image of dental office

Eagle Associates Online Training Gains ADA Recognized Status

/in /by

Eagle Associates, Inc. is pleased to announce that we are now an ADA CERP Recognized Provider. This means that we may award Continuing Education credits (CEs) for participation in our online training program, eCompliance Training. eCompliance Training is an electronically mediated, self-study training program.

Participants must be enrolled in Eagle Associates’ eCompliance Training program and must print transcripts of completion each year before December 31st.  (Note that Eagle Associates must document participation in order to award credits. We are not permitted to award credits for paper completion of the training tests – they must be completed online.)

Available training modules

We offer seven OSHA training modules that apply universally to all healthcare facilities, such as Bloodborne Pathogens, Hazard Communication and Emergency Preparedness. In addition, access to 10 special safety training modules are available for employees/workplaces to which the topics apply. For example, if employees will be exposed to ionizing radiation, nitrous oxide or laser systems, they must receive training.

We offer three HIPAA training modules that include the HIPAA Privacy Rule, Security Rule and Privacy Breach and Identity Verification that must be completed by each workforce member of a covered entity.

One training module is provided to meet OIG Fraud, Waste and Abuse Prevention training requirements for practices that participate in Federal health care programs such as Medicare, Medicaid and the Children’s Health Insurance Program (CHIP).

New hire (orientation) training modules are available for OSHA, HIPAA and OIG training to jumpstart training of new employees.

For more information about how to enroll in eCompliance Training, contact our office via email at info@eagleassociates.net, or by phone at (800) 777-2337.

Eagle Associates, Inc. is an ADA CERP Recognized Provider.

ADA CERP is a service of the American Dental Association to assist dental professionals in identifying quality providers of continuing dental education. ADA CERP does not approve or endorse individual courses or instructors, nor does it imply acceptance of credit hours by boards of dentistry.

Concerns or complaints about a CE provider may be directed to the provider or to Commission for Continuing Education Provider Recognition at ADA.org/CERP.

face masks are protective

OSHA Publishes COVID 19 Emergency Temporary Standard

/in /by

OSHA published its Occupational Exposure to COVID-19: Emergency Temporary Standard (ETS) on Monday, June 21, 2021. Affected employers must comply with all requirements of the standard, except for requirements concerning physical barriers, ventilation and training, by July 6, 2021. The same employers are allowed two additional weeks to comply with physical barrier, ventilation and training requirements (by July 21, 2021).

How to Determine Whether Your Practice is Covered by the ETS

If your workplace meets all of the following conditions, the ETS does not apply to your workplace:

  • It is a non-hospital ambulatory care setting;
  • ALL non-employees are screened prior to entry; and
  • People with suspected or confirmed COVID-19 are not permitted to enter.

There are additional exemptions for well-defined hospital ambulatory care settings and home healthcare settings that meet certain conditions. To view a flow chart that illustrates the various exemptions, please go to: https://www.osha.gov/sites/default/files/publications/OSHA4125.pdf

FOR CUSTOM SAFETY PROGRAM SUBSCRIBERS:

Many of the requirements of the ETS have been partially addressed by the Infectious Disease Preparedness policies provided in the (March) 2021 Safety Policies Update that were based on prior OSHA and CDC guidance. Eagle Associates will work to quickly address the additional requirements of the ETS and provide a revised copy of the Infectious Disease Preparedness policies by Friday, June 25, 2021 in the Member Services area of our website. In the meantime, ensure that your practice has implemented the Infectious Disease Preparedness policies that have already been issued, including development of a Respiratory Protection Program.

New Requirements

Some of the notable additions to OSHA’s guidance include:

  • Medical removal policies and medical removal protection benefits for employees.
  • A requirement to provide paid time off for employees to receive COVID-19 vaccination and to recover from side effects following vaccination.
  • A requirement to install physical barriers where each employee is not separated from all other people by at least 6 feet of distance (except in patient care areas or resident rooms)*
  • When respirators are not required, but are voluntarily provided by the employer or employees, the employer must develop a Mini Respiratory Protection Program. (A full Respiratory Protection Program is still required if respirators are required to be worn, as is the case when employees will be present during aerosol-generating procedures or exposed to patients with suspected or confirmed COVID-19 infection).
  • Employers with more than 10 employees will be required to maintain a COVID-19 log to record each instance in which an employee is COVID-19 positive, without regard to occupational exposure.
  • Employers who own or control their facility’s HVAC systems must ensure that the systems are used according to manufacturer’s instructions and design specifications, and that air filters are rated Minimum Efficiency Reporting Value (MERV) 13 or higher if the system allows it.

* The ETS exempts fully vaccinated workers from masking, distancing, and barrier requirements when in well-defined areas where there is no reasonable expectation that any person with suspected or confirmed COVID-19 will be present.

Please visit the following OSHA web page for a full copy of the ETS, FAQs, specific instructions for the COVID-19 log and more:  https://www.osha.gov/coronavirus/ets

cisa alert

Vulnerability Alert:
PATCH IMMEDIATELY IF FOUND

/in /by

The Cybersecurity and Infrastructure Security Agency (CISA) published a notice regarding cyber threat actors that are attempting to exploit CVE-2021-21985, a remote code execution vulnerability in VMware vCenter Server and VMware Cloud Foundation. 

Although patches were made available on May 25, 2021, unpatched systems remain an attractive target and attackers can exploit this vulnerability to take control of an unpatched system. VMware vCenter Server and VMware Cloud Foundation are part of the underlying infrastructure for most agencies with on-premises network management. 

CISA is encouraging private sector organizations, including medical and dental providers, to review VMware’s VMSA-21-0010blogpost, and FAQ  for more information about the vulnerability and apply the necessary updates as soon as possible, even if it would mean pushing updates outside of your normal patch schedule.  If your organization cannot immediately apply the update, then apply the workarounds in the interim.

We encourage you to forward the information in this alert to your IT vendor for immediate action.

Scam Notice

Misleading Postcards Being Sent as Official Communication

/in /by

OCR has been made aware of postcards being sent to health care organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment” and they are directed to send their risk assessment to www.hsaudit.org.  This link directs individuals to a non-governmental website marketing consulting services.

Please be advised that this postcard notification did not come from OCR or the U.S. Department of Health and Human Services.  This communication is from a private entity – it is NOT an HHS/OCR communication.  HIPAA covered entities and business associates should alert their workforce members to this misleading communication.  Covered entities and business associates can verify that a communication is from OCR by looking for the OCR address or email address, which will end in @hhs.gov, on any communication that purports to be from OCR, and asking for a confirming email from the OCR investigator’s hhs.gov email address.  The addresses for OCR’s HQ and Regional Offices are available on the OCR website at https://www.hhs.gov/ocr/about-us/contact-us/index.html, and all OCR email addresses will end in @hhs.gov.  If organizations have additional questions or concerns, please send an email to: OCRMail@hhs.gov.

Suspected incidents of individuals posing as federal law enforcement should be reported to the Federal Bureau of Investigation. 

OCR Right of Access Enforcement

/in /by

The Office for Civil Rights (OCR) has been aggressively pursuing enforcement actions, with civil monetary penalties, regarding patients’ right of access to their records.  As part of OCR’s Phase 2 audits, the agency has fulfilled its promise to vigorously enforce the rights of patients to receive copies of their medical records promptly and without being overcharged. 

A 2019 study published by medRxiv (https://www.medrxiv.org/content/10.1101/19004291v1) found that more than 50% of the providers evaluated were not fully compliant with access requirements or it took multiple requests to obtain records as required. Additionally, 24% did not appear to be aware of fee limitations for providing medical record copies.

Pending Regulatory Actions

While studies and increased enforcement have uncovered issues with patients being able to obtain copies of records, HHS has published proposed changes to the Privacy Rule that will enhance requirements for timeliness of access, allowable fees for copies of medical records, strengthened right of inspection, and advance notice for access and fees.  HHS’ proposed modifications to the Privacy Rule will provide patients with more and stronger rights for obtaining information in their medical records.

Practices need to familiarize themselves with current rights that are granted to patients and their representatives.  Additionally, there is a need to monitor changes that will be implemented in the next 12 to 18 months. Eagle Associates will be publishing updates in the Advisor® as well as providing new policies and procedures to ensure compliance. Now is the time to review existing procedures to ensure compliance with right of access requirements.

Note:  If you subscribe to Eagle Associates’ HIPAA Compliance System, there are policies for Right of Access (Section 3.15) and Copies of Protected Health Information (Section 3.15d).

For detailed information about the right of access, refer to the article “OCR Enforcement of Patient Right of Access” on page 9 of the February 2020 issue of the Advisor®.

Microsoft Exchange CISA Alert-March 2021

Microsoft Exchange Server Alert

/in /by

The Cybersecurity and Infrastructure Security (CISA) agency has published an alert regarding vulnerabilities being exploited on Microsoft Exchange Servers.  We recommend forwarding the following alert to your IT department/vendor to ensure that your systems are being protected.

https://us-cert.cisa.gov/ncas/alerts/aa21-062a

We also recommend that you advise your IT partner to subscribe to the security alerts from CISA.  Alerts are frequent and timely in nature, and it would be best for them to obtain them direct.