First Healthcare Compliance CONNECT October 2022

CONNECT 

October 2022 

 

A Monthly Publication for the Healthcare Compliance Community 

FAQ: Is the HIPAA Privacy Rule 

suspended during a national or 

public health emergency? 

Infographic: Causes vs. 

Reasons for Data Breaches 

How to Safeguard 

Healthcare Business Assets 

Event: The Virtual HIPAA Privacy 

and Security Workshop 2022 

Non-Unionized Workers 

& the NLRA: Q & A 

1st Talk Compliance: 

Have a Breach? Reporting 

Requirements with the OCR

Got a Minute? Please Rate Us! 

The health of our company depends on the members 

of our community spreading the word about us. 

Share Your Success Story 

An endorsement by you is the greatest compliment 

we could receive! Please take a moment of your time 

to rate us online so that others can benefit from your 

experience. It’s a simple way to help us grow and 

improve. 

We appreciate your support and look forward to 

hearing from you! 

In This Issue: 

FAQ: Is the HIPAA Privacy Rule suspended 

during a national or public health emergency? 

Infographic: Causes vs. Reasons for Data 

Breaches 

How to Safeguard Healthcare Business Assets 

Non-Unionized Workers & the NLRA: Q & A 

1st Talk Compliance Podcast: Have a Breach? 

Reporting Requirements with the OCR 

2 

Panacea Healthcare Solutions LLC © 2022

Compliance Super Ninja 

Michelle Creditt 

Practice Manager, Clermont Internist Associates 

How would you describe your experience with First Healthcare Compliance? 

The system is very easy to use. I love how quickly I can enter the information. 

What do you enjoy most about working with Clermont Internist Associates? 

My favorite thing about working at Clermont Internists is the staff. They are enjoyable to work with. 

Would you rather have a flower garden or a vegetable garden? Why? 

I would rather have a flower garden. I love to landscape and work in my yard. 

Event: The Virtual HIPAA Privacy and Security 

Workshop 2022 

COVID-19 Healthcare Compliance Toolkit 

Contact Toll Free: 888-54-FIRST 3

FAQ Corner 

Is the HIPAA Privacy Rule suspended during a national or public health emergency? 

No; however, the Secretary of HHS may waive certain provisions of the Rule under the Project Bioshield Act of 2004 

(PL 108-276) and section 1135(b)(7) of the Social Security Act. 

What provisions may be waived 

If the President declares an emergency or disaster and the Secretary declares a public health emergency, the 

Secretary may waive sanctions and penalties against a covered hospital that does not comply with certain provisions 

of the HIPAA Privacy Rule: 

1. the requirements to obtain a patient’s agreement to speak with family members or friends involved in the 

patient’s care (45 CFR 164.510(b)) 

2. the requirement to honor a request to opt out of the facility directory (45 CFR 164.510(a)) 

3. the requirement to distribute a notice of privacy practices (45 CFR 164.520) 

4. the patient’s right to request privacy restrictions (45 CFR 164.522(a)) 

5. the patient’s right to request confidential communications (45 CFR 164.522(b)) 

When and to what entities does the waiver apply 

If the Secretary issues such a waiver, it only applies: 

1. In the emergency area and for the emergency period identified in the public health emergency declaration. 

2. To hospitals that have instituted a disaster protocol. The waiver would apply to all patients at such hospitals. 

3. For up to 72 hours from the time the hospital implements its disaster protocol. 

When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements 

of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its 

disaster protocol. 

Regardless of the activation of an emergency waiver, the HIPAA Privacy Rule permits disclosures for treatment 

purposes and certain disclosures to disaster relief organizations. For instance, the Privacy Rule allows covered 

entities to share patient information with the American Red Cross so it can notify family members of the patient’s 

location. See 45 CFR 164.510(b)(4). 

https://www.hhs.gov/hipaa/for-professionals/faq/1068/is-hipaa-suspended-during-a-national-or-public-healthemergency/index.html 

Explore the FAQs tab in your compliance solution 

to find answers to your compliance questions! 

CLIENT 

ALERT 

4 


Causes vs. Reasons for Data Breaches 

Cause 

Reason 


Non-Unionized Workers 

& the NLRA: Q & A 

Catherine Short 

Lauren Moak Russell, Counsel, Young Conaway 

Stargatt & Taylor, specializes in the representation 

of employers on a range of issues relating to 

compliance with local, state, and federal labor and 

employment laws and constitutional provisions. She 

emphasizes client counseling—on issues ranging 

from wage and hour compliance, to workplace 

training and investigations, to effective employee 

terminations—with the goal of avoiding litigation 

before it begins. Her counseling practice includes 

handbook revisions, effective policy implementation, 

and on-site training on legal compliance. Lauren 

has developed and conducts specialized inhouse 

training for emerging legal issues including 

the pregnancy, reproductive rights, and family 

care provisions of the Delaware Discrimination 

in Employment Act. As a member of the First 

Healthcare Compliance Editorial Council, Lauren is a 

frequent presenter at educational events. For more 

information regarding this topic please view the 

related webinar for further discussion and learning. 

Below, Lauren answers some common questions 

and provides explanations of a few timely topics 

related to workplace civility, employers, and the 

National Labor Relations Board. 

Can you give me an overview of what 

you are seeing in your practice regarding 

workplace civility, the National Labor 

Relations Board under the Biden 

administration, and the expanding influence 

into non-unionized work forces? 

The first thing people need to understand is that 

the National Labor Relations Board is not just 

for unionized workforces, and that it has a role 

6 


THE VIRTUAL 

HIPAA Privacy and 

Security Workshop 

2022 

Thu, November 3, 2022 

12:45 PM – 4:15 PM EDT 

The Virtual HIPAA Privacy and Security Workshop 2022 is hosted by First 

Healthcare Compliance to provide resources for legal and healthcare 

professionals facing the challenges of complying with HIPAA regulations. 

This half-day event will be held on November 3, 2022, and will include 

CEU credits. Registration is available to the public. 

Experts and attorneys will engage with attendees to discuss timely 

questions and real-life scenarios related to HIPAA privacy and security 

including Notice of Privacy Practices, Business Associates, employee 

training, patient rights, safeguards, electronic health records, breaches, 

cybersecurity and more. 

REGISTER NOW 


in regulating nonunion workforces, particularly 

where employer policies impact what we call 

Section 7 Rights. And that’s really employees’ 

rights to talk about the terms and conditions of 

their employment. And this is an area where we 

see a lot of ebb and flow between Republican and 

Democratic administrations at the federal level. I 

know it’s not a popular thing to talk politics these 

days, it’s oftentimes very inflammatory. But the 

reality is that the board changes its conduct very 

significantly between administrations. Under the 

Trump administration, the NLRB saw its role as very 

limited in terms of just regulating the relationship of 

the unionized workforce. 

With the Biden administration, the Board again 

really sees its role as expansive. It is very focused 

on ensuring that even in a non-unionized workforce, 

employers are conducting themselves in a way 

that does not adversely impact employees’ rights. 

These Section 7 rights, the right to engage in what 

we call “Protected Concerted Activity” ensures 

employees the ability to talk about and advocate on 

terms and conditions of employment. This includes 

a lot of things that make employers uncomfortable, 

including wages and other forms of compensation, 

comparing how much I make to how much you 

make, masking, vaccination requirements, anything 

that keeps a manager up at night; all almost 

certainly touches on Protected Concerted Activity 

and that can be protected by the National Labor 

Relations Act and enforced by the Board. 

Why should this topic be back on employer’s 

radars? 

The short answer is that there’s been a change in 

administration. The Obama administration was very 

focused on the expansion of the role of the National 

Labor Relations Board. The Trump administration, 

had a much more conservative view of the role 

of the federal government, and really pared back 

the enforcement activities that the Board was 

engaged in. And now that we are back under a 

Democratic administration, that role is expanding 

again. I happen to be somebody who thinks that 

predictability is a very important thing for business. 

The Most Comprehensive 

Healthcare Compliance Course 

The Fundamentals is a user-friendly, four-module 

online course designed to help healthcare professionals 

understand the essential principles and practices of 

compliance. 

BUY COURSE NOW 

8 


Whether you are going to have an expansive or 

a retracted view of the Board’s role, and there 

are grounds to argue for both, it is good for 

businesses to know what the expectations of each 

of them are. The National Labor Relations Board 

swings much more broadly than really any other 

federal enforcement agency involved in labor and 

employment law. That’s difficult for employers to 

cope with. NLRB General Counsel Jennifer Abruzzo 

is looking to directly overturn precedent from the 

Trump administration, which is really only a couple 

of years old. 

Conversely, the Trump administration looked to 

overturn principles, that in some cases, were 

decades old. This is really a problem for both sides 

of the aisle, I don’t think anybody is conducting 

themselves, necessarily in the way that provides the 

most predictability for business. The best we can do 

here, on the outside, is to make sure that employers 

are educated and know that these risks are out 

there. I’m certainly talking about it a lot more to 

clients and in seminars than ever before. And I was 

in practice under the Obama, the Trump, and now 

under the Biden administration. I have never seen 

as much effort to enforce against the non-unionized 

private sector, as I am seeing now. Biden has held 

true to his promise to be the most labor friendly 

president that many of us will see in our lifetimes. 

Even though the Obama administration expressed 

an interest in pursuing these matters, we’re seeing 

the enforcement drive from the Biden administration 

that was not so present before. 

I know from speaking with our health care 

leaders, there is a lot on their plates right 

now and this is yet another thing to be 

worried about. If they could start with one 

item, what should it be? 

I would take a very careful look at handbooks. That 

is an area that almost every business I represent 

neglects, because, it’s just there. And you know, 

“this other thing is an emergency,” and “I’ve got 

to put out that fire.” And to your point, everybody 

has a tremendous amount of work on their plates 

right now. This is the most difficult environment to 

operate in that I’ve ever seen, it is truly amazing 

that people can get up and soldier on every morning. 

And that’s from the management side. And from 

the labor side, everybody’s got a lot on their plates, 

too. So, if we could move the handbook to the top 

of your non-emergency ”to-do” list, that’s what I 

would do. Handbooks should really get a thorough 

going over every couple of years anyway. If you 

haven’t taken a careful look at your handbook in the 

last two years to update it and make sure that it’s 

compliant with your current labor and employment 

laws, that’s a great thing to do. 

More specifically, in reviewing your handbook, 

look at policies related to workplace civility, social 

media, and the like, and make sure that you’re really 

focused on illegal behavior and not just “employees 

shouldn’t say things that make us unhappy.” Any 

policy that’s designed to keep employees from 

saying embarrassing things in public is going to 

likely be a problem. We should really be focused 

on “do not engage in illegal behavior.” If you are on 

Facebook with a picture of you and your favorite 

marijuana paraphernalia, that’s something we 

can prohibit. We can prohibit harassment and 

discrimination and defamation. Defamation is a tort, 

it is unlawful. You can prohibit defamatory conduct. 

But when we’re talking about general civility and 

being nice and be courteous, that’s tough thing to 

enforce. 

Can you delve a little more into social media 

expectations? 

Certainly, you can expect employees to be lawful 

online. This is a perfectly reasonable expectation. 

I have some clients who have a policy that says, 

“Please do not post photos of unlawful activity.” 

“You should not have open containers of alcohol 

in a vehicle.” “You should not post photos of your 

marijuana paraphernalia.” “You should not post 

racist diatribes on Facebook.” Depending on your 

workforce, that may or may not be something you 


need to say. But all of this behavior is something you 

can expressly prohibit. 

What you can’t prohibit and what a lot of social 

media policies say is that you may not post anything 

online that criticizes the company or its customers, 

clients, patients, etc. That is a type of policy that the 

NLRB has been extremely suspicious of, and this is 

a good time to pare back those sorts of nebulous 

requirements. But, of course, in the healthcare 

context, we have some additional overlays. Most 

employees have HIPAA obligations, right. And you 

can absolutely say you may not post anything online 

that violates your duty of confidentiality under HIPAA. 

It’s when we’re talking more broadly, in the vein 

of “if you don’t have anything nice to say, don’t say 

anything at all” that the NLRB will become more 

critical. 

Risk Management Considerations for 

the Healthcare Compliance Officer: 

Training, Incident Management, 

Governing Boards, and 

Measures Unique to COVID-19 

It’s no secret that healthcare is one of America’s 

most heavily regulated industries with substantial 

fines and penalties for non-compliance. Complex 

regulations and mandates make compliance 

management a necessity. 

DOWNLOAD NOW 

10 


How to Safeguard 

Healthcare 

Business Assets 

Catherine Short 

• explore how government and private litigation 

matters can impact healthcare companies, 

clinicians, and executives 

• provide tips and preventative strategies to 

preserve income and assets prior to such action 

to ensure business continuity and succession 

planning 

Expert attorneys Sean McKenna, Lauren 

Nelson, and Vincent Aiello of Spencer 

Fane LLP shared their insights in the 

complementary webinar, Preserving 

and Protecting Assets In Healthcare 

presented on October 13, 2022. 

Join Sean, Lauren, and Vincent as they discuss: 

• the interplay between enforcement and liability 

proceedings with asset protection 

Dive deep into learning how to protect your 

business, yourself, and your family financially in 

this highly litigious environment. Delve into trusts 

and other avenues of good planning to protect and 

preserve your assets long before, if or when any 

litigation arises. Understand where the government 

is currently most concerned in enforcement, where 

are the greatest risks, and what has been the 

impact of COVID-19. What types of arrangements 

are viewed as suspect by the government? Learn 

all this and more at our webinar. 

Watch Sean, Lauren, and Vincent’s complimentary 

webinar here. 


Referral Appreciation Program 

Receive a $50 gift card* when you refer a client! 

First Healthcare Compliance is delighted to offer 

a Referral Appreciation Program to say thank you 

for helping us to continue to grow. For each new 

1st Professional or 1st Premium client originating 

from a referral, First Healthcare Compliance will 

provide a $50 gift card as a token of appreciation. 

LEARN MORE 

Navigating Workplace 

Violence Prevention 

Under OSHA 

Workplace violence is a serious issue, 

especially in healthcare facilities. The 

OSHA workplace violence prevention 

guidelines help employees and 

employers alike by providing the 

necessary steps to maintain a safe 

work environment. 

DOWNLOAD NOW 

12 


hosted by Catherine Short 

1st Talk Compliance features guest Trey Scott, Coordinating Attorney at Kennedy, Attorneys & Counselors at 

Law, on the topic of “Have a Breach? Reporting Requirements with the OCR.”Trey joins our host, Catherine 

Short to discuss the reporting requirements for a data breach of a healthcare provider, the definition of a 

breach, different timelines for reporting breaches, as well as how to complete a breach reporting form from 

the Office of Civil Rights. 

Listen weekdays at 

7:30am, 3:30pm, 11:30pm ET 

Check out our Show Page! 

Looking for the latest compliance insights? 

Subscribe to our feed and don’t miss a thing! 


COVID-19 Healthcare 

Compliance Toolkit 

Healthcare compliance amidst COVID-19 presents new challenges for 

hospitals and healthcare providers. At top importance is the question 

of how to slow or stop the spread of COVID-19, while ensuring that your 

organization stays compliant. 

Now more than ever, your compliance department needs to have the necessary tools 

to help track, analyze, and respond to compliance challenges. To help navigate the 

process, we’ve gathered our best COVID-19 resources below. If you need further 

assistance, please contact us here. 

VIEW TOOLKIT 

COVID-19 Healthcare 

Compliance Updates 

In response to the global outbreak of the novel 

coronavirus disease (COVID-19), the Secretary 

of Health and Human Services declared a public 

health emergency on January 31, 2020. Federal 

agencies have taken action by issuing updates and 

guidance to navigate the crisis. This ebook provides 

healthcare providers with important developments 

and resources that impact federal healthcare laws. 

DOWNLOAD NOW 

14 


WORD SEARCH 

O A K G S X W L U H Q I N F D P I U Y E 

C O M P L I A N C E H H O G C I Z G S X 

K H G L E C W F N A Y G I J G M F E M T 

A S F V K O P I S L D K T S J J D C K V 

G D K T D L D U A T E K A Z L M T A A Y 

G I M X G A H I P H T I T M A T N L C F 

I N Z I S N Q W M C C P N X Y G E P T A 

T S L O N O P H Z A E V E X Z N M K S U 

P E Q L O I V G H R T Q S P F L Y R F X 

W E X I I S S F I E O N E O S Z O O J A 

N Y M A T S B T O X R T R W E Z L W H V 

F O M B A E B R R Y P C P M C J P B V U 

S L L I G F S L O A E N E B R V M Q G Y 

C P D L I O R K S M T U R U U W E E T Q 

J M W I L R Z D E Z I I B S O F G P G R 

J E G T B P E N N O X K O I S H O Q S S 

H J U Y O A T G A F I H F N E O A G G C 

Q F Z L D Q H C K V L N C E R G P O B N 

Q L V Z P G G B K J H C M S Y L X P B I 

E C N E D I F N O C W P B S Y C N M Z Z 

RESOURCES REPRESENTATION EMPLOYMENT 

WORKPLACE PROTECTED ADMINISTRATION 

ENFORCEMENT OBLIGATIONS LIABILITY 

BUSINESS HEALTHCARE CONFIDENCE 

COMPLIANCE PROFESSIONAL EMPLOYEES 


Upcoming and On-Demand Webinars 

Training 

DEC 13, 2022 

ON DEMAND 

ON DEMAND 

ON DEMAND 

ON DEMAND 

Health Data, A Value Proposition: Legal Risks with 

Innovative Data Sharing Projects 

Preserving and Protecting Assets In Healthcare 

Automatic Dispensing Cabinets, Patient Care, & the 

Actual Sentence in the RaDonda Vaught Case 

The Dobbs Opinion, the Repealing of Roe, & the Impact on 

the Privacy & Security of Patient Information 

Workplace Civility: What Non-Unionized Employers Need 

to Know to Navigate the NLRA 

Register 

All Upcoming Webinars 

All On Demand Webinars 

IMPORTANT 

In the interest of your security, login credentials are 

for individual use only and not to be shared. Please 

contact Client Services if you require additional 

manager level users and/or if there has been a change 

in contact information. 

NEW FEATURES! 

Employee Zone/Compliance Detail 

Initial Data - Free text comment field has been added. 

COVID Vaccination Status - Additional fields have 

been added for Second Booster 

COVID Vaccination Status/ COVID Testing - 

Additional fields have been added to assist 

you with tracking COVID vaccination and 

CLIENT 

ALERT 

COVID Testing. Contact Client Services if you have any questions 

or would like to turn COVID alerting off. 

Training Zone - Employee Activated Status has been added to the 

Training Zone landing page view. 

Employee Incident Reporting - This new feature will provide 

the option for Employees to open/create an Incident Report. 

When employee incident reports are created you can review, 

update, track and manage them within the Incident Reporting 

Zone. Contact Client Services if you are interested in adding this 

additional feature to your Incident Reporting Zone. 

Join us on Social Media! 

Contact our Client Services Team with your questions! 

888.54.FIRST or clientservices@1sthcc.com 

16

First Healthcare Compliance CONNECT October 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?