health and Human<br />
Services declared a public health emergency on January 31,<br />
2020. Federal agencies have taken action by issuing updates<br />
and guidance to navigate the crisis. This ebook provides<br />
healthcare providers with important developments and<br />
resources that impact federal healthcare laws.<br />
DOWNLOAD NOW<br />
Contact Toll Free: 888-54-FIRST 9
discriminations. What you’ll have in many situations<br />
is what we call disparate treatment versus disparate<br />
impact. Disparate treatment is where you treat one<br />
person differently from another or one group or class<br />
of employees differently from another.<br />
What are the new SAM requirements?<br />
SAM, is the System for Award Management<br />
database. Federal contractors must sign up with<br />
that portal to qualify for government contracts. This<br />
has never happened in the past, but we have a<br />
new affirmative action plan reporting requirement<br />
that will go into effect. In essence, under the SAM<br />
declarations page, contractors are going to have<br />
to begin affirming that they have developed and<br />
maintained affirmative action programs at each<br />
establishment as applicable. This was where the<br />
OFCCP lacked teeth. In many instances, in the past,<br />
employers were able to get away with not having<br />
their programs in place or updating their plans on a<br />
regular basis. A lot of contractors think they have an<br />
affirmative action plan and it’s in some dusty binder<br />
on some dusty shelf in some closet somewhere.<br />
It’s an annual exercise and it must be done at least<br />
annually and be done even more regularly. You can<br />
have short plans, but you can’t have a plan that goes<br />
beyond 12 months. This will require people to give<br />
more thought to making these certifications, because<br />
to make a certification is very important. Under SAM,<br />
if you lie about it, you could be disbarred.<br />
Can you explain briefly about restrictive<br />
covenants?<br />
Restrictive Covenants include things like noncompetition<br />
agreements, non-solicitation agreements,<br />
non-interference, and non-contact and so forth.<br />
Typically, employers use them to prevent valued<br />
employees from leaving them and going and<br />
competing with them at another workplace. In recent<br />
years, we’ve seen a lessening of the use of the<br />
noncompetition restriction, meaning that that person<br />
can go work somewhere else, but still, a use of nonsolicitation,<br />
meaning that even though you can go<br />
to a competitor, you may not solicit clients or other<br />
customers that you had when you worked for me,<br />
and you can’t reach out to our employees and ask<br />
them to come with you. Basically, you can’t interfere<br />
with my relationships that I had, either before you<br />
were here, or while you were here, and you can’t<br />
do it for a year or two. Of course, that dovetails<br />
with confidentiality agreements, and the protection<br />
of confidential information and trade secrets for<br />
employers. With respect to restrictive covenants,<br />
some states in the United States have legislation<br />
against restrictive covenants in the employment<br />
field. It’s clear that restrictive covenants prevent<br />
employees from moving around, and this inability to<br />
move around or go to a competing employer prevents<br />
them from increasing wages and benefits as quickly<br />
as they might otherwise be able to do and it prevents<br />
them from growing in their careers in many cases.<br />
Restrictive covenants, while they’re legislated in<br />
many states, they aren’t legislated in others. So,<br />
there’s no consistent legislation about restrictive<br />
covenants in the United States. Some states, you can<br />
use them to your heart’s content, other states you<br />
can use them in very limited fashion, and in other<br />
states, they’re prohibited.<br />
Is remote work here to stay?<br />
In a word, yes. At least for employers who can<br />
accommodate remote work. There are a lot of<br />
employers that can’t accommodate remote work.<br />
And then of course, there’s the hybrid type where<br />
some workers must be in person and others can<br />
be remote. Some of the big issues really are about<br />
adapting your employment processes to this new<br />
normal. Issues such as recruiting, interviewing,<br />
onboarding, and measuring performance are all<br />
impacted by the change to remote work.<br />
Do you have advice for employers working<br />
through challenges of today’s working<br />
environment?<br />
It’s not about where people work. It’s what they do.<br />
And that’s kind of the new normal, where they work<br />
what they do, and productivity is the key.<br />
10<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>
Risk Management Considerations for<br />
the <strong>Healthcare</strong> <strong>Compliance</strong> Officer:<br />
Training, Incident Management, Governing<br />
Boards, and Measures Unique to COVID-19<br />
It’s no secret that healthcare is one of America’s<br />
most heavily regulated industries with<br />
substantial fines and penalties for noncompliance.<br />
Complex regulations and mandates<br />
make compliance management a necessity.<br />
DOWNLOAD NOW<br />
Referral Appreciation Program<br />
Receive a $50 gift card* when you refer a client!<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> is delighted to offer<br />
a Referral Appreciation Program to say thank you<br />
for helping us to continue to grow. For each new<br />
1st Professional or 1st Premium client originating<br />
from a referral, <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> will<br />
provide a $50 gift card as a token of appreciation.<br />
LEARN MORE<br />
Contact Toll Free: 888-54-FIRST 11
hosted by Catherine Short<br />
1st Talk <strong>Compliance</strong> features guest John Shegerian, Chairman and CEO of ERI, the largest cybersecurityfocused<br />
hardware destruction and electronic waste recycling company in the United States and co-author of<br />
the cybersecurity book, “The Insecurity of Everything” on the topic of “The Insecurity of Everything: The<br />
Vital Importance of Hardware Data Security.” He will share some of the latest information about the very<br />
real problem of hardware hacking in the world of healthcare and beyond and how that issue became even<br />
more serious during the pandemic, with so many people working from home. He will also be explaining critical<br />
information for health-related businesses to help them keep their private data – and the data of their patients<br />
and customers – protected!<br />
Listen weekdays at<br />
7:30am, 3:30pm, 11:30pm ET<br />
Check out our Show Page!<br />
Looking for the latest compliance insights?<br />
Subscribe to our feed and don’t miss a thing!<br />
12<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>
WORD SEARCH<br />
X H E V O S T B N Q Y N K Q J R N Z L M<br />
Z W C M O H Q D A V P G Q Q F D C M Y E<br />
T H O D X Q L E G I S L A T I O N X I Z<br />
N F M R U Q H H L N B Q I Z N N V N X M<br />
E R M N E Z H G T N Z T F F W L F G E A<br />
M G U O X F E D E R A L I T U O W X S Q<br />
T K N I Y Q A F Q H A D U Y R U P R K C<br />
R U I T Z U L H T U E L T M H E E F R A<br />
A H C A P U T W E N Z A A Z R Y J K U B<br />
P X A Z M M H N T X I T L I O M D T U N<br />
E O T I V N C I I D I M E L G O H V M O<br />
D Q I R P G A K H O F N P U R O G T X I<br />
C U O O Z L R G N N C M G D R D H U W S<br />
K U N H I Z E L E E E K J I I L Y C D S<br />
S H S T J K B W E D Z W Z Z S B N M S I<br />
T T Y U C P D N O I T A L U G E R Y L M<br />
U B K A X V R H K S T A N D A R D S W M<br />
V R V X C O M P L I A N C E N H B Y V O<br />
I A F X D C D L O M V N X R C X G F M C<br />
L E U U A C B N U R T T V J R Y E A J X<br />
EXPERIENCE HEALTHCARE COMPLIANCE<br />
CONFIDENTIALITY EMPLOYERS REGULATION<br />
LEGISLATION DEPARTMENT STANDARDS<br />
AUTHORIZATION COMMUNICATIONS AUTHORIZATION<br />
COMMISSION FEDERAL INFORMATION<br />
Contact Toll Free: 888-54-FIRST 13
Upcoming and On-Demand Webinars<br />
Training<br />
SEPT 13, <strong>2022</strong><br />
OCT 13, <strong>2022</strong><br />
DEC 13, <strong>2022</strong><br />
ON DEMAND<br />
ON DEMAND<br />
Automatic Dispensing Cabinets, Patient Care, & the<br />
Actual Sentence in the RaDonda Vaught Case<br />
Preserving and Protecting Assets In <strong>Healthcare</strong><br />
Health Data, A Value Proposition: Legal Risks with<br />
Innovative Data Sharing Projects<br />
The Dobbs Opinion, the Repealing of Roe, & the Impact on<br />
the Privacy & Security of Patient Information<br />
Workplace Civility: What Non-Unionized Employers Need<br />
to Know to Navigate the NLRA<br />
Register<br />
Register<br />
Register<br />
All Upcoming Webinars<br />
All On Demand Webinars<br />
IMPORTANT<br />
In the interest of your security, login credentials are<br />
for individual use only and not to be shared. Please<br />
contact Client Services if you require additional<br />
manager level users and/or if there has been a change<br />
in contact information.<br />
NEW FEATURES!<br />
Employee Zone/<strong>Compliance</strong> Detail<br />
Initial Data - Free text comment field has been added.<br />
COVID Vaccination Status - Additional fields have<br />
been added for Second Booster<br />
COVID Vaccination Status/ COVID Testing -<br />
Additional fields have been added to assist<br />
you with tracking COVID vaccination and<br />
CLIENT<br />
ALERT<br />
COVID Testing. Contact Client Services if you have any questions<br />
or would like to turn COVID alerting off.<br />
Training Zone - Employee Activated Status has been added to the<br />
Training Zone landing page view.<br />
Employee Incident Reporting - This new feature will provide<br />
the option for Employees to open/create an Incident Report.<br />
When employee incident reports are created you can review,<br />
update, track and manage them within the Incident Reporting<br />
Zone. Contact Client Services if you are interested in adding this<br />
additional feature to your Incident Reporting Zone.<br />
Join us on Social Media!<br />
Contact our Client Services Team with your questions!<br />
888.54.FIRST or clientservices@1sthcc.com<br />
14<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>, LLC © <strong>2022</strong>