OSHA Injury & Illness Recordkeeping Requirements

/in /by

OSHA has (again) partially exempted certain industries from regular injury and illness recordkeeping on OSHA forms 300 and 300A.  While certain healthcare practices are included in the list of such industries, the Bloodborne Pathogens Standard, state laws and pending interpretations may still require recordkeeping of all work-related injuries and illnesses.  Therefore, we recommend continuing to maintain these records, as usual, to ensure compliance.

Small employers (i.e., fewer than 10 employees at all times during the previous year), regardless of industry classification, continue to be exempt from routinely recording work-related injuries and illnesses on OSHA forms 300 and 300A.  However, certain severe injuries and illnesses, as well as needlestick and other sharps injuries that involve occupational exposure to blood or other potentially infectious materials, must still be recorded.

OSHA has also issued a new list of severe injuries and illnesses that must be directly reported (to OSHA) within specified time periods of their occurrence.

Please refer to the article in the upcoming December Advisor for detailed information.

New OIG Compliance Program Available!

/in /by

As a condition of enrollment in Medicare, Medicaid and/or the Children’s Health Insurance Program (CHIP), the Affordable Care Act requires providers to establish a compliance program to prevent fraud, waste and abuse.

While Eagle Associates has had an OIG Compliance Program available for many years, we have completely revised the program to provide a more complete and user-friendly compliance system. Please review the features of the OIG Compliance Program below and feel free to contact us to discuss how this program could benefit your practice.

Program Features

Our OIG Compliance Program includes the following benefits and services:

  • American Practice Advisor subscription, including an annual OIG Fraud & Abuse Prevention training module.
  • A complete review of various fraud, waste and abuse laws.
  • A written policy manual to address fraud and abuse prevention methods, such as screening procedures, auditing and monitoring policies, reporting and investigation procedures, disciplinary actions and more.
  • An Implementation & Review Guide to help you implement policies, and conduct an annual review of program elements.
  • OIG orientation materials for initial training.
  • Our live support feature provides your practice access to our Compliance Consultants, who will answer any questions that you have about your compliance program.

In addition, we have recently partnered with a company that offers a unique and powerful tool for internal audits of patient encounters, ICD-10 code look-ups, coding guidelines and more.  SpringSoft Medical offers their cloud-based program, Swiftaudit, to improve revenue and compliance through objective auditing procedures.  All data is securely stored and accessible only to your practice for review and documentation purposes.  This program is offered as an optional companion tool with the OIG Compliance Program at a substantial discount.

If you need assistance establishing an OIG compliance program, please contact us for more information at (800) 777-2337 or email:  info@eagleassociates.net.

Meaningful Use and Security Risk Analysis

/in /by

Now that the final rule for 2015 meaningful use has been released, we have received some questions as to whether there are changes that will need to be made to our Security Risk Analysis template. The final rule was released on October 16, 2015, and changed the Medicare and Medicaid EHR Incentive Programs reporting period in 2015 to a 90-day period aligned with the calendar year.

The good news is that the final rule did not include any modifications to Security Rule requirements, and therefore does not necessitate any changes to our 2015 Security Risk Analysis template. If you have already completed a Security Risk Analysis during 2015, and used our template, you will NOT need to re-do it, or change anything.

The rule specifies that you may select any 90-day period in the calendar year as a measurement period, and that your Security Risk Analysis must be completed during the same calendar year, and before you submit your attestation. So, even if you conducted your Security Risk Analysis outside of your 90-day measurement period, that is fine, as long as it took place during 2015, and was completed prior to submitting your attestation.

HIPAA Compliance System Subscribers

Security Risk Analysis – The 2015 Security Risk Analysis template is available in the Member Services area of our website. Simply log in to locate the document on the HIPAA Compliance System materials page, and then save the template to your hard drive to enable saving your entries. Explanations, instruction and HIPAA Compliance Manual references are provided for each item to be addressed within the risk analysis.

Risk Analysis Assistance – If you would prefer that Eagle Associates complete your risk analysis with you, you may call to schedule a phone conference with one of our consultants. During the call, our consultant will collect information about the security measures that are in place in your practice, make note of these in the risk analysis document, and identify any corrective actions that are needed to comply with Security Rule requirements. The fee for this service is $350. (Note that an active subscription to the HIPAA Compliance System is required.)

CMS Fraud, Waste and Abuse Training Requirement for Medicare Advantage Participants

/in /by

Medicare Advantage organizations are required to ensure that “first tier, downstream and related entities” complete CMS general compliance and fraud, waste and abuse (FWA) training.  Practices are considered to be downstream entities of Medicare Advantage organizations, and the CMS training module must be provided as written, without modification, to all employees of a downstream entity.

The memo from CMS states:

First tier, downstream and related entities and their employees can complete the general compliance and/or FWA training modules located on the CMS Medicare Learning Network (MLN).”

To minimize the burden on downstream entities, CMS permits the standardized training modules (from its website) to be incorporated into an organization’s existing compliance training materials or training systems, as long as the CMS training content is not modified (to ensure the integrity and completeness of the training).

To provide a convenience to our subscribers, we will provide the CMS general compliance and fraud, waste and abuse training (without modification) in the November 2015 Compliance Training module (and online E-Compliance Training module).

If you are not a subscriber, or prefer to access the CMS training module directly, you may locate it at:

Then, the title you are looking for is:

  • Medicare Parts C and D Fraud, Waste, and Abuse Training and Medicare Parts C and D General Compliance Training [ZIP, 2MB]”

This is a download, and once downloaded, users will not need Internet access to use it.

Certificate of Completion/Attestation of Training 

Medicare Advantage sponsors are required to validate that the general compliance and fraud, waste and abuse training requirements are met by their downstream entities.  CMS accepts validation in the form of certificates of completion, or an attestation confirming completion of appropriate training (i.e., training documentation).

If your practice participates in our E-Compliance (online) Training program: 
Each employee will have the option to print a certificate of completion following submission of his/her test answers.

If you provide training through the American Practice Advisor Compliance Training module:
Maintain employee training tests to serve as documentation of training completion.

If a Sponsor specifically requires the CMS certificate of completion (although not required by CMS):
Navigate to the last page of the CMS training module and complete the certificate with each employee’s name before printing the document.  (Directions to the document are provided in the previous section.)

Please contact Eagle Associates at (800) 7772337, or email info@eagleassociates.net if you require further clarification.

OSHA TB Enforcement

/in /by

OSHA updated an enforcement directive for tuberculosis on June 30, 2015.  The directive verifies that OSHA enforces the 2005 Centers for Disease Control and Prevention (CDC) “Guidelines for Preventing the Transmission of Mycobacterium tuberculosis in Health-Care Settings.”

Some medical and dental practices have questioned whether TB guidance applies to them, either because of their size, or because they are a specialty practice that does not routinely see patients with active TB. The instruction clarifies that “For purposes of this instruction, ‘healthcare setting’ is defined as any setting in which healthcare is delivered and workers might share air space with persons with TB disease or come in contact with clinical TB specimens.”  Further, the instruction specifically lists medical and dental care offices among the outpatient healthcare settings that are subject to inspection.

The CDC’s TB guidelines require affected settings to have TB infection control plans, conduct annual risk assessments, perform baseline tuberculin skin testing for new hires, train staff on recognizing signs and symptoms of TB, among other elements.

You may find more information on OSHA’s enforcement directive in the September 2015 issue of the American Practice Advisor.  Please contact Eagle Associates if you need information regarding a Tuberculosis Exposure Control Plan.

Telephone Consumer Protection Act and Automated Calls to Cell Phones

/in /by

A recent change to the Telephone Consumer Protection Act (TCPA) has practices wondering whether they can make automated appointment reminder phone calls, or automated collection calls.  Both have become common practice in recent years.

The TCPA, at 7 U.S.C. §227, states:

(b) Restrictions on use of automated telephone equipment

(1) It shall be unlawful for any person within the United States, or any person outside the United States if the recipient is within the United States–

(A) to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice–

(i) to any emergency telephone line;

(ii) to the telephone line of any guest room or patient room of a hospital, health care facility, elderly home, or similar establishment; or

(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call.

In essence, this means that you may not make automated calls to a cell phone without “prior express consent” from the customer (patient).  There is some debate as to what constitutes “prior express consent.”

For more information on establishing prior consent, and complying with TCPA requirements, refer to the article in the October 2015 issue of the American Practice Advisor.