1.16k likes | 1.18k Views
Stay compliant with OSHA regulations by ensuring safety procedures, training, and proper documentation in your dental office to protect your employees and patients. Discover what OSHA inspections entail and how to pass with flying colors.
E N D
153rd IOWA DENTAL ASSOCIATION ANNUAL SESSION BrownWinick Law Firm 666 Grand Avenue, Suite 2000 Des Moines, IA 50309-2510 Website: www.brownwinick.com BLOG: www.brownwinick.com/BLOGHealthLaw
OSHA, HIPAA, AND LICENSURE REGULATIONS Brenton D. Soderstrum: soderstrum@brownwinick.com Catherine C. Cownie: cownie@brownwinick.com Adam J. Freed: freed@brownwinick.com Rebecca A. Brommel: brommel@brownwinick.com Website: www.brownwinick.com BLOG: www.brownwinick.com/BLOGHealthLaw
ARE YOU READY FOR YOUR OSHA CHECKUP? Brenton D. Soderstrum BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA 50309-2510 Telephone: 515-242-2474 Facsimile: 515-323-8574 E-mail: soderstrum@brownwinick.com
ANTICIPATE AN INSPECTION • Make sure all workers know about safe procedures • Safety Programs needed • How will you handle an inspection?
BLOODBORNE PATHOGEN STANDARD • Protect employees who are at risk for exposure to blood and bodily fluids • Hepatitis B vaccination • Training and information on bloodborne pathogens • Personal protective attire • No cost to employees • Written safety plan, including exposure control plan
HAZARD COMMUNICATION STANDARD • “Employee’s Right to Know” law • Ensure chemical safety in workplace • Information available about identities and hazards of chemicals • Training, personal protective attire, information for labeling containers of chemicals and maintaining Material Safety Data Sheets (MSDS)
GENERAL DUTY CLAUSE • “Furnish to each of his employees employment and a place of employment free from recognized hazards that are causing or likely to cause death or serious physical harm to his employees.” • Requires “each employee to comply with occupational safety and health standards and all rules, legal actions and orders issued pursuant to this Act, which are applicable to his own actions and conduct.”
OSHA INSPECTION CHECKLIST • OSHA training should be conducted annually and documented. • Documentation of training should be kept for 3 years. • Hepatitis B vaccination should be offered to clinical employees within 10 days of employment.
OSHA INSPECTION CHECKLIST (CONT.) • Documentation of immunity to hepatitis B vaccination must be kept on file. • If employee declines hepatitis B vaccine, employee signature kept on file. • Keep OSHA manual updated • Do you have one?
OSHA INSPECTION CHECKLIST (CONT.) • OSHA Poster? • Bloodborne Pathogen Standard? • Keep employee recordkeeping and health forms on file.
OSHA INSPECTION CHECKLIST (CONT.) 10. Keep recordkeeping and health forms for the duration of employment PLUS 30 years. • Make sure eyewash station works properly, has cold water only and that a sign designates its location. • Keep fire extinguishers mounted on the walls and fully charged.
OSHA INSPECTION CHECKLIST (CONT.) • Keep emergency exits marked and unobstructed. • Inspect office for unsafe work conditions such as electrical and trip and fall hazards. • Review evacuation plans and protocols.
OSHA INSPECTION CHECKLIST (CONT.) • A first aid kit should be available for minor cuts and injuries. • Hand hygiene policies in place. • Exposure Incident Protocol is current and reviewed annually.
OSHA INSPECTION CHECKLIST (CONT.) • Provide Personal Protective Equipment (PPE) • Clinical jacket • Protective eyewear • Mask • Gloves (both exam and utility)
OSHA INSPECTION CHECKLIST (CONT.) • No charge for personal protective attire. • Reusable clinical jackets should be laundered and maintained by employer at no charge. • Engineering controls, such as needle recapping devices or safety syringes, should be used.
OSHA INSPECTION CHECKLIST (CONT.) • Annual review and evaluation of safer sharps devices. • Work Practice Controls should be employed to reduce risks when handling sharps.
OSHA INSPECTION CHECKLIST (CONT.) • Hazard Communication Standard must be followed: • Inventory of hazardous substances • Organize Material Safety Data Sheets (MSDS) for each hazardous substance • Place labels on containers not identified (secondary containers)
OSHA INSPECTION CHECKLIST (CONT.) • Hazard Communication Standard must be followed (cont.): • Inspect chemical containers for leaks. • Train employees on proper use of and handling of hazardous substances. • PPE for handling chemicals. • Training on chemical spills, disposal and cleanup.
OSHA INSPECTION CHECKLIST (CONT.) • Sharps containers should be located as close as possible to where sharps are used. There must be a spill-proof container, colored red or orange-red, and it must be puncture-resistant and have a biohazard label.
OSHA INSPECTION CHECKLIST (CONT.) • Explain what labels, signs and symbols mean (chemical, biohazard, radiation, etc.) • Ergonomic Plan to reduce incidents of musculo-skeletal injuries
BREAKDOWN OF OSHA INSPECTION • Opening Conference • Inspection • Priority system • Questions • What inspector is looking for • Closing Conference
WHAT HAPPENS AFTER THE OSHA INSPECTION • Citations • Informal conference • Notice of contest • Complaint/Answer • Discovery • Hearing
HIPAA FOR THEDENTAL PRACTICE Catherine C. Cownie Adam J. Freed E-mail: cownie@brownwinick.com E-mail: freed@brownwnick.com Telephone: 515-242-2490 Telephone: 515-242-2402 BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA 50309-2510 Website: www.brownwinick.com
Questions to Ask About Your Practice • When was the last time you completed a HIPAA risk assessment? • Do you have a written HIPAA compliance plan? • If you have a compliance plan, when was the last time you reviewed it? • When was the last time you provided training to your employees regarding HIPAA? • Other than your employees, who has access to your patients’ dental records? • Who is your Privacy Officer? • Who is your Security Officer?
Applicable Laws • Rules of the Iowa Dental Board • HIPAA • Other Laws Applicable to Specific Categories of Information • Substance Abuse • Mental Health • HIV/AIDS • Employment
Iowa Dental Board Rules 27.11(2)Retention of records. A dentist shall maintain a patient’s dental record for a minimum of six years after the date of last examination, prescription, or treatment. Records for minors shall be maintained for a minimum of either (a) one year after the patient reaches the age of majority (18), or (b) six years, whichever is longer. Proper safeguards shall be maintained to ensure safety of records from destructive elements.
Iowa Dental Board Rules • 27.11(3)Electronic record keeping. The requirements of this rule apply to electronic records as well as to records kept by any other means. When electronic records are kept, a dentist shall keep either a duplicate hard copy record or use an unalterable electronic record.
Iowa Dental Board Rules 27.11(5) Confidentiality and transfer of records. Dentists shall preserve the confidentiality of patient records in a manner consistent with the protection of the welfare of the patient. Upon request of the patient or patient’s legal guardian, the dentist shall furnish the dental records or copies or summaries of the records, including dental radiographs or copies of the radiographs that are of diagnostic quality, as will be beneficial for the future treatment of that patient. The dentist may charge a nominal fee for duplication of records, but may not refuse to transfer records for nonpayment of any fees.
HIPAA and HITECH Health Insurance Portability and Accountability Act Health Information Technology for Economic and Clinical Health Act
HIPAA Applies to “Protected Health Information” “Protected Health Information” includes any information that identifies a patient, regardless of whether the information seems private or sensitive.
“PHI” Includes Dental Records Maintained Pursuant to Iowa Dental Board Rules The rules of the Iowa Dental Board require the following in dental records: • Name, date of birth, address and, if a minor, name of parent or guardian. • Name and telephone number of emergency contact. • The patient’s dental and medical history. • When a patient presents with a chief complaint, dental records shall include the patient’s stated oral health care reasons for visiting the dentist.
“PHI” Includes Dental Records Maintained Pursuant to Iowa Dental Board Rules The rules of the Iowa Dental Board require the following in dental records (cont.): • Chronological dates and descriptions of the following: • Clinical examination findings, tests conducted, and a summary of all pertinent diagnoses; • Plan of intended treatment and treatment sequence; • Services rendered and any treatment complications; • All radiographs, study models, and periodontal charting, if applicable; • Name, quantity, and strength of all drugs dispensed, administered, or prescribed; and • Name of dentist, dental hygienist, or any other auxiliary, who performs any treatment or service or who may have contact with a patient regarding the patient’s dental health. • Documentation of informed consent.
Likely Business Associates of Your Dental Practice • Electronic dental record provider • Information technology support provider • Claims processor • Third-party billing company • Law firm • Accounting firm • Document shredding company
Business Associates Now Include Subcontractors of Your Business Associates A “business associate” includes “a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of the business associate.”
Who Must Comply with HIPAA? (cont.) Lawyer’s IT Provider “Covered Entity” “Subcontractor Business Associates” “Workforce Members” “Business Associates”
What Documentation Should a Dental Practice Request from its Business Associates? A business associate must provide “satisfactory assurances” that it will appropriately safeguard the information. The Business Associate provides the satisfactory assurances in a “Business Associate Agreement.”
So I’m Subject to HIPAA—Now What Do I Do? HIPAA requires covered entities and business associates to implement administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information.
STEP 1: Conduct a Risk Assessment • HIPAA requires covered entities and business associates to conduct “an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.” • The risk assessment must be prepared in writing.
STEP 1: Conduct a Risk Assessment (cont.) • Possible Vulnerabilities (not an exhaustive list): • No off-site back-up of electronic PHI. • Lack of a Business Associate Agreement with one or more business associates • Protected health information stored in unencrypted format • Insufficient user access controls to computer systems containing PHI • Passwords taped to the side of monitors • Storage of PHI on portable devices that could be lost or stolen • Routine discussion of care with patients in area where other patients are present (such as the waiting room) • Former employees have keys to the office or building. • Outdated anti-virus software.
STEP 2: Correct Any Deficiencies Identified • If your risk assessment identifies any risks, determine what steps are necessary to eliminate or minimize the risk. • Document the steps you take to eliminate or minimize the risk.
STEP 3: Develop Written Policies and Procedures • Establish protocols for your administrative, physical, and technical safeguards, such as the following: • How often and where electronic PHI is backed up • Password content requirements and how often they must be changed • Which workforce members have keys to the office • When and how training is provided to new and current workforce members • Termination of access to PHI by former employees • Restrictions on use of portable devices for electronic PHI • Use of antivirus software
STEP 3: Develop Written Policies and Procedures (cont.) • Specify processes for complying with your patients’ rights under HIPAA, including their rights to: • Access their PHI • Amend their PHI • Obtain a list of disclosures of their PHI • Establish a procedure to follow if you are unable to access your electronic PHI • Establish a procedure to follow in the event of a breach of electronic PHI • Establish a sanction policy for employees who fail to comply with the policies and procedures
STEP 4: Train Your Workforce on the Policies and Procedures • Provide initial training to all employees upon adoption of the policy • Include HIPAA training in the orientation for new employees • Periodically hold “refresher” courses for current employees • Periodically send out reminders to employees
STEP 5: Monitor Compliance with Policies and Procedures and Revise as Necessary HIPAA Compliance is an Ongoing Process
HIPAA Example • [Insert Video]