To view this comprehensive guide simply click on the image below to read online or download as a pdf file.
HIPAA OMNIBUS RULE QUICK CHECKLIST of REQUIREMENTS provides you with a valuable resource to explore HIPAA Requirements and cross reference them against the notes provided.
For additional guidance with this checklist as it applies to your dental setting,
please feel free to contact us for a Discovery Meeting: 941-587-2864
Did you know? HIPAA Audits are now being conducted in healthcare settings and this may affect your dental office! Watch the video below to get more details and visit the HHS.gov links—Most of all–get prepared!
Office of Civil Rights / The Department of Health & Human Services in 2016 will launch an email campaign to randomly choose healthcare facilities and email them a PHASE 1 HIPAA Survey/ Questionnaires. These surveys request detailed—sometimes financial information about your healthcare facilities’ HIPAA Practices. Take a look at this survey (by clicking the link above). It includes a multitude of questions that pertain to your revenue and income! The survey is overtly focused on income–which might make you wonder: “What else will the government do with this information?”
Nonetheless, HHS/OCR will send these HIPAA PHASE One email surveys to healthcare offices—which will allow you 10 days to respond. If you do not respond to the survey, OCR will use public info to create its audit subject pool. Keep in mind the questionnaire is pretty lengthy.
If you get thrown into the “HIPAA Pool” then your healthcare facility can be subject to a HIPAA Audit. This is a live HIPAA inspection of your facility conducted by an office HIPAA Auditor. This is the PHASE II IN-OFFICE HIPAA AUDIT. Those HIPAA Auditor can return! Or request ongoing information for up to 18 months and bring your facility fines ranging from $10K to $150K for non-compliance.
So what do you do? Make sure you have your facility is HIP to the new HIPAA Hype! Have in place a comprehensive HIPAA Program, that includes:
· HIPAA Omnibus Rule Employee Training with Proof-of-Training Certificate
· Updated HIPAA Manual written to the Omnibus Rule Standards
· (8) Updated HIPAA Forms—for use in your dental office
· A written Risk Assessment / Analysis Plan for your office
The Risk Assessment/ Analysis Plan is super important. It is a lengthy report that you must create for your healthcare setting that will detail your Administrative, physical and Technical aspects of your HIPAA Risks & Safeguards. Is will entail a lot of time and attention—but once you have it completed, you can use that one for a template to update regularly (as that is required as well!).
If you are having trouble wrapping your head around all of this, feel free to email or call us for some clarification or guidance. We are HIPAA Healthcare Coaches who are happy to help you get educated and organized with regards to these very robust HIPAA Omnibus Rules and the new PHASE I & II Audits.
Don’t risk getting lost and tangled in an extensive HIPAA Audit. Update your HIPAA Manual & Protocols based on this valuable insight.
Everything changes. This is astoundingly true when it comes to HIPAA protocols in the dental office! Technology leads and speeds our communication age but opens up a free-for-all for identity thieves & computer hackers. If you invest the next 5-minutes in reading this article, it will provide valuable insight that could prevent poor judgment & common HIPAA mistakes that may unknowingly be happening at your dental office.
HIPAA is the new “canker sore” of the dental industry. It’s problematic and many times (breaches) can originate without notice. Then they rage with fury when the HIPAA Auditor comes to inspect the Privacy & Security Practices within your office.
This is especially true with regards to Patient Protected Health Information (PHI). The coveted “matching social security number + date of birth” is the grand prize in the underworld of identity pirates. And dental offices can make the bootie even grander with patient data that is ripe & readily accessible. Even opening an innocent email can land you in scalding water.
Below are (2) real-life situations to remedy within your office. Whether you are already HIPAA Omnibus Rule Savvy (having updated all of your HIPAA protocols since 2013) or if you need to have a HIPAA update & overhaul to these new standards, the following incidents will help you understand how to properly prepare your dental team for current-day HIPAA success:
THE RANSOMWARE SCARE
One morning Rita the receptionist sat down at her desk to start her workday, as she always did by sorting through her email. Everyone else was settling into their operatories and beginning patient care. Her Outlook™ launcher started to open, but as she started to navigate, she couldn’t. Her computer locked up. She went to re-boot, but couldn’t. Things were locked up. A yell came from the hygienist, and then the doctor and then the assistant: “What’s going on with the computers?”, each clinician howled.
It was a ransomware attack. Ransomware is a type of computer trojan horse virus that is launched by either opening a file or clicking on a link. Ransomware thieves commonly present these viruses in unsuspecting emails that look normal, but lock you out of your own computers. They will paralyze and stop your dental practice, many times for days. The email will come in auspiciously from a company or individual that you recognize. The first Ransomware used email sent, supposedly, from either FedEx or UPS saying: “They tried to deliver a package and to please click on a link to reschedule”. The instant that the link is clicked on the Ransomware is launched and it is too late. Your computers lock down. More recently email that looks as if are from a patient asking you to ‘click-a-link’ again, the Ransomware is launched.
What’s the pay off? Ransomware thieves are looking for money, in the form of bit-coins, which are a form of untraceable internet currency. In 2015, there were an estimated 5M pieces of ransomware. The bandits are looking for $500-$1000 in bit-coin ransom per attack. This is big business in the felonious world of internet hacking malefactors. And it can happen to anyone or any business. For the unsuspecting dental office, most computer lockdowns will paralyze then destroy office functions, for days, weeks and many times cause irreparable damage.
What’s the prevention? There needs to be a technology break through that allows the defense against these viruses. In the meantime, Best Practices will have you using a Business Continuity System (BCS)(from DDS Rescue™) that acts as a unique safeguard. The BCS protects your office functions, as it can instantly perform as a virtualized office server. This is something no other providers can thus far offer. When your computers lock, DDS Rescue™ can be called and the virtualized office server is activated. Then your IT tech can “scrub” your server of all corruptions and repopulate your original server.
BACK UP DRIVES THAT BITE BACK
Dr. Detailed liked to keep his pulse on all of the “going-ons” within the practice. He needed to be “in-the-know” & “in control” of business at all times and kept important practice information within his reach deliberately.
Every day at the close of business, Dr. Detailed had the same routine. He would pick up the deposit envelope from his receptionist, reach under his desk, pop- the data back-up drive out of the server tower, carry both to his car and speed off to the bank’s night depository.
On Saturday morning, he took the back-up drive with him, laid it on the front seat and headed to the office. He worked in his lab all morning. Then realized he left the back up drive on his front seat. The car was locked but now glass was smashed everywhere and he searched and searched but the back-up drive was gone. He called the police.
“Why would this happen? he asked. The officer replied, “Could be kids, could be more. Recently there have been a string of attacks on Healthcare offices. Identity Thieves seeking patient information. Especially Social Security Numbers that match to Birth Dates. Why are you still using a take-along removable disk drive for your data?” Questioned the officer. Dr. Detailed nervously stammered, “Ah—I—was going to change…but –I –ah…. Couldn’t decide, didn’t want to change over— who would want my patient data? I’m—- I’m—-I’m just a dentist!” he growled.
“Well Dr. Detailed, How many patient records would you say were on that back-up drive?”
“2431 active patients and 107 inactive, Dr. Detailed — managed to mumble.
Have a seat Doctor— this report is going to take a while.
That weekend was a whirlwind of research for Dr. Detailed. He talked to Police Officers, HIPAA lawyers and realized that he would have to report this to all 2538 patients, to the Department of Health & Human Services in a formal on-line report and also announce this to the public via the media.
His legal retainer was $20,000. The HIPAA Audit he was warned, could last up to 18 months. Fines start at $10,000 and can run up into the $1M mark. He learned that 48 % of HIPAA Breaches come from theft of devices.
The next 12 months were life changing. Dr. Detailed’s practice started to dry up. There wasn’t much to micro manage. His HIPAA Fines were upwards of $300K and his legal fees just as much. He wished daily that he would have done his homework and listened to this dentist friends that were choosing more resourceful and secure Daily Data Back-Up options that measured up to the new HIPAA Omnibus Rule protocols that called for “offsite & encrypted” daily data back-up copies.
What’s the prevention? Getting educated about these new HIPAA Omnibus Rules is key. They impact most all of your day-to-day business functions and every employee has to be educated to understand these new laws. Then align in accordance with these laws. This requires employee training, updating paperwork / forms and revising all office protocols— which includes software, internet and email activities too. Begin by aligning your dental team with HIPAA experts. You will need HIPAA educators, form paperwork providers, IT, software data back up integration companies. These new HIPAA Omnibus Rules are nothing to take lightly. Enlightenment to the laws is the first step.
For more information or to get HIPAA Omnibus Rule answers, you can reach out to:
JILL OBROCHTA RDH, OSHA & HIPAA Dental Industry Educator,
jill@dentalenhancements.com 941-587-2864
Steve White 39 year industry veteran
swhite@ddsrescue.com (800) 998-9048 ext. 107
Did you know…
HIPAA audits for the dental practices continue to rise. Patient complaints are the number one reason you may be targeted and chosen for a HIPAA audit. The employee that most commonly sparks these reports? Your reception team. And it’s typically not because they are not dedicated, conscientious employees. It’s because they may not be HIPAA savvy enough…
Since 2013, under the new HIPAA Omnibus Rules, lack of understanding these new HIPAA laws and required business protocols, use of improper verbal skills, use of obsolete HIPAA forms and lack of providing a private patient “check-in and check-out” experience, all can lead to HIPAA havoc. These days, patients commonly leave a healthcare facility and report HIPAA violations right from their phones in your parking lot! This leads to insidious HIPAA audits and can also be the source of hefty penalties and fines.
($10,000 – $1.5M)
Dentists and Office Managers should take heed: The way you’ve operated your front desk historically, may not be serving you properly in today’s threatening HIPAA Privacy Climate. New HIPAA Omnibus Rules demand the attention and proper business execution from your reception team. Several easy-to-implement tactics can protect your dental practice from HIPAA violations, and help you avoid an audit.
Dentists & Office Managers, join us for an informative, free ‘Watch Anytime’ webinar, that is sure to provide an enlightening outlook at how you approach HIPAA protocols within your dental practice. Solutions for updates will also be reviewed. Watch now…
Now take the HIPAA Survival – Risk Assessment Questionnaire to find out how you score
[wp_simple_survey id=”2″]
SHAMOKIN– Dr. Vincent Paczkoskie , a dentist in Shamonkin, PA practicing for over 40 years, has had his license suspended after Pennsylvania State Health Officials found he did not follow appropriate protocols to sterilize and disinfect instruments. Inspectors found several violations including: No evidence of instruments being sterilized during several weeks in June 2014, not having a contract with a Bio-Medical Waste Disposal Company and several other procedural issues with regards infection control in the office.
Currently there are no reports of patients being infected with life threatening viruses but the Pennsylvania Department of Health is recommending current and former patients be tested for Hepatitis B, Hepatitis C, and HIV.
https://on.aol.com/video/dentist-accused-of-exposing-patients-to-hiv-518272335
Written by Jill Obrochta and Heather Whitt of Dental Enhancements.
If you don’t know the answer to this question, you are in for a surprise! You are not the only one in the dark regarding compliance deadlines when it comes to OSHA and HIPAA. Let us enlighten you.
Let’s begin at the beginning! Annual OSHA Employee Training is required for Federal OSHA compliance, this you may already know.
In addition to that, there was an International Chemical Safety Module added last year called The Global Harmonization System Law (GHS). It is in fact, is a completely separate training requirement from Annual OSHA Employee Training. Not to worry, don’t be overwhelmed, help is available. There are easy, affordable options to help you achieve the GHS training requirement. Selecting the right training program is key! You want a comprehensive, yet simple program (with hand-holding if necessary). Be sure you choose a company that will walk you through the process and provides outstanding service as well.
If that isn’t enough to make your head spin, there’s more! HIPAA has completely changed as of last year. The new protocols are called HIPAA Omnibus Rule. All training and implementation of new protocols were due in place by September 23, 2013. Dental offices now need to be compliant to the Omnibus Rules. This involves employee training and new patient forms, as well as a new HIPAA manual written to the new Omnibus Rule Standard. Again, choosing a user-friendly compliance training program is key! Choosing a compliance company that will walk you through this process, provide ready-to-use forms and easy-to-understand training is paramount. HIPAA compliance is very complex and overwhelming on its own. Don’t try to navigate this slippery slope on your own, help is only a phone call away! For a free HIPAA consultation for your dental office, call 941-587-2864.
Written by Jill Obrochta and Heather Whitt of Dental Enhancements
Not sure if you are aware but many States are hiring additional OSHA Inspectors for more penetration into the workplace. Dental Offices are especially being profiled.
In recent months several dental offices have been made examples of for gross negligence in infection control processes. New Hampshire Orthodontist and Oklahoma Oral Surgeon. Now let’s focus on what you would never want to say to an OSHA Inspector:
1. “Shoot, I don’t think our autoclave is working today. Can we just use bleach on the instruments?”
2. “What do you mean I can’t wear my dirty scrubs home. I wear them to the grocery store after work all the time.”
3. “Hold on a second, I have to run this dirty needle down the hall to the sterilization area.”
4. “Where is my Big Red Bag? I have a big red beach bag at home, is that what you mean?”
5. “Yes, we always drink coffee up here at the front desk, and I keep snacks right here in this drawer for convenience.”
6. “What do you mean we have to do these Spore Strip Tests Weekly?”
7. “What do you mean we have to send these Spore Strip Tests out to a Third Party for evaluation, we do that all in-house!”
8. “GHS Certified?, No we don’t have that. We are CPR Certified!”
9. “We do not have Pictograms, but Suzie got a Pajam-a-gram for her birthday at the office last week!”
10. “OSHA — Sm-OSHA, we have patients to see around here. We don’t have time for that.”
So much for poking a little fun at the regulations. Seriously, many dental offices do not know where unsafe behavior starts and where compliance begins! Don’t be caught unprepared or looking uneducated. Saying that you are unaware of the laws will only infuriate most OSHA Inspectors. Make sure you choose an OSHA Compliance Training Company that will help you get all regulations in place. Choose one that will help you with understanding the laws, implementing all of the requirements and that is available for direct questions you may have when putting your protocols in place.
Say what you need to say to Mr. OSHA Inspector, but say it with confidence and conviction.
Written by Jill Obrochta & Heather Whitt of Dental Enhancements.
So you are in charge of HIPAA Compliance for your dental office, now what? If you are wondering where to even start, you are not alone. Knowing what paperwork is required is imperative (and it is extensive!) As of September 23, 2013, federal HIPAA Law was updated to the new Omnibus Rule Standard. 580 pages of revised HIPAA law. You may feel overwhelmed, but there are options to make implementing HIPAA Omnibus Rule protocols within your dental practice smooth and successful. All of your current HIPAA forms will need to change, and you are responsible for adding a few more! Choosing a HIPAA expert that provides ready-to-use forms is priceless! If you are in charge of making your own HIPAA forms, that is a daunting task. If you do not want that headache and responsibility, you absolutely should choose a HIPAA compliance training company that will create and provide all the forms for you compliant to Omnibus Rule. Training you and all of your employees to HIPAA Omnibus Rule Standards is also imperative. You’ll also need a new HIPAA manual written to Omnibus Rule. So back to forms, what is required?
1. New Employee and Business Associate Confidentiality Agreements
2. New Patient Acknowledgement Forms, Omnibus Rule Compliant
3. New Notice of Privacy Practices disclosed
4. Third Party Release Form for Medical Records
5. Many others
6. A new HIPAA manual written to Omnibus Rule Requirements
Don’t fret. Instead, choose a HIPAA compliance company that specializes in helping dental offices get completely HIPAA Omnibus Rule compliant. Hip hop over to check out this HIPAA Omnibus Rule Complete Package, it’s our favorite!
Written by: Jill Obrochta and Heather Whitt of Dental Enhancements
Are you the lucky one that is in charge of OSHA compliance for your office? If you are, then where to begin with the required paperwork can leave your head spinning! Keep in mind, there is a lot of paperwork required beyond the proof-of-annual-training certificate that your employees need to sign. Let’s take a look at what else is required to be comprehensively compliant:
As of December 1, 2013, an additional module to OSHA called The Global Harmonization System (GHS) requires additional training and paperwork for all of your employees. GHS is an international chemical safety program. GHS Certification is now a required part of your OSHA paperwork. Also, all employees should sign forms with their risk of occupational exposures categorized, and rated by professional position. OSHA manuals are also due to be updated, and written to GHS Standard. Are you confused, maybe a little intimidated? You want to do the right thing, but where do you turn?
Rather than try to figure out and find the paperwork yourself, finding a reliable, knowledgeable OSHA compliance company will take the burden off of you completely. This one decision in hiring the right OSHA experts can be the single, most important decision you can make regarding your offices’ OSHA compliance. You’ll want to look for a company that can supply all forms and training needs so you can do what you do best, dentistry!
All of the Dental Enhancements products and services come with guided attention from one of our OSHA/GHS experts and you get all necessary forms customized for your team and in electronic format. (Microsoft Word and PDF).
Paperwork: you either have too much or can get caught with not having enough. Don’t risk it! Call Dental Enhancements and get on the right paper trail!
Written by Jill Obrochta and Heather Whitt of Dental Enhancements
It’s no joke, having to face OSHA Compliance (especially if you are the one in charge of it!) is a pain! No worries, sit back click your heels together and we are about to make the pain subside. Keep in mind these (3) factors and you will be flying high with OSHA compliance:
1. Comprehensive Is Key!: In 2013 OSHA compliance mandated that dental offices begin to implement the Global Harmonization System (GHS). By December 1, 2013 it was required that all employees be trained to this GHS-Standard. Proof of this training is also required. Your OSHA Manual will also need to be updated to this new GHS standard. Finally, your required OSHA Employee Paperwork needs to be updated too. Don’t feel overwhelmed or discouraged. Simply choose a comprehensive GHS training solution. This one seems to be written by the tooth fairy herself. It’s logical and stress-free!
2. Seek Expert Advice: Plain and simple: Work with OSHA Experts! The new protocols are complex and “You don’t know what you don’t know…(but you need to!) Don’t put your office at risk for a stressful OSHA inspection. It’s not worth the agony. Be sure to choose an OSHA compliance company that will protect and guide you. (This company makes it easy!)
3. Are You Up-to-Date? There is no excuse for non-compliance, And “not knowing” is not a good answer! GHS Standards will undoubtedly change and update. Stay in-touch with a compliance company that will provide comprehensive yet easy-to-understand compliance updates. Choose an OSHA Compliance Training Company that will share updates with you throughout the year and provide an interactive relationship. You will gain comfort, confidence, and peace-of-mind.
Remember these (3) factors are the key to your OSHA compliance success. The OSHA Tooth Fairy is out there. Call her at 941-587-2864.
Written by Jill Obrochta RDH BS & Heather Whitt EFDA of Dental Enhancements.
