First Healthcare Compliance CONNECT October 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>CONNECT</strong><br />
<strong>October</strong> <strong>2022</strong><br />
<br />
A Monthly Publication for the <strong>Healthcare</strong> <strong>Compliance</strong> Community<br />
FAQ: Is the HIPAA Privacy Rule<br />
suspended during a national or<br />
public health emergency?<br />
Infographic: Causes vs.<br />
Reasons for Data Breaches<br />
How to Safeguard<br />
<strong>Healthcare</strong> Business Assets<br />
Event: The Virtual HIPAA Privacy<br />
and Security Workshop <strong>2022</strong><br />
Non-Unionized Workers<br />
& the NLRA: Q & A<br />
1st Talk <strong>Compliance</strong>:<br />
Have a Breach? Reporting<br />
Requirements with the OCR
Got a Minute? Please Rate Us!<br />
The health of our company depends on the members<br />
of our community spreading the word about us.<br />
Share Your Success Story<br />
An endorsement by you is the greatest compliment<br />
we could receive! Please take a moment of your time<br />
to rate us online so that others can benefit from your<br />
experience. It’s a simple way to help us grow and<br />
improve.<br />
We appreciate your support and look forward to<br />
hearing from you!<br />
In This Issue:<br />
FAQ: Is the HIPAA Privacy Rule suspended<br />
during a national or public health emergency?<br />
Infographic: Causes vs. Reasons for Data<br />
Breaches<br />
How to Safeguard <strong>Healthcare</strong> Business Assets<br />
Non-Unionized Workers & the NLRA: Q & A<br />
1st Talk <strong>Compliance</strong> Podcast: Have a Breach?<br />
Reporting Requirements with the OCR<br />
2<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
<strong>Compliance</strong> Super Ninja <br />
Michelle Creditt<br />
Practice Manager, Clermont Internist Associates<br />
How would you describe your experience with <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong>?<br />
The system is very easy to use. I love how quickly I can enter the information.<br />
What do you enjoy most about working with Clermont Internist Associates?<br />
My favorite thing about working at Clermont Internists is the staff. They are enjoyable to work with.<br />
Would you rather have a flower garden or a vegetable garden? Why?<br />
I would rather have a flower garden. I love to landscape and work in my yard.<br />
Event: The Virtual HIPAA Privacy and Security<br />
Workshop <strong>2022</strong><br />
COVID-19 <strong>Healthcare</strong> <strong>Compliance</strong> Toolkit<br />
Contact Toll Free: 888-54-FIRST 3
FAQ Corner<br />
Is the HIPAA Privacy Rule suspended during a national or public health emergency?<br />
No; however, the Secretary of HHS may waive certain provisions of the Rule under the Project Bioshield Act of 2004<br />
(PL 108-276) and section 1135(b)(7) of the Social Security Act.<br />
What provisions may be waived<br />
If the President declares an emergency or disaster and the Secretary declares a public health emergency, the<br />
Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions<br />
of the HIPAA Privacy Rule:<br />
1. the requirements to obtain a patient’s agreement to speak with family members or friends involved in the<br />
patient’s care (45 CFR 164.510(b))<br />
2. the requirement to honor a request to opt out of the facility directory (45 CFR 164.510(a))<br />
3. the requirement to distribute a notice of privacy practices (45 CFR 164.520)<br />
4. the patient’s right to request privacy restrictions (45 CFR 164.522(a))<br />
5. the patient’s right to request confidential communications (45 CFR 164.522(b))<br />
When and to what entities does the waiver apply<br />
If the Secretary issues such a waiver, it only applies:<br />
1. In the emergency area and for the emergency period identified in the public health emergency declaration.<br />
2. To hospitals that have instituted a disaster protocol. The waiver would apply to all patients at such hospitals.<br />
3. For up to 72 hours from the time the hospital implements its disaster protocol.<br />
When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements<br />
of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its<br />
disaster protocol.<br />
Regardless of the activation of an emergency waiver, the HIPAA Privacy Rule permits disclosures for treatment<br />
purposes and certain disclosures to disaster relief organizations. For instance, the Privacy Rule allows covered<br />
entities to share patient information with the American Red Cross so it can notify family members of the patient’s<br />
location. See 45 CFR 164.510(b)(4).<br />
https://www.hhs.gov/hipaa/for-professionals/faq/1068/is-hipaa-suspended-during-a-national-or-public-healthemergency/index.html<br />
Explore the FAQs tab in your compliance solution<br />
to find answers to your compliance questions!<br />
CLIENT<br />
ALERT<br />
4<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
Causes vs. Reasons for Data Breaches<br />
Cause<br />
Reason<br />
Contact Toll Free: 888-54-FIRST 5
Non-Unionized Workers<br />
& the NLRA: Q & A<br />
Catherine Short<br />
Lauren Moak Russell, Counsel, Young Conaway<br />
Stargatt & Taylor, specializes in the representation<br />
of employers on a range of issues relating to<br />
compliance with local, state, and federal labor and<br />
employment laws and constitutional provisions. She<br />
emphasizes client counseling—on issues ranging<br />
from wage and hour compliance, to workplace<br />
training and investigations, to effective employee<br />
terminations—with the goal of avoiding litigation<br />
before it begins. Her counseling practice includes<br />
handbook revisions, effective policy implementation,<br />
and on-site training on legal compliance. Lauren<br />
has developed and conducts specialized inhouse<br />
training for emerging legal issues including<br />
the pregnancy, reproductive rights, and family<br />
care provisions of the Delaware Discrimination<br />
in Employment Act. As a member of the <strong>First</strong><br />
<strong>Healthcare</strong> <strong>Compliance</strong> Editorial Council, Lauren is a<br />
frequent presenter at educational events. For more<br />
information regarding this topic please view the<br />
related webinar for further discussion and learning.<br />
Below, Lauren answers some common questions<br />
and provides explanations of a few timely topics<br />
related to workplace civility, employers, and the<br />
National Labor Relations Board.<br />
Can you give me an overview of what<br />
you are seeing in your practice regarding<br />
workplace civility, the National Labor<br />
Relations Board under the Biden<br />
administration, and the expanding influence<br />
into non-unionized work forces?<br />
The first thing people need to understand is that<br />
the National Labor Relations Board is not just<br />
for unionized workforces, and that it has a role<br />
6<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
THE VIRTUAL<br />
HIPAA Privacy and<br />
Security Workshop<br />
<strong>2022</strong><br />
Thu, November 3, <strong>2022</strong><br />
12:45 PM – 4:15 PM EDT<br />
The Virtual HIPAA Privacy and Security Workshop <strong>2022</strong> is hosted by <strong>First</strong><br />
<strong>Healthcare</strong> <strong>Compliance</strong> to provide resources for legal and healthcare<br />
professionals facing the challenges of complying with HIPAA regulations.<br />
This half-day event will be held on November 3, <strong>2022</strong>, and will include<br />
CEU credits. Registration is available to the public.<br />
Experts and attorneys will engage with attendees to discuss timely<br />
questions and real-life scenarios related to HIPAA privacy and security<br />
including Notice of Privacy Practices, Business Associates, employee<br />
training, patient rights, safeguards, electronic health records, breaches,<br />
cybersecurity and more.<br />
REGISTER NOW<br />
Contact Toll Free: 888-54-FIRST 7
in regulating nonunion workforces, particularly<br />
where employer policies impact what we call<br />
Section 7 Rights. And that’s really employees’<br />
rights to talk about the terms and conditions of<br />
their employment. And this is an area where we<br />
see a lot of ebb and flow between Republican and<br />
Democratic administrations at the federal level. I<br />
know it’s not a popular thing to talk politics these<br />
days, it’s oftentimes very inflammatory. But the<br />
reality is that the board changes its conduct very<br />
significantly between administrations. Under the<br />
Trump administration, the NLRB saw its role as very<br />
limited in terms of just regulating the relationship of<br />
the unionized workforce.<br />
With the Biden administration, the Board again<br />
really sees its role as expansive. It is very focused<br />
on ensuring that even in a non-unionized workforce,<br />
employers are conducting themselves in a way<br />
that does not adversely impact employees’ rights.<br />
These Section 7 rights, the right to engage in what<br />
we call “Protected Concerted Activity” ensures<br />
employees the ability to talk about and advocate on<br />
terms and conditions of employment. This includes<br />
a lot of things that make employers uncomfortable,<br />
including wages and other forms of compensation,<br />
comparing how much I make to how much you<br />
make, masking, vaccination requirements, anything<br />
that keeps a manager up at night; all almost<br />
certainly touches on Protected Concerted Activity<br />
and that can be protected by the National Labor<br />
Relations Act and enforced by the Board.<br />
Why should this topic be back on employer’s<br />
radars?<br />
The short answer is that there’s been a change in<br />
administration. The Obama administration was very<br />
focused on the expansion of the role of the National<br />
Labor Relations Board. The Trump administration,<br />
had a much more conservative view of the role<br />
of the federal government, and really pared back<br />
the enforcement activities that the Board was<br />
engaged in. And now that we are back under a<br />
Democratic administration, that role is expanding<br />
again. I happen to be somebody who thinks that<br />
predictability is a very important thing for business.<br />
The Most Comprehensive<br />
<strong>Healthcare</strong> <strong>Compliance</strong> Course<br />
The Fundamentals is a user-friendly, four-module<br />
online course designed to help healthcare professionals<br />
understand the essential principles and practices of<br />
compliance.<br />
BUY COURSE NOW<br />
8<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
Whether you are going to have an expansive or<br />
a retracted view of the Board’s role, and there<br />
are grounds to argue for both, it is good for<br />
businesses to know what the expectations of each<br />
of them are. The National Labor Relations Board<br />
swings much more broadly than really any other<br />
federal enforcement agency involved in labor and<br />
employment law. That’s difficult for employers to<br />
cope with. NLRB General Counsel Jennifer Abruzzo<br />
is looking to directly overturn precedent from the<br />
Trump administration, which is really only a couple<br />
of years old.<br />
Conversely, the Trump administration looked to<br />
overturn principles, that in some cases, were<br />
decades old. This is really a problem for both sides<br />
of the aisle, I don’t think anybody is conducting<br />
themselves, necessarily in the way that provides the<br />
most predictability for business. The best we can do<br />
here, on the outside, is to make sure that employers<br />
are educated and know that these risks are out<br />
there. I’m certainly talking about it a lot more to<br />
clients and in seminars than ever before. And I was<br />
in practice under the Obama, the Trump, and now<br />
under the Biden administration. I have never seen<br />
as much effort to enforce against the non-unionized<br />
private sector, as I am seeing now. Biden has held<br />
true to his promise to be the most labor friendly<br />
president that many of us will see in our lifetimes.<br />
Even though the Obama administration expressed<br />
an interest in pursuing these matters, we’re seeing<br />
the enforcement drive from the Biden administration<br />
that was not so present before.<br />
I know from speaking with our health care<br />
leaders, there is a lot on their plates right<br />
now and this is yet another thing to be<br />
worried about. If they could start with one<br />
item, what should it be?<br />
I would take a very careful look at handbooks. That<br />
is an area that almost every business I represent<br />
neglects, because, it’s just there. And you know,<br />
“this other thing is an emergency,” and “I’ve got<br />
to put out that fire.” And to your point, everybody<br />
has a tremendous amount of work on their plates<br />
right now. This is the most difficult environment to<br />
operate in that I’ve ever seen, it is truly amazing<br />
that people can get up and soldier on every morning.<br />
And that’s from the management side. And from<br />
the labor side, everybody’s got a lot on their plates,<br />
too. So, if we could move the handbook to the top<br />
of your non-emergency ”to-do” list, that’s what I<br />
would do. Handbooks should really get a thorough<br />
going over every couple of years anyway. If you<br />
haven’t taken a careful look at your handbook in the<br />
last two years to update it and make sure that it’s<br />
compliant with your current labor and employment<br />
laws, that’s a great thing to do.<br />
More specifically, in reviewing your handbook,<br />
look at policies related to workplace civility, social<br />
media, and the like, and make sure that you’re really<br />
focused on illegal behavior and not just “employees<br />
shouldn’t say things that make us unhappy.” Any<br />
policy that’s designed to keep employees from<br />
saying embarrassing things in public is going to<br />
likely be a problem. We should really be focused<br />
on “do not engage in illegal behavior.” If you are on<br />
Facebook with a picture of you and your favorite<br />
marijuana paraphernalia, that’s something we<br />
can prohibit. We can prohibit harassment and<br />
discrimination and defamation. Defamation is a tort,<br />
it is unlawful. You can prohibit defamatory conduct.<br />
But when we’re talking about general civility and<br />
being nice and be courteous, that’s tough thing to<br />
enforce.<br />
Can you delve a little more into social media<br />
expectations?<br />
Certainly, you can expect employees to be lawful<br />
online. This is a perfectly reasonable expectation.<br />
I have some clients who have a policy that says,<br />
“Please do not post photos of unlawful activity.”<br />
“You should not have open containers of alcohol<br />
in a vehicle.” “You should not post photos of your<br />
marijuana paraphernalia.” “You should not post<br />
racist diatribes on Facebook.” Depending on your<br />
workforce, that may or may not be something you<br />
Contact Toll Free: 888-54-FIRST 9
need to say. But all of this behavior is something you<br />
can expressly prohibit.<br />
What you can’t prohibit and what a lot of social<br />
media policies say is that you may not post anything<br />
online that criticizes the company or its customers,<br />
clients, patients, etc. That is a type of policy that the<br />
NLRB has been extremely suspicious of, and this is<br />
a good time to pare back those sorts of nebulous<br />
requirements. But, of course, in the healthcare<br />
context, we have some additional overlays. Most<br />
employees have HIPAA obligations, right. And you<br />
can absolutely say you may not post anything online<br />
that violates your duty of confidentiality under HIPAA.<br />
It’s when we’re talking more broadly, in the vein<br />
of “if you don’t have anything nice to say, don’t say<br />
anything at all” that the NLRB will become more<br />
critical.<br />
Risk Management Considerations for<br />
the <strong>Healthcare</strong> <strong>Compliance</strong> Officer:<br />
Training, Incident Management,<br />
Governing Boards, and<br />
Measures Unique to COVID-19<br />
It’s no secret that healthcare is one of America’s<br />
most heavily regulated industries with substantial<br />
fines and penalties for non-compliance. Complex<br />
regulations and mandates make compliance<br />
management a necessity.<br />
DOWNLOAD NOW<br />
10<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
How to Safeguard<br />
<strong>Healthcare</strong><br />
Business Assets<br />
Catherine Short<br />
• explore how government and private litigation<br />
matters can impact healthcare companies,<br />
clinicians, and executives<br />
• provide tips and preventative strategies to<br />
preserve income and assets prior to such action<br />
to ensure business continuity and succession<br />
planning<br />
Expert attorneys Sean McKenna, Lauren<br />
Nelson, and Vincent Aiello of Spencer<br />
Fane LLP shared their insights in the<br />
complementary webinar, Preserving<br />
and Protecting Assets In <strong>Healthcare</strong><br />
presented on <strong>October</strong> 13, <strong>2022</strong>.<br />
Join Sean, Lauren, and Vincent as they discuss:<br />
• the interplay between enforcement and liability<br />
proceedings with asset protection<br />
Dive deep into learning how to protect your<br />
business, yourself, and your family financially in<br />
this highly litigious environment. Delve into trusts<br />
and other avenues of good planning to protect and<br />
preserve your assets long before, if or when any<br />
litigation arises. Understand where the government<br />
is currently most concerned in enforcement, where<br />
are the greatest risks, and what has been the<br />
impact of COVID-19. What types of arrangements<br />
are viewed as suspect by the government? Learn<br />
all this and more at our webinar.<br />
Watch Sean, Lauren, and Vincent’s complimentary<br />
webinar here.<br />
Contact Toll Free: 888-54-FIRST 11
Referral Appreciation Program<br />
Receive a $50 gift card* when you refer a client!<br />
<strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> is delighted to offer<br />
a Referral Appreciation Program to say thank you<br />
for helping us to continue to grow. For each new<br />
1st Professional or 1st Premium client originating<br />
from a referral, <strong>First</strong> <strong>Healthcare</strong> <strong>Compliance</strong> will<br />
provide a $50 gift card as a token of appreciation.<br />
LEARN MORE<br />
Navigating Workplace<br />
Violence Prevention<br />
Under OSHA<br />
Workplace violence is a serious issue,<br />
especially in healthcare facilities. The<br />
OSHA workplace violence prevention<br />
guidelines help employees and<br />
employers alike by providing the<br />
necessary steps to maintain a safe<br />
work environment.<br />
DOWNLOAD NOW<br />
12<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
hosted by Catherine Short<br />
1st Talk <strong>Compliance</strong> features guest Trey Scott, Coordinating Attorney at Kennedy, Attorneys & Counselors at<br />
Law, on the topic of “Have a Breach? Reporting Requirements with the OCR.”Trey joins our host, Catherine<br />
Short to discuss the reporting requirements for a data breach of a healthcare provider, the definition of a<br />
breach, different timelines for reporting breaches, as well as how to complete a breach reporting form from<br />
the Office of Civil Rights.<br />
Listen weekdays at<br />
7:30am, 3:30pm, 11:30pm ET<br />
Check out our Show Page!<br />
Looking for the latest compliance insights?<br />
Subscribe to our feed and don’t miss a thing!<br />
Contact Toll Free: 888-54-FIRST 13
COVID-19 <strong>Healthcare</strong><br />
<strong>Compliance</strong> Toolkit<br />
<strong>Healthcare</strong> compliance amidst COVID-19 presents new challenges for<br />
hospitals and healthcare providers. At top importance is the question<br />
of how to slow or stop the spread of COVID-19, while ensuring that your<br />
organization stays compliant.<br />
Now more than ever, your compliance department needs to have the necessary tools<br />
to help track, analyze, and respond to compliance challenges. To help navigate the<br />
process, we’ve gathered our best COVID-19 resources below. If you need further<br />
assistance, please contact us here.<br />
VIEW TOOLKIT<br />
COVID-19 <strong>Healthcare</strong><br />
<strong>Compliance</strong> Updates<br />
In response to the global outbreak of the novel<br />
coronavirus disease (COVID-19), the Secretary<br />
of Health and Human Services declared a public<br />
health emergency on January 31, 2020. Federal<br />
agencies have taken action by issuing updates and<br />
guidance to navigate the crisis. This ebook provides<br />
healthcare providers with important developments<br />
and resources that impact federal healthcare laws.<br />
DOWNLOAD NOW<br />
14<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>
WORD SEARCH<br />
O A K G S X W L U H Q I N F D P I U Y E<br />
C O M P L I A N C E H H O G C I Z G S X<br />
K H G L E C W F N A Y G I J G M F E M T<br />
A S F V K O P I S L D K T S J J D C K V<br />
G D K T D L D U A T E K A Z L M T A A Y<br />
G I M X G A H I P H T I T M A T N L C F<br />
I N Z I S N Q W M C C P N X Y G E P T A<br />
T S L O N O P H Z A E V E X Z N M K S U<br />
P E Q L O I V G H R T Q S P F L Y R F X<br />
W E X I I S S F I E O N E O S Z O O J A<br />
N Y M A T S B T O X R T R W E Z L W H V<br />
F O M B A E B R R Y P C P M C J P B V U<br />
S L L I G F S L O A E N E B R V M Q G Y<br />
C P D L I O R K S M T U R U U W E E T Q<br />
J M W I L R Z D E Z I I B S O F G P G R<br />
J E G T B P E N N O X K O I S H O Q S S<br />
H J U Y O A T G A F I H F N E O A G G C<br />
Q F Z L D Q H C K V L N C E R G P O B N<br />
Q L V Z P G G B K J H C M S Y L X P B I<br />
E C N E D I F N O C W P B S Y C N M Z Z<br />
RESOURCES REPRESENTATION EMPLOYMENT<br />
WORKPLACE PROTECTED ADMINISTRATION<br />
ENFORCEMENT OBLIGATIONS LIABILITY<br />
BUSINESS HEALTHCARE CONFIDENCE<br />
COMPLIANCE PROFESSIONAL EMPLOYEES<br />
Contact Toll Free: 888-54-FIRST 15
Upcoming and On-Demand Webinars<br />
Training<br />
DEC 13, <strong>2022</strong><br />
ON DEMAND<br />
ON DEMAND<br />
ON DEMAND<br />
ON DEMAND<br />
Health Data, A Value Proposition: Legal Risks with<br />
Innovative Data Sharing Projects<br />
Preserving and Protecting Assets In <strong>Healthcare</strong><br />
Automatic Dispensing Cabinets, Patient Care, & the<br />
Actual Sentence in the RaDonda Vaught Case<br />
The Dobbs Opinion, the Repealing of Roe, & the Impact on<br />
the Privacy & Security of Patient Information<br />
Workplace Civility: What Non-Unionized Employers Need<br />
to Know to Navigate the NLRA<br />
Register<br />
All Upcoming Webinars<br />
All On Demand Webinars<br />
IMPORTANT<br />
In the interest of your security, login credentials are<br />
for individual use only and not to be shared. Please<br />
contact Client Services if you require additional<br />
manager level users and/or if there has been a change<br />
in contact information.<br />
NEW FEATURES!<br />
Employee Zone/<strong>Compliance</strong> Detail<br />
Initial Data - Free text comment field has been added.<br />
COVID Vaccination Status - Additional fields have<br />
been added for Second Booster<br />
COVID Vaccination Status/ COVID Testing -<br />
Additional fields have been added to assist<br />
you with tracking COVID vaccination and<br />
CLIENT<br />
ALERT<br />
COVID Testing. Contact Client Services if you have any questions<br />
or would like to turn COVID alerting off.<br />
Training Zone - Employee Activated Status has been added to the<br />
Training Zone landing page view.<br />
Employee Incident Reporting - This new feature will provide<br />
the option for Employees to open/create an Incident Report.<br />
When employee incident reports are created you can review,<br />
update, track and manage them within the Incident Reporting<br />
Zone. Contact Client Services if you are interested in adding this<br />
additional feature to your Incident Reporting Zone.<br />
Join us on Social Media!<br />
Contact our Client Services Team with your questions!<br />
888.54.FIRST or clientservices@1sthcc.com<br />
16<br />
Panacea <strong>Healthcare</strong> Solutions LLC © <strong>2022</strong>