healthcare-compliance-associates-website-final

HIPAA Compliance for Healthcare Practices: 3 Hidden Gaps

Tue, 21 Apr 2026 19:34:23 GMT

Identifying Common Blind Spots in Your HIPAA Program

Transcript

Most Oregon dental practices believe they are HIPAA compliant—but there are a few key gaps we consistently see. Here are three worth reviewing:

1. Patient Record Requests

Patients have the right to access their records quickly and without unnecessary barriers. If your process is slow or complicated, it’s worth a second look. Delays can lead to frustrated patients, strained referral relationships, and potential complaints.

2. Staff Access to Patient Information

Not every team member needs full access to patient data. The more streamlined and limited your access structure is, the lower your overall risk and exposure.

3. Treating HIPAA as a Once-a-Year Checkbox

A compliance program that isn’t actively maintained throughout the year isn’t truly a program—it’s just a binder on a shelf.

None of these issues are difficult to fix, but they’re easy to overlook when you’re focused on running a busy practice. Taking a few minutes to review them now can help prevent bigger problems later.

For more on HIPAA, watch for our next video covering the number one violation dental practices are cited for.

OSHA Compliance Checklist for Dental & Medical Clinics (2026)

Tue, 14 Apr 2026 21:47:21 GMT

A practical safety guide for small dental and medical offices to meet 2026 OSHA standards and avoid costly compliance mistakes.

Small dental and healthcare clinics have enough on their plate without worrying about OSHA citations. Beyond avoiding fines, workplace safety is essential for protecting your team and fostering a culture of care, responsibility, and professionalism.

Whether you’re new to managing compliance or just need a refresher, here are five key OSHA must-haves for 2025:

1. Bloodborne Pathogens & Sharps Safety

Train annually (yes, every year!) on how to handle exposure risks
Keep a current Exposure Control Plan
Offer the hepatitis B vaccine series and document refusals
Ensure every employee with face-to-face patient contact has a documented TB test, as required for healthcare settings

2. Hazard Communication

Make sure your team knows where SDS sheets are stored and how to read them
Label secondary containers clearly
Train new staff on chemical hazards—before their first exposure

3. PPE Use and Fit

Gloves, eye protection, masks, gowns: who wears what, and when?
Train staff on how to properly don and doff PPE
Conduct hazard assessments to justify PPE use

4. Emergency Action Plans

Fire evacuation, exit routes, and emergency contacts should be posted and known
Conduct brief Emergency Action Plan refreshers annually (many offices forget this!)

5. OSHA Documentation & Inspection Prep

Keep training logs, incident reports, and written plans accessible
Know what to do if an inspector shows up—who talks to them, what documents to provide

Bonus: Don’t Let OSHA Be a Surprise

Most OSHA citations in small clinics are for things like:

Failure to document regular safety meetings
Missing training records
No exposure control plan
Blocked exits
Failing to flush eye wash stations

Why OSHA Compliance Matters More Than Ever in 2025

OSHA doesn’t have to be overwhelming. With a little preparation and the right tools, you can create a safe, compliant workplace and avoid costly mistakes.

Want help with your OSHA binder, policies, or staff training? Reach out—we make compliance doable for busy healthcare teams.

This post was drafted with assistance from AI and reviewed by a compliance professional to ensure accuracy and relevance for healthcare practices.

HIPAA Patch Management for Dentists: What “Patching” Means

Thu, 05 Mar 2026 21:59:36 GMT

Your IT Handles Updates –But Can You Prove It? A practical checklist for small practices to reduce ransomware risk and strengthen HIPAA compliance.

Most ransomware attacks don’t start with “fancy hacking.” They start with something boring: an update that didn’t get installed.

If your dental or healthcare practice can’t show who patches your systems, how often, and how you verify it, you’re exposed twice—to attackers and to OCR scrutiny after an incident.

What Is Patching in a Dental Office?

Patching means routinely updating operating systems, software, and firmware to fix known security weaknesses. Small practices should assign responsibility (IT/MSP), patch on a schedule, track assets, secure medical devices, and keep documentation—because OCR will ask for proof after a ransomware event.

Patching = installing updates that fix known security weaknesses in:

Windows or Mac operating systems
Your EHR/practice management software
Email systems
Firewalls and routers
Antivirus/EDR software
Server software

Firmware (network devices, sometimes medical devices) Hackers often exploit systems that are missing updates — especially ones that have been publicly known for months.

How a Small Dental/Healthcare Practice Should Handle It (Practically)

Step 1: Know Who Is Responsible You need one of these: • An IT company (most common)

An in-house IT person
A managed service provider (MSP) If you don’t have a formal IT support agreement, that is your first compliance gap.

Step 2: Have a Patch Management Process (Even if Simple)

You don’t need a 30-page policy. But you should be able to answer:

Who installs updates?
How often?
How do we know it was completed?
How are critical patches handled?

For most small dental practices, this looks like:

✔ Workstations set to auto-update

✔Servers patched monthly

✔ Firewalls checked quarterly

✔ Critical patches applied within days

✔ IT vendor provides patch reports

Step 3: Maintain an IT Asset Inventory You can’t patch what you don’t know you have. At minimum, you should have a list of:

All computers
Server(s)
Firewall
Backup appliance
Network devices
Tablets • Laptops
Cloud systems (EHR, imaging, etc.)

Most IT vendors can generate this. Office of Civil Rights (OCR) has been very clear that asset inventories are expected.

Step 4: Patch Medical and Dental Equipment (When Applicable) This is where it gets tricky. For things like:

Digital imaging systems
CBCT units
Intraoral scanners
Practice management servers
Connected sterilization equipment

You must:

Follow manufacturer guidance
Verify support status
Coordinate updates carefully (some devices require vendor involvement)

If a device cannot be patched (legacy Windows XP systems are still out there), you must implement compensating controls like:

Network segmentation
Isolated VLAN
No internet access
Strict firewall rules

Step 5: Require Documentation from Your IT Vendor. This is critical. If OCR investigates after a ransomware event, they will ask:

When was the last risk analysis?
Were systems patched?
Show us documentation.

You need:

Monthly or quarterly patch reports
Documentation in your risk management plan
Vendor contract showing patch responsibility

If your IT company cannot produce patch reports, that’s a red flag.

What a Healthcare Pro Should NOT Be Doing

Ignore update warnings for months
Turn off updates because they are “annoying”
Run unsupported operating systems
Assume your IT person “probably handles it”
Leave firewall firmware untouched for years OCR enforcement cases often include long-unpatched systems.

What Is “Reasonable and Appropriate” for a Small Clinic?

For a typical 5–25 operatory dental or healthcare office:

Reasonable expectations in 2026 include:

✔ Automatic OS updates enabled

✔ Managed antivirus/Endpoint Detection and Response (EDR)

✔ Firewall firmware updates at least annually

✔ Critical patches applied within 30 days (sooner if high risk)

✔ Multi-factor authentication for remote access and email

✔ Documented risk analysis referencing patch management

You do not need a full-time cybersecurity team. You do need structured oversight.

The Most Common Compliance Mistake The dentist assumes: “My IT company handles that.” But cannot produce:

A patch policy
Reports
Oversight documentation
Evidence of follow-up HIPAA does not allow outsourcing responsibility — only outsourcing tasks.

Quick Self-Check for You

Can you answer these right now?

1. Who patches your firewall firmware?

2. When was it last updated?

3. Are all computers on supported operating systems?

4. Do you receive patch status reports?

5. Do you use multi-factor authentication?

If you hesitate on 2 or 4, that’s where I’d start. Attackers look for gaps. OCR looks for proof. Even if you outsource IT, HIPAA requires documented oversight.

Our FREE New Dental Practice Owner Compliance Checklist helps you confirm your compliance foundation is structured, assigned, and defensible—before you’re asked to produce documentation.

➡️ Get the FREE checklist

What Is a HIPAA Business Associate? Training Requirements for 2026

Wed, 18 Feb 2026 17:22:03 GMT

Why HIPAA Still Applies to You — Even If You Don’t “Work in Healthcare”

Many tech companies, billing vendors, consultants, and contractors don’t realize they’re considered HIPAA Business Associates — until it’s too late.

If you create, receive, store, or access protected health data (PHI) on behalf of a healthcare provider — even if just through email, software, or servers — you’re a Business Associate under HIPAA.

That means you’re legally required to:

Sign a Business Associate Agreement (BAA)
Protect the data you touch (even if it’s indirect)
Train your staff on HIPAA privacy and security

If that’s news to you — don’t panic. This article explains what you need to know and what to do next.

Business Associates Carry Organization-Wide HIPAA Obligations

Under HIPAA, a Business Associate is any organization or individual that creates, receives, maintains, or transmits protected health information (PHI) on behalf of a Covered Entity.

A Covered Entity is typically a healthcare provider, health plan, or healthcare clearinghouse — such as a doctor’s office, dental clinic, hospital, or insurance company.

Once your organization meets that definition of a Business Associate:

HIPAA obligations apply to the entire organization
Compliance is governed by both HIPAA regulations and your Business Associate Agreements (BAAs)
Safeguarding PHI depends on the actions of every workforce member — not just compliance officers or IT staff

Business Associate Agreements typically require the organization to:

Protect the confidentiality, integrity, and availability of PHI
Limit uses and disclosures of PHI
Report security incidents and breaches promptly
Support Covered Entities in meeting their patient obligations

These responsibilities cannot be fulfilled by a single role or department—they rely on consistent, trained behavior across the workforce.

Why This Matters Now (2025–2026 Update)

In 2025, nearly one-third of Office of Civil Rights (OCR) HIPAA fines were issued to Business Associates , often due to training failures, risk management gaps, or human error.

In fact, 70% of healthcare data breaches in 2025 involved a Business Associate, and most were preventable.

Regulators now expect proof of action, not just documentation . That includes verifiable, role-appropriate training across the entire workforce.

HIPAA Explicitly Requires Workforce Security Training

The HIPAA Security Rule is clear.

Under 45 C.F.R. § 164.308(a)(5)(i) , Covered Entities and Business Associates must implement a security awareness and training program for all members of the workforce, including management.

Required training elements include:

Security reminders
Protection against malicious software
Login monitoring and reporting discrepancies
Password creation and management procedures

If someone can see, send, save, or mess with patient data — they need HIPAA training. No exceptions.

PHI Moves Through a Shared Chain of Custody

PHI rarely stays in one place.

It flows through a custodial chain that may include:

Covered Entities
Business Associates
Downstream subcontractor Business Associates

Within that chain, PHI may be encountered by:

IT administrators configuring systems
Developers working with test or production data
Customer support teams viewing records on screens
Administrative staff handling emails, faxes, or printed materials
Facilities or operations staff with physical access to secure areas

Training only staff who “obviously” work with PHI ignores the reality of how PHI actually moves—and where risk enters the system.

One untrained individual can compromise the entire chain.

Human Error Is the #1 Cause of HIPAA Incidents

Most HIPAA breaches are not caused by sophisticated hackers.

They’re caused by human behavior, such as:

Clicking phishing emails
Sharing login credentials
Using unapproved apps or cloud storage
Discussing patient information in public or on social media
Ignoring security warnings or shortcuts “to save time”

These actions are rarely malicious. They happen because people don’t understand the risk.

Universal HIPAA training connects everyday decisions to real-world consequences—for patients, clients, and the organization.

Incident Detection Depends on Front-Line Awareness

HIPAA requires Business Associates to identify, respond to, and report security incidents and breaches.

In many cases, the first person to notice something wrong is:

A customer service representative
A receptionist or administrative employee
A developer or analyst
A remote worker noticing unusual system behavior

If that person hasn’t been trained to recognize incidents—or doesn’t know how or when to report them—valuable response time is lost.

Training all staff ensures:

Incidents are recognized early
Reporting is consistent and timely
Employees understand that reporting is expected—not punished

Training Protects Your Organization—Legally and Financially

After a breach, regulators don’t just ask what happened. They ask:

Was the workforce trained?
Was training documented?
Was it appropriate to job roles?

Gaps in training often lead to:

Corrective Action Plans
Civil monetary penalties
Contract termination by Covered Entities
Reputational damage
Increased liability exposure

In contrast, a robust, documented training program demonstrates reasonable care, strengthens contractual relationships, and significantly reduces risk.

�� Real Case: Solara Medical Supplies — $3M Fine

In one of the largest HIPAA settlements of 2025, a Business Associate was fined $3,000,000 for risk analysis failures, staff training lapses, and delayed breach reporting.

The OCR stated the vendor “failed to demonstrate compliance across its workforce.”

Training isn't optional. It's a frontline defense.

Need Help Strengthening Your HIPAA Compliance Program?

Healthcare Compliance Associates helps Business Associates stay compliant without the overwhelm through:

CE-Accredited HIPAA Training (On-Site or Online) – Engaging, role-based training that meets CE requirements and builds real-world compliance confidence.
Compliance Audit – On-site evaluations using HCA’s proven checklist, with clear, actionable recommendations to reduce risk.
HCA Total Compliance Portal – On-demand training, digital manuals, and compliance documentation.
Monthly Updates – Practical insights on OSHA, HIPAA, Infection Control, and ready-to-use safety meeting topics.
Ongoing Support – One year of basic phone and email support for compliance questions and incident guidance.

Quick Self-Check for Business Associates

Do ALL staff (not just IT or billing) receive HIPAA training annually?
Is phishing or incident reporting covered in that training?
Can you document who was trained, when, and on what?
Have you updated training materials based on 2025 guidance?
Can your staff recognize a security incident and know how to report it?

HIPAA compliance isn’t just about policies—it’s about how your practice actually operates day to day.

The way staff work in your space, handle tasks, and follow procedures affects both HIPAA and OSHA compliance. Issues in these areas are often uncovered during OSHA inspections, HIPAA breaches, or other compliance incidents.

Our FREE OSHA Compliance Risk Review helps you see how your compliance efforts are actually functioning on the ground by identifying:

Where real-world workflows may be creating hidden compliance risk
OSHA gaps that can impact staff safety and regulatory exposure
Systems, training, or documentation that need practical reinforcement

Even when HIPAA is the primary concern, understanding physical-space risk is a smart starting point for strengthening your overall compliance foundation.

Frequently Asked Questions

Q: I’m just an IT contractor. Am I really a Business Associate?

A: If you access or manage systems that store or transmit PHI — yes, you likely are.

Q: Is HIPAA training required for remote workers?

A: Yes. HIPAA applies to all staff, including remote employees and contractors.

Q: I’ve never signed a BAA. Am I still responsible under HIPAA?

A: Yes. A BAA doesn't create your responsibility — your access to PHI does.

Immediate-Use Steam Sterilizer (STATIM): When and How to Use It Safely in Healthcare Settings

Mon, 24 Nov 2025 23:59:07 GMT

A practical guide for dental and medical teams on safe STATIM sterilizer use, based on CDC and Oregon OSHA guidelines.

In fast-paced dental and medical clinics, it’s tempting to rely on a STATIM sterilizer—a type of immediate-use steam sterilizer—to quickly process instruments. But using this device appropriately is critical to patient safety and regulatory compliance.

This post breaks down when and how to use STATIM sterilization based on CDC flash sterilization guidelines, helping small healthcare practices stay compliant without cutting corners.

What Is an Immediate-Use Steam Sterilizer (STATIM)?

A STATIM sterilizer is a specialized piece of equipment used for immediate-use steam sterilization (IUSS), formerly known as flash sterilization. It’s designed to rapidly sterilize medical and dental instruments that are urgently needed for patient care—not for routine or convenience-based use.

When Is It Acceptable to Use a STATIM Sterilizer?

According to CDC sterilization standards, STATIM use is acceptable only when:

• The instrument is urgently needed and there’s no time to sterilize using standard packaging and storage methods.

• It’s not being used to compensate for having too few instrument sets or to save time during busy periods.

CDC Guidelines for Flash Sterilization: What You Must Do

Following these steps will help you stay compliant with CDC and OSHA infection control requirements:

1. Limit Usage to Urgent Needs

Only use STATIM sterilization for instruments needed immediately for patient care.

2. Do Not Use for Convenience

Avoid using it as a way to speed up workflow or compensate for inadequate inventory.

3. Thoroughly Clean Instruments First

All instruments must be fully cleaned and decontaminated before entering the STATIM cycle.

4. Do NOT Store Unwrapped Items

After sterilization, transfer instruments (or handpieces) directly to the point of use in a sterile container or tray. Never store unwrapped items.

5. Use Approved Containers Only

Only use flash sterilization containers or trays designed for high-temperature steam.

6. Monitor All Sterilization Cycles

• Use biological indicators at least weekly.

• Use chemical and mechanical indicators in every STATIM cycle.

7. Prevent Contamination During Transfer

Maintain a clean transfer process. Ensure that items aren’t contaminated during handling or transport.

Best Practices for STATIM Sterilizer Use in Dental and Medical Clinics

• Keep backup instrument sets available to reduce reliance on immediate-use cycles.

• Ensure staff are trained on STATIM operation and CDC sterilization protocols.

• Document and log every STATIM cycle, including indicator results.

• If your clinic is frequently using the STATIM for convenience or to keep up with patient flow, consider investing in an additional autoclave to support proper instrument processing and reduce compliance risks.

Learn More from the CDC

For detailed guidance on sterilization in healthcare settings, visit the CDC’s official page:

�� CDC Sterilization Guidelines

Strong infection control isn’t just about guidelines— it’s about how your dental practice operates day to day.

The way instruments are handled, PPE is used, and procedures are carried out in the clinical space affects both infection control and OSHA compliance. Issues in these areas are often identified during OSHA inspections, exposure incidents, or infection control reviews.

Our FREE OSHA Compliance Risk Review helps dental practices understand how their safety and infection control efforts are functioning by identifying:

Workflow or physical-space issues that may increase exposure risk
OSHA gaps related to PPE, training, or exposure controls
Areas where OSHA and CDC infection control expectations overlap

It’s a simple, no-obligation way to confirm whether your safety systems support both staff protection and patient care.

�� Schedule Your Free OSHA Compliance Risk Review

Best Practices for Cleaning and Sterilizing Dental Burs

Tue, 18 Nov 2025 17:20:42 GMT

From Dirty to Sterile—Without Guesswork or Risk

If you've ever wondered about the right way to clean and sterilize dental burs, you're not alone. The CDC gives general guidance for sterilizing dental instruments, but doesn’t get into bur-specific details. Regardless of which autoclave you use, the process for burs remains largely the same. Here's how to do it right.

The CDC's Take: General Guidelines

The Centers for Disease Control and Prevention (CDC) classifies burs as critical or semi-critical instruments, depending on how they’re used. That means they need to be heat sterilized. But before you toss them in the autoclave, they need to be properly cleaned and packaged.

Step-by-Step: Best Practices for Burs

Here’s how to apply infection control principles in your practice:

1. Identify Your Burs

Single-use or Reusable? Check manufacturer instructions. If there are no validated reprocessing instructions, consider the bur single-use and toss it after one use.

2. Pre-clean and Inspect

Remove debris immediately after use.
Use an ultrasonic cleaner or manually scrub with a detergent or enzymatic solution.
Rinse and dry completely.
Inspect for damage or wear. If damage, wear, or corrosion:

Remove the bur from use (even if minor damage)
Discard it in the sharps container
For quality control and tracking, consider documenting the discard and the reason.

Never try to repair or reuse.

3. Packaging for Autoclaving

Best Practice: Use a Bur Holder or Cassette
Place burs in a bur block, bur guard, or instrument cassette designed for sterilization.
Choose holders that are autoclave-safe (heat-resistant and able to withstand moisture).
Then wrap or pouch the holder itself—not the loose burs.

Bonus Tip:

Some bur blocks come with color-coded or numbered slots so you can standardize bur sets per procedure.

If you're using a pouch: make sure the bur holder fits comfortably and the pouch is sealed with chemical indicators inside.

Use sterilization pouches or wraps approved for steam sterilization.
For small batches, individual pouches work fine. Larger loads can go in wrapped cassettes.
Seal all packaging properly and include internal and external chemical indicators.

4. Load Placement in the Autoclave

Place pouches paper side up (or follow your pouch manufacturer’s instructions).
Don’t overcrowd the trays. Allow space between items.
Do not let pouches or cassettes touch the chamber walls.
Cassettes should be placed horizontally unless your autoclave manual says otherwise.

5. Choose the Right Cycle

Pick the cycle that matches your packaging: "Pouches," "Wrapped Cassettes," or similar.
Make sure to allow full drying time to prevent moisture-related contamination.

6. Post-Sterilization Handling

Let packs cool and dry fully before handling.
Store in a clean, dry area away from sinks or contamination zones.
Reprocess any items in compromised packaging.

A Note on Sterility and Performance

Burs are small and intricate, making them tricky to clean. Over time, reusing them can reduce cutting efficiency and increase the risk of breakage. Keep track of how often burs are reused and inspect regularly.

Documentation Matters

Make sure your infection control manual includes:

Bur inventory (type and classification)
Manufacturer instructions for cleaning and sterilization
Step-by-step packaging and sterilization protocol
Inspection and discard criteria

Final Thoughts

Using your autoclave the right way means following a solid protocol: proper cleaning, smart packaging, and correct cycle selection. When in doubt, refer to the bur manufacturer's IFU and document everything.

Ready to Step Up Your Compliance Game?

Book a Compliance Risk Review with us today. We'll evaluate your sterilization protocols, OSHA readiness, HIPAA safeguards, and infection control practices to make sure your office is fully protected and audit-ready. Don’t wait for an inspector to find the gaps—let’s fix them now. Call Lindsay at 541-345-3875 ext. 3 .

Why Bleach Should Never Be Used in Dental Unit Waterlines

Mon, 03 Nov 2025 18:52:15 GMT

Helping Oregon dental teams keep compliance simple, safe, and stress-free.

The Temptation: “Bleach Kills Everything… Right?”

When biofilm builds up in dental waterlines, it’s tempting to grab that familiar bottle of bleach and think, “This will take care of it.”

But here’s the truth: while bleach does kill bacteria, it can also damage your equipment, corrode your lines, and void your warranties—all while failing to meet the requirements set by the CDC and EPA for dental unit waterline treatment.

The Science: Why Bleach Fails the DUWL Test

Dental waterlines are delicate systems that require a balance of disinfection, safety, and equipment compatibility.

Here’s why bleach (sodium hypochlorite) doesn’t belong anywhere near them:

Not EPA-Registered for DUWLs: The EPA maintains a list of antimicrobial products approved for dental unit waterline use. Bleach isn’t on it. Using an unregistered product puts your practice out of compliance and at risk during inspections.
Corrosive to Dental Equipment: Bleach corrodes metal fittings, valves, and plastic tubing, leading to leaks and costly repairs. It also degrades O-rings and adhesives inside the dental unit—issues that can cause long-term system failure.
Doesn’t Rinse Cleanly: Bleach leaves chemical residues that are difficult to flush completely, creating a potential safety hazard for both patients and staff.
No Validated Instructions for Use (IFUs): Without IFUs for dilution or contact time, there’s no safe way to know how much bleach (if any) could be used without harming your unit—or your patients.

The Safer, Smarter Way to Shock and Maintain Your DUWLs

To eliminate biofilm safely, choose EPA-registered products that are specifically formulated for dental waterlines and validated by equipment manufacturers.

Common and trusted options include:

Hydrogen peroxide–based systems (e.g., ProEdge Liquid Ultra, Sterilex Ultra, Mint-A-Kleen)
Silver-ion systems (continuous maintenance tablets)
Iodine or peracetic acid formulations

These products are tested for:

Compatibility with dental materials
Safety for patients and staff
Proven effectiveness against biofilm

Real-World Lessons: Quick Fixes = Costly Problems

One hygienist shared her experience:

“We tried diluted bleach as a quick shock because we were low on supplies. Two weeks later, we failed our waterline test—and had to reschedule four patients.”

Shortcuts might seem efficient, but they often result in failed water tests, system repairs, and frustrated patients.

Best Practices for Dental Waterline Compliance

Follow the manufacturer’s instructions for use (IFU) for your dental unit and treatment product.
Perform a shock treatment as recommended (typically quarterly or after test failures).
Use a continuous treatment product between shocks.
Test monthly or per IFU, or state and CDC guidance to ensure ≤ 500 CFU/mL.

Key Takeaway

Bleach belongs in your laundry room, not in your dental unit waterlines.

By using approved products and consistent testing, your practice can stay safe, compliant, and confident—without risking costly equipment damage or failed inspections.

Want Help Simplifying Your DUWL Protocols?

At Healthcare Compliance Associates, we help dental teams across Oregon develop waterline maintenance programs that pass testing the first time—every time.

�� Contact us today to schedule a compliance consultation or waterline protocol review. 541-345-3875

�� www.oshahipaatraining.com

Do I Need to File a Workers’ Comp Claim for a Needlestick Injury?

Thu, 30 Oct 2025 01:15:16 GMT

Do I Need to File a Workers’ Comp Claim for a Needlestick Injury?

Yes. If a needlestick or sharps injury occurs on the job, it must be reported as a workers’ compensation claim — even if the injury seems minor or the exposure risk is low.

Why You Must Report It

Needlestick and other sharps injuries are considered occupational exposures. They must be reported to:

Your occupational health provider (where the employee is evaluated)
Your workers’ compensation carrier (using Form 801 or your state’s required form)

Reporting the incident ensures:

The employee receives proper medical follow-up
The employer is protected from liability
Your practice remains compliant with OSHA recordkeeping and state workers’ comp laws

What to Do After a Needlestick Injury

Wash the area with soap and water immediately
Report the injury to a supervisor
Ask the source individual to be tested (required in some states)
Complete all internal incident documentation
Send the employee to your occupational health provider
Submit the workers’ compensation claim form (e.g., Form 801 in many states) — often completed by the health provider
Log the incident in your OSHA 300 record (if applicable)

Free OSHA Compliance Risk Review

Would your clinic pass an OSHA inspection today? OSHA fines have increased—and one overlooked detail could cost your practice $15,000+ per violation.

Our FREE OSHA Compliance Risk Review helps you:

Identify your clinic’s biggest OSHA risks
See what’s missing before an inspector does
Understand exactly what needs to be fixed—and what can wait

This 25-minute virtual review gives you a clear snapshot of where your OSHA program stands and what steps to take next.

�� Book your Free OSHA Compliance Risk Review today

Preventing Workplace Violence in Healthcare: A Proactive Compliance Strategy

Mon, 20 Oct 2025 15:34:16 GMT

Creating a Workplace Where Safety, Respect, and Readiness Come First

Workplace violence is an unfortunate but real risk in today’s healthcare environment. Whether it's verbal abuse from a frustrated patient or a physical altercation in a high-stress setting, violence in the workplace threatens not only employee safety but also patient care quality, operational stability, and legal compliance.

For healthcare practices, taking a proactive and compliant approach to workplace violence prevention isn’t just good policy—it’s a regulatory and ethical imperative.

Why Workplace Violence Prevention Matters in Healthcare

Healthcare professionals face a higher risk of workplace violence than employees in many other industries. Factors like long wait times, emotionally charged environments, behavioral health challenges, and open-access facilities all contribute to this vulnerability. Proactively addressing these risks protects staff, reassures patients, and demonstrates a practice's commitment to safety and compliance.

5 Core Objectives for a Violence Prevention Program

To build an effective workplace violence prevention strategy, your practice should implement the following foundational elements:

Adopt a Written Zero-Tolerance Policy - Establish a formal, practice-wide policy stating that physical and verbal violence will not be tolerated—from anyone, including patients, staff, and visitors.
Educate and Train Employees Regularly - Ongoing training empowers staff with tools to de-escalate situations, identify red flags, and respond appropriately in high-risk scenarios.
Promote Incident Reporting and Risk Mitigation - Create a culture of openness where staff feel comfortable reporting concerns or incidents without fear of retaliation.
Ensure Retaliation-Free Reporting - Clearly state that no employee will suffer negative consequences for reporting violence or unsafe conditions.
Implement a Clear Security Policy - Define responsibilities, procedures, and enforcement protocols to manage potential threats effectively.

Leadership Commitment is Essential

Leadership sets the tone. Management must be fully invested in fostering a safe environment for staff, patients, and visitors alike. This includes allocating resources, enforcing policies consistently, and modeling the expected standards of conduct.

Conducting a Workplace Violence Risk Assessment

Understanding your unique vulnerabilities is key. An assessment should evaluate:

Unrestricted public access
Long patient wait times
Presence of individuals under the influence
Isolated or poorly lit workspaces
Remote or understaffed locations
History of past incidents
This risk evaluation helps tailor your prevention strategies to the actual threats your practice faces.

Implementing Effective Controls

Workplace violence prevention involves both engineering controls (physical modifications) and administrative controls (policy and procedural improvements).

Engineering Controls:

Install panic buttons or silent alarms
Hire security personnel during peak times
Monitor secondary entrances
Improve parking lot and exterior lighting

Administrative & Work Practice Controls:

Maintain clean, calm, and well-organized waiting areas
Communicate your zero-tolerance policy to all stakeholders
Document all incidents in an on-site Incident File
Train staff in conflict de-escalation and response protocols
Implement a buddy system for walking to parking areas
Dismiss patients or staff who pose repeated threats
Call law enforcement when needed

Educating Patients and Preventing Escalation

Managing patient expectations can reduce tension. Clearly communicate estimated wait times, behavioral expectations, and escalation procedures. Staff should be trained to remain calm, neutral, and professional in all interactions—especially under stress.

Encouraging Immediate and Detailed Reporting

Timely reporting of threats or incidents—whether physical or verbal—is vital. Employees should report any concerns to their supervisor or the designated Safety Coordinator immediately. Each report helps identify systemic risks and informs necessary changes.

Use OSHA-compliant tools like the Violence Incident Report Form to maintain accurate records and document your compliance efforts.

Resources and Further Learning

Workplace Violence: Can It Happen Where You Work?

Patient Dismissal

Final Thought

A proactive workplace violence prevention plan protects your team, meets OSHA expectations, and fosters a culture of safety and respect. If your practice is ready to take the next step in strengthening your compliance program, Healthcare Compliance Associates is here to help. We offer tailored support, training, and policy development to ensure your team feels secure and your practice stays compliant.

OSHA Safety Meetings: Why They Must Focus on Employees

Tue, 23 Sep 2025 16:25:59 GMT

Patient Safety Matters, but OSHA Safety Meetings Are About Safeguarding Employees

In healthcare, safety is a wide umbrella. Offices often hold meetings about patient safety, covering topics such as infection control, secure handling of medical records, or protecting patients from hazards. While these conversations are essential for high-quality care, they are not what OSHA means when it requires safety meetings.

OSHA’s concern is the safety and health of employees. The law is designed to protect workers from occupational hazards—everything from bloodborne pathogens and needlestick injuries to chemical exposure, fire hazards, and ergonomic risks. Safety meetings, as OSHA defines them, must center on the risks your employees face while doing their jobs.

Not sure where your compliance program really stands? You don’t need to have everything figured out—that’s what we’re here for.

Our FREE OSHA Compliance Risk Review gives you:

A clear look at your current OSHA compliance status
Insight into gaps that often affect HIPAA and infection control too
A customized summary and next-step recommendations

Think of it as a compliance “check-in” that helps you move forward with confidence—without pressure or obligation.

�� Book Your Free OSHA Compliance Risk Review

Why Employees File OSHA Complaints—And How to Prevent Them

Wed, 17 Sep 2025 20:28:02 GMT

How to reduce risk and build a workplace where employees feel heard

OSHA complaints can feel like a thundercloud over any healthcare practice—stressful, costly, and disruptive. But here’s the truth: most of these complaints don’t arise from bad intentions. They usually come from small, preventable gaps that leave employees feeling unheard, unsafe, or undervalued.

The good news? By fostering trust, addressing issues quickly, and embedding compliance into daily routines, providers can reduce the likelihood of a complaint while creating a stronger, healthier workplace.

1. Address Safety Concerns Quickly

When employees raise a concern, speed matters. Even seemingly small fixes—like repairing a chair, replacing a sharps container, or updating worn signage—show staff that their well-being is a priority. Prompt action prevents small frustrations from growing into formal complaints.

2. Pay Attention to Meeting & Training Time

OSHA is clear: safety trainings and meetings must count as paid work hours. If staff feel they’re losing personal time or wages, resentment builds. Over time, that frustration can turn into a complaint. Respecting employee time reinforces fairness and builds trust.

3. Encourage Open Communication

Most employees don’t want to go outside the practice for support—they want to feel heard internally. Create channels where staff can safely share concerns without fear of retaliation. Whether it’s a suggestion box, open-door policy, or regular check-ins, communication prevents escalation.

4. Build a Compliance Culture

Compliance shouldn’t feel like an afterthought. When safety becomes part of the everyday routine—woven into policies, trainings, and follow-through—employees feel valued and secure. A consistent culture sends the message that protecting staff is everyone’s responsibility.

5. Provide Clear Guidance

OSHA standards can feel complex, and confusion often leads to mistakes. Simplify the process by breaking rules into clear, practical steps that make sense for your team’s day-to-day workflow. Clarity reduces miscommunication and builds confidence.

The Takeaway

Most OSHA complaints can be prevented by creating a respectful, responsive environment where safety is more than a requirement—it’s a shared value. Proactive attention to concerns not only avoids costly complaints but also strengthens trust, morale, and long-term team stability.

When employees know their voices matter and their safety is a priority, they’re far more likely to bring solutions forward instead of frustrations to OSHA.

Not sure where your compliance program really stands? You don’t need to have everything figured out—that’s what we’re here for.

Our FREE OSHA Compliance Risk Review gives you:

A clear look at your current OSHA compliance status
Insight into gaps that often affect HIPAA and infection control too
A customized summary and next-step recommendations

Think of it as a compliance “check-in” that helps you move forward with confidence—without pressure or obligation.

�� Book Your Free OSHA Compliance Risk Review

What to Do When Patient Records Are Delayed

Wed, 03 Sep 2025 20:59:18 GMT

Frustrated by long waits for patient records? You're not alone.

More and more dental and healthcare practices – especially larger chains – are requiring unnecessary forms, online portals, or excessive wait times before releasing patient records. The most common example? Requiring patient-signed authorization even when records are being shared provider-to-provider for treatment.

Let’s be clear: That is not required under HIPAA.

And while we understand that every office has internal policies, these added steps often create barriers to care, delay procedures, and leave your team – and your patients – stuck waiting.

We hear you. It’s frustrating, avoidable, and all too common.

But there are ways to respond professionally, keep patient care moving, and avoid escalating conflict.

HIPAA 101: What’s Actually Required

Under the HIPAA Right of Access, providers can share records with other providers for treatment purposes without a patient’s signed release.

Patients have the right to access their records.
Providers may require a written request — but it must be reasonable.

That means offering practical options like email, secure online portal, or fax — not requiring in-person forms or excessive red tape.

Records must be provided within 30 calendar days (with one 30-day extension allowed in writing).

Legal reference: 45 CFR § 164.524 – Access of individuals to protected health information.

In Oregon: Dental records must be provided within 14 days of a written request from the patient or guardian. (OAR 818-012-0030(9)(a))

If You’re Stuck Waiting, Here’s What You Can Do:

Step 1: Confirm and Clarify

Make sure your request was received.
Ask if they prefer a specific format (fax, secure email, form).
Offer to adjust — as long as it doesn’t create unreasonable delays.

Step 2: Ask for the Right Contact

If the front desk isn’t helpful, ask to speak with the office manager or records supervisor.

Try this language:

“We want to make this easy for everyone. Who can we speak with to help streamline this request so the patient receives timely care?”

Step 3: Share the Rules (Nicely)

Sometimes, they just don’t know. Gently remind them of the law:

“We understand your office has policies, and under HIPAA and Oregon rules, providers must release records within specific timeframes, and can’t add extra steps that cause delays. We’re happy to work together on a solution that supports the patient’s care.”

This isn’t about proving them wrong — it’s about keeping things moving.

Step 4: Involve the Patient

Patients often get faster results. You can:

Encourage the patient to submit their own written request
Ask them to mention urgency
Include their right under HIPAA

Give them the link: HIPAA Right of Access – HHS.gov

When It Crosses the Line: Information Blocking

If delays become frequent, unexplained, or seem retaliatory, they may qualify as information blocking under the 21st Century Cures Act.

�� This is serious — and reportable.

Report a Complaint – OCR

Use this only when collaboration has failed, and patient care is being directly harmed.

Bottom Line: Stay Professional, Stay Focused on Care

Most of the time, these delays aren’t malicious — they’re a result of understaffing, outdated systems, or misunderstanding the rules.

That said, you don’t have to just accept it.

You can take clear, professional steps to advocate for your patients — and keep things on track.

Need Support?

If you need help navigating a difficult records release situation, reach out anytime at:

Phone: (541) 345-3875
Email: Support@OshaHipaaTraining.com

HIPAA compliance isn’t just about policies — it’s about how your practice actually operates day to day.

Our FREE OSHA Compliance Risk Review helps you see how your compliance efforts are actually functioning on the ground by identifying:

• Where real-world workflows may be creating hidden compliance risk
• OSHA gaps that can impact staff safety and regulatory exposure
• Systems, training, or documentation that need practical reinforcement

Even when HIPAA is the primary concern, understanding physical-space risk is a smart starting point for strengthening your overall compliance foundation.
�� Start with a Free OSHA Compliance Risk Review

Don’t Let Infection Control Be Your Weak Spot

Mon, 25 Aug 2025 07:00:00 GMT

The Truth About CDC and OSHA Requirements for Infection Control in Dental Practices

As a busy dental professional, you work hard to keep your patients safe and your clinic running smoothly. You're dedicated to your craft, and you know the importance of continuing education. But here's the problem: many licensed dental providers believe that completing 2 CE credits in infection control every two years is enough. Unfortunately, that belief can put your team, your patients, and your license at risk.

We understand the pressure dental teams face to stay compliant while juggling patient care. At Healthcare Compliance Associates, we specialize in making dental infection control training straightforward, effective, and aligned with the latest CDC guidelines. We're here to help you meet your regulatory obligations without the guesswork.

The Plan

Here's what the CDC actually requires for dental clinics:

Infection prevention training upon hire for all dental health care personnel.
Annual dental infection control training for every team member—regardless of license status.

This is not optional. Annual training is a minimum standard recommended by the CDC and expected by OSHA inspectors.

Don't wait for an audit or a health scare to make infection control a priority.

Sign up now for our OSHA-compliant Annual Dental Infection Control Training.
Or schedule a quick compliance check to see where your practice stands. (call 541-345-3875 ext. 5)

The Success

With annual training in place, you'll:

Stay aligned with CDC and OSHA dental infection control requirements
Protect your dental team and patients from preventable infection risks
Be confident and audit-ready at any time

Failure

Skipping annual dental infection control training might not cause problems today—but it only takes one exposure, one inspection, or one lawsuit to uncover the gap.

Closing

Be the kind of dental leader who prioritizes safety and sets the standard for your team. Infection control isn’t just a requirement—it’s part of the trust your patients place in you every day. Let’s make sure your practice is protected and compliant.

Schedule your FREE Compliance Risk Review today! 541-345-3875 ext. 5

What is a Spoofed Email and How Should Healthcare Clinics Respond?

Thu, 21 Aug 2025 22:22:04 GMT

How to Spot, Prevent, and Respond to Spoof Emails for Healthcare Settings

Email is one of the most common ways healthcare offices communicate — with patients, vendors, and within their own teams. Unfortunately, it’s also one of the most common ways cybercriminals try to gain access to sensitive information.

One of the most deceptive tactics is the spoof email. In this blog, we’ll break down what spoof emails are, how to spot them, how to prevent them, and what to do if your office — or your patients — receive one.

What Is a Spoof Email?

A spoof email is a fraudulent message designed to look like it came from someone you trust — a coworker, your clinic, or even a vendor you regularly work with. Cybercriminals forge the “From” address so that the email appears to come from a legitimate source, even though it did not originate from that account.

For example:

A message that looks like it’s from your doctor asking you to open an attachment.
An email appearing to come from a coworker requesting urgent action.
An attached “voicemail” or “secure document” that looks like it’s sent from a colleague but actually contains malicious software.

How to Detect a Spoof Email

Spoof emails are designed to look convincing, but they usually carry warning signs. Train your team to pause and check for:

Unexpected attachments or links — especially audio files, invoices, or zip files.
Urgent or alarming language (“Your account will be closed!”).
Sender display name vs. email address — the display name may match, but the actual email address may tell a different story.

✅ Example: dr.smith@myclinic.com
❌ Spoofed example: dr.smith@mycl1nic.com (notice the “1” instead of “i”).
How to check: Hover over the sender’s name with your mouse (or tap on a phone) to reveal the full email address. Always peek under the name before trusting it.

Grammatical errors or unusual phrasing — subtle signs of something not right.
Suspicious headers — IT teams can check message headers to see if the email really came from your domain.

Tips to Minimize Spoof Emails in Your Clinic

While you can’t stop cybercriminals from attempting spoofing, you can make it harder for them to succeed:

Work with your IT company to enable SPF, DKIM, and DMARC records on your email domain.

These are special security settings that tell email servers which senders are authorized to use your domain name. If they aren’t set up correctly, attackers can more easily pretend to send emails as your clinic. Your IT company should be able to confirm whether you already have them in place and help configure them if you don’t.

Train staff regularly on phishing and spoofing awareness. Even one click on a bad link can compromise security.
Use multifactor authentication (MFA) for all accounts to add an extra layer of protection.
Verify requests by another method — if you get a strange email from a coworker, call or message them directly before acting.

How to Respond if Your Clinic Receives a Spoof Email

If your office gets a suspicious message that appears to come from your own domain or staff:

Do not click links or download attachments.
Report it immediately to your IT or compliance team.
Document the incident — and be sure to contact your HIPAA compliance provider for guidance on properly recording and addressing these types of events.
Warn your staff so others know not to interact with the message.
Work with IT to review headers and confirm it was spoofing, not a compromised account.

What If Patients Receive Spoof Emails That Look Like They Came from You?

This can be especially damaging to patient trust. If you learn patients have received spoofed messages appearing to come from your clinic:

Notify patients ASAP — acknowledge that the email did not come from your office.
Give clear instructions — tell them not to click links, open attachments, or reply.
Provide reassurance — explain that their medical records and patient portals remain secure, and that this was a spoof, not a breach of your systems. * After confirming it was a spoofing email, not a compromised account .
Share prevention tips — encourage patients to verify suspicious messages by calling the clinic directly.
Continue monitoring — if spoofing persists, work with IT to tighten email authentication settings.

Spoof emails are a growing threat in healthcare because they exploit trust — the trust patients place in their providers and the trust staff place in their colleagues. By educating your team and your patients, enabling the right protections, and responding swiftly when an incident occurs, your office can turn a potentially damaging attack into an opportunity to build stronger awareness and confidence in your security practices.

FAQ: Email Spoofing in Healthcare

Is email spoofing illegal?

Yes. It is considered fraud and, in healthcare, spoofing can lead to HIPAA compliance issues if patient information is exposed.

What does a spoofed email address look like?

It may look almost identical to a real one — for example:

Real : dr.smith@myclinic.com
Fake : dr.smith@mycl1nic.com (with a “1” instead of an “i”).

What happens if I open a spoofed email?

Opening it alone usually won’t cause harm. The danger comes from clicking links, downloading attachments, or replying.

Can spoofed emails be stopped completely?

Not entirely, but they can be minimized. Setting up SPF, DKIM, and DMARC with your IT company, training staff, and enabling multifactor authentication all reduce the risk.

When Records Are Delayed: Navigating Requests with Confidence, Clarity, and Results

Wed, 20 Aug 2025 14:55:17 GMT

Delays in receiving medical records are one of the most common frustrations we hear about from healthcare offices. Whether you’re waiting on x-rays, patient histories, or treatment notes, it can feel like a simple request is suddenly wrapped in red tape.

This blog was created to address those very questions. Instead of assuming malicious intent, we aim to foster clarity, reduce friction, and offer practical, lawful guidance for improving communication and protecting patient access.

A Common Scenario: When Policy Becomes a Barrier

A dental office submits a request to another provider for a patient’s records, which are needed before a scheduled procedure. The other office replies that the request must be submitted through their specific online portal — and once submitted, it may take up to 30 business days to process. No confirmation is provided, and no status update is available. The patient is growing anxious, the procedure must be rescheduled, and the receiving office is left wondering what they’re allowed to say or do.

This situation doesn’t reflect a bad actor. It reflects a broken process, often due to:

Understaffed administrative teams
Lack of training on HIPAA timelines
Overreliance on policy templates
Outdated systems for records handling

The good news? There are realistic, professional steps you can take to move things forward — and avoid unnecessary conflict.

What the Law Says About Records Release

HIPAA Right of Access

Under the federal HIPAA Privacy Rule:

Patients have the right to access their records.
Records must be provided within 30 calendar days (with an optional 30-day extension if justified in writing).
Providers may require a written request but cannot create unreasonable delays or barriers.

Full guidance: HIPAA Right of Access – HHS.gov

Oregon Rule (Dental):

Oregon dental providers must provide records, including x-rays, within 14 days of a written request from the patient or their guardian.

Refer to OAR 818-012-0030(9)(a) for direct language.

Internal policies should support timely care, rather than hindering it.

Records Release Toolkit

These steps are designed to support your office in responding effectively, lawfully, and professionally when facing delays in receiving patient records.

Clarify and Confirm

Ensure the records request was received.
Ask if additional documentation or formats are preferred (fax, secure email, form submission).
Offer to resend or adjust the request to their stated process, so long as it does not impose unreasonable delays.

Connect with the Right Person

If initial communication isn’t productive, request to speak with a supervisor or office manager.

Approach the conversation with the goal of:

Understanding their process
Building a cooperative relationship
Identifying a smoother path forward for both offices

Sample language:

“ We’d like to make this process easier for everyone involved. Who is the best person to speak with about streamlining this request and ensuring the patient receives timely care? ”

Provide Educational Context

If helpful, you may share federal guidance or state law — not as a threat, but as context:

“We understand your office has internal policies, but understand that under HIPAA and Oregon law, patient records must be released within specific timelines, and processes cannot create unreasonable delays. We’re happy to collaborate in a way that works for both offices and puts the patient’s needs first.”

Empower the Patient

Patients often get faster responses. Encourage them to: Submit their own written request

• Note the urgency for treatment
• Request an estimated date of release
• Reference their right to access under HIPAA

You can also provide the patient with a link to HHS’s Right of Access page for more information.

When It Might Be Information Blocking

The 21st Century Cures Act prohibits covered entities from interfering with access to or use of electronic health information. While most delays are not intentional, consistent or unexplained refusals to share records may fall under the category of information blocking.

To learn more:

• Information Blocking FAQ – HealthIT.gov

• Report a Complaint – OCR

Use this step when education and collaboration have failed, and there’s clear harm being done to the patient’s ability to receive care.

Focus on Collaboration, Not Conflict

Delays in care can be deeply frustrating, especially when you’re doing everything right. Still, it’s important to remember that many offices are working with limited resources, under pressure, and with outdated systems.

Most delays are not acts of harm — they are opportunities for system improvement and clearer communication.

By staying professional, grounded in law, and centered on the patient, your office can be a model for collaborative, compassionate compliance.

Need Support?

If you need help navigating a difficult records release situation, reach out anytime.

Healthcare COMPLIANCE Associates

Phone: (541) 345-3875

Email: Support@OshaHipaaTraining.com

Subject: Request for Records – Patient Care Impacted by Delay

Dear [Recipient’s Name or Office Manager],

I hope this message finds you well. I’m reaching out regarding a records request submitted on [insert date] for our mutual patient, [Patient Full Name, DOB].

As of today, we have not yet received the requested information, and unfortunately, the delay is beginning to impact the patient’s ability to receive timely care. We understand and respect that every office has internal policies and procedures, and we’re happy to follow yours to the extent that they comply with state and federal law. However, we are concerned that the current delay may be inconsistent with compliance requirements.

Summary of Relevant Law:

Federal HIPAA Right of Access – 45 CFR 164.524

Covered entities must provide access to records within 30 days of request (or within 60 days with an extension).

While a written request may be required, the entity may not impose unreasonable measures that delay access.

Full guidance: HHS HIPAA Right of Access

Oregon Administrative Rules (Dental-Specific)

Providers must release patient records within 14 days of written request.

See: OAR 818-012-0030(9)(a) & OAR 818-012-0032

We are committed to working with your office to ensure this process is smooth and compliant. Please let us know:

If the records have already been sent (and we may have missed them),

If there’s a specific form or additional verification needed, or

If there’s someone else we should contact to help move this forward.

Our goal is to ensure this patient receives timely treatment. We truly appreciate your time and efforts.

Warm regards,

[Your Name]

[Your Title]

[Your Office Name]

[Phone Number]

[Email Address]

Protecting Patient Privacy on Social Media

Tue, 19 Aug 2025 07:00:00 GMT

A Practical Guide for Dental and Healthcare Offices

Social media is a powerful tool for dental offices and small healthcare practices to connect with their community, build trust, and educate patients. But it also comes with serious risks, especially when it comes to protecting patient privacy and complying with HIPAA (the Health Insurance Portability and Accountability Act).

In this blog, we’ll break down what smaller dental and healthcare practices need to know about using social media safely and responsibly.

1. HIPAA Basics for Social Media

HIPAA prohibits the disclosure of Protected Health Information (PHI) without a patient’s written authorization. PHI includes any information that can identify a patient—names, photos, diagnoses, appointment times, and even unique situations that could reveal who the patient is.

Never post the following without signed patient consent:

Photos or videos of patients
Stories or anecdotes that include identifying details
Screenshots of internal communications
Responses to patient reviews that confirm the individual is a patient

Tip: Even de-identified information can sometimes be traced back to a patient. When in doubt, leave it out.

2. Cybersecurity and Account Management

Your dental or healthcare practice’s social media accounts should be treated like any other system that handles sensitive information.

Best practices include:

Use strong, unique passwords and enable two-factor authentication (2FA)
Limit access to social media accounts to trained team members
Maintain a clear policy on who can post, when, and what type of content is appropriate
Never access accounts from public or unsecured Wi-Fi

Tip: Use a social media management tool that logs who posts what and when. This helps with accountability and error tracking.

3. Engaging with Patients Online

It’s natural to want to respond to online reviews or comments. But HIPAA still applies, even in public spaces.

Do:

Thank reviewers in general terms (e.g., "Thank you for your feedback!")
Encourage patients to call your office to discuss concerns

Don’t:

Confirm someone is your patient
Discuss any aspect of their care, even if they mention it first

Tip: Have a response template that your team can use to keep replies compliant and consistent.

4. Training and Policies

Every team member should know your dental or healthcare office’s social media policy and understand the consequences of HIPAA violations.

Recommendations:

Discuss social media use in your HIPAA training
Create a written social media policy and review it annually
Designate a social media coordinator or compliance officer to oversee activity

Tip: Use real-life examples of HIPAA breaches in training to make the risks more relatable.

5. When in Doubt, Ask

If you're unsure whether something is safe to post, consult your HIPAA compliance officer or legal advisor. It's always better to be cautious than to risk a violation that could lead to fines, loss of reputation, or even criminal charges.

Final Thoughts

Social media can be a valuable asset for dental offices and small healthcare practices—but only when used wisely. With a little planning, staff training, and common sense, you can protect your patients’ privacy and keep your practice safe and compliant.

This post was drafted with assistance from AI and reviewed by our compliance team to ensure accuracy and relevance for healthcare practices.

Want a ready-to-use Social Media Policy for your dental or healthcare office?

Download our free sample policy to get started!!

Do I Need Infection Control Training?

Fri, 15 Aug 2025 19:22:06 GMT

If you’re not 100% sure when your team last completed infection control training—or who even needs it—this quick guide is for YOU!

What Most Clinics Get Wrong About Infection Control

Too many clinics make assumptions that lead to risk. Let’s clear up the two biggest misconceptions:

❌ Misconception #1: Only Licensed Providers Need Training Every Two Years

The Truth: Infection control training isn’t just for dentists or hygienists. Every team member who may be exposed to bloodborne pathogens or infectious materials—including front desk staff and janitorial crew—should receive training annually at a minimum.

❌ Misconception #2 : OSHA and Infection Control Training Are the Same

The Truth: While some topics overlap, they have different goals.

OSHA training focuses on protecting employees from workplace hazards.
Infection control training focuses on preventing disease transmission to protect patients, staff, and anyone entering the clinic.

Not recognizing this difference can create compliance gaps and increase your risk.

3 Quick Infection Control Wins You Can Use Today

Confirm who’s been trained: Create or update your staff training log. Anyone potentially exposed should have documented annual training.
Walk your clinic like an inspector: Look for expired supplies, unlabeled containers, or missing hand hygiene signage. These are easy-to-fix red flags.
Review your exposure plan: Is it up to date and specific to your current team and workflows? If it’s collecting dust, it’s time to revise.

Stay Ready Year-Round with HCA

At Healthcare Compliance Associates, we make infection control training simple, specific, and stress-free. Our Infection Control Compliance Package includes:

✅ Annual Onsite + Online Training – Relevant, current, and clinic-specific

✅ Exposure Plan Workbook – Easy-to-follow and ready for inspection

✅ Facility Walk-Thru – Catch issues before they cost you

✅ Year-Round Support – Get expert answers when you need them

Contact Us TODAY to learn more about how maintain compliance with ease!

When Patients Cry “HIPAA Violation”: What to Do

Tue, 12 Aug 2025 18:15:00 GMT

How to Handle HIPAA Complaints with Professionalism, Compassion, and Confidence

In healthcare, the word “HIPAA” carries weight—and sometimes, confusion.

It's not uncommon for patients or their loved ones to claim that a privacy violation has occurred, even when no such breach has taken place. With the rise of online forums, social media, and secondhand information, many people feel empowered to speak up—but unfortunately, not all claims are grounded in a clear understanding of the law.

So what should your clinic do when someone insists their privacy rights have been violated, but the situation appears to be a misunderstanding, miscommunication, or outright exaggeration?

Here’s a clear, professional approach to handling these claims with integrity, care, and confidence.

1. Pause and Listen Carefully

Even if the complaint seems misguided, every concern deserves a respectful ear. Listen without defensiveness. Let the individual fully explain their concern and take notes. The way you respond in these early moments can shape their overall perception of how seriously your office takes patient privacy.

2. Document Everything!

Immediately document:

Who made the complaint and when
What they claimed happened
Whether PHI was involved
Any key phrases or direct quotes that help show the tone or seriousness of the complaint (e.g., “I’m calling my lawyer if you don’t fire them”)
How your team responded in the moment

Avoid including:

Personal opinions, assumptions, or guesses about the person’s intentions (e.g., “they were probably lying” or “seemed unstable”)
Emotional reactions or commentary (e.g., “the patient was being ridiculous”)
Diagnoses, unless you're a licensed clinician referencing a known medical fact relevant to the incident

Stick to observable facts and language. Your goal is to create a clear, professional record—not an interpretation of someone’s behavior.

3. Assess the Claim Objectively

Not all HIPAA complaints indicate an actual violation. Sometimes patients misunderstand what HIPAA protects—or they become upset about an experience unrelated to privacy and reach for legal terminology out of frustration.

Let’s define PHI (Protected Health Information):

PHI includes any information that can be used to identify a patient and relates to their health status, care received, or payment for care. This can include names, addresses, birthdates, diagnoses, treatment details, or even something as simple as an appointment date—if it’s tied to the person’s identity.

Ask yourself:

Was any identifiable health information actually disclosed?
Was the disclosure intentional or accidental?
Was the recipient someone authorized to receive it?
Did the patient misunderstand normal administrative processes (e.g., calling a patient’s name in the lobby, sending appointment reminders)?

If there’s no PHI exposure, or the alleged "violation" falls outside the scope of HIPAA, it’s important to remain clear in your own understanding before addressing the concern further.

4. Conduct a Formal Internal Investigation

Even if a claim seems unfounded, treat it with seriousness and respect. Review relevant documentation, talk to any staff involved, and consult your policies. This shows due diligence and creates internal accountability.

If the complaint is clearly based on misinformation, consider it a learning opportunity—for both your team and the patient.

5. Respond with Compassion and Clarity

Once you've reviewed the situation:

Provide a calm, professional response
Acknowledge the patient’s concerns
Offer a brief explanation (in plain language) of what HIPAA does and does not cover, if appropriate
Share any corrective steps taken or training provided—even if it’s just a refresher for your team
Avoid legal jargon or a defensive tone. The goal is to rebuild trust, not to “win” an argument.

6. Don’t Let Emotions Guide the Response

Some complaints can feel personal—especially if the patient posts online, demands punishment for a staff member, or becomes hostile. It’s essential that leadership remain steady. Avoid:

Engaging in back-and-forth debates (especially on social media)
Making decisions purely based on pressure or fear
Escalating a situation that may simply need clear, compassionate communication
If needed, consult legal counsel for guidance—especially if the patient is making legal threats or posting defamatory content.

7. Reinforce Training and Culture

Regardless of the claim's validity, use the opportunity to reinforce best practices around privacy and professionalism. Offer a quick HIPAA refresher to staff and revisit your internal policies for any needed improvements.

You might even review how your office handles:

Social conversations inside or outside of the clinic- what isn't allowed under the HIPAA law
Visible documents or whiteboards
Use of devices or screens near patients
Proactive steps build a culture of awareness and protect against future misunderstandings.

Not every HIPAA complaint means your clinic is at fault—but every complaint is a chance to listen, learn, and lead with integrity. By responding calmly, documenting thoroughly, and reinforcing your team’s commitment to privacy, you protect both your practice and the trust your patients place in you.

Need support navigating patient complaints or strengthening your privacy protocols?

We’re here to help healthcare teams turn complex compliance into confident care. Reach out for resources, training, and guidance tailored to your unique needs.

Healthcare Cybersecurity

kelli@hlthcarecomp.com (Kelli Ngariki) — Tue, 05 Aug 2025 07:00:00 GMT

Breaking Down Silos to Build Smarter Data Protection

Welcome to the era of healthcare cybersecurity, where protecting patient data isn’t just an IT issue. Whether you work in the front office, back office, compliance, or leadership, cybersecurity is now part of your job. Why? Because cyberattacks don’t stay in one department, and your defenses shouldn’t either.

Silos Create Risks

In today’s connected world, working in silos creates real risk. When IT, compliance, legal, and operations don’t collaborate, it leaves gaps—and those are exactly what cybercriminals target.

To protect your practice:

Build cross-functional teams or “Cybersecurity and Compliance Committees.”
Hold short, regular check-ins between IT, compliance, and leadership.
Align on policies, risk assessments, and training to avoid blind spots.

This team-based approach improves HIPAA compliance, strengthens data protection, and makes your cybersecurity strategy practical and enforceable.

Why Cybercriminals Target Healthcare Leaders

Phishing attacks—fake emails that trick people into clicking dangerous links or sharing passwords—often target doctors, office managers, and executives. These roles usually have access to the most sensitive systems and data.

To defend your team:

Ask your IT company to send phishing simulations to test everyone, including leadership.
If someone fails the test, they automatically receive short, friendly training—no blame, just awareness.
Make cybersecurity part of your culture, not a punishment.

What to Do First After a Cyber Incident: Contact Legal

If you think your healthcare organization has experienced a cyberattack or data breach, like ransomware, your first step is to call your legal counsel. What you say and how you document the situation matters under HIPAA and state laws.

Very important:

If you’re hit with ransomware, do not contact the hacker. Do not reply to emails, click links, or attempt to negotiate. This can make the situation worse or even violate federal regulations if the hacker is tied to a sanctioned entity.

Instead:

Bring in a forensic cybersecurity expert who is trained to handle attacker communications and data recovery.
Follow your legal team’s guidance before taking any technical or public-facing action.

Your response plan should cover:

Who to notify first (usually legal counsel)
How to safely document the incident
When and how to involve IT, compliance, regulators, and law enforcement

Having a clear, step-by-step process will help your team act quickly—and avoid costly mistakes.

The Basics: What Every Healthcare Cybersecurity Program Needs

Make sure your plan includes:

Regular risk assessments
HIPAA-compliant policy development
Ongoing team training
An incident response plan
Routine internal and external audits

Also: write your cybersecurity policies in plain English. Clear beats complex, especially when it comes to staff adoption.

Know Your Data: Asset Inventory and ePHI Awareness

Every healthcare organization needs an accurate asset inventory. That means knowing:

Where your electronic protected health information (ePHI) lives
What devices connect to your network (including laptops, tablets, phones, smartwatches)
Who has access to what

If it connects to your system, it’s part of your cybersecurity plan.

Watch for Social Engineering Attacks

Cybercriminals use more than email; they also call, send text messages, and make video calls. Fake “tech support” or “help desk” calls are common. They may sound real and ask to reset passwords or verify credentials.

Here’s the rule: Help desks never call you first. Always initiate contact or verify through trusted internal channels. Train your team to follow a simple call-back process to confirm legitimacy.

Final Thought: Cybersecurity Is a Team Sport

Cybersecurity in healthcare isn’t just about firewalls and antivirus software. It’s about teamwork, communication, and a shared commitment to protecting patient data.

When your IT, compliance, legal, and operations teams work together, your practice can:

Stay HIPAA compliant
Prevent breaches
Respond quickly and confidently to threats

Cybersecurity protects your patients, your reputation, and your future. Let’s run this together—and run it well.

Learn From a Ransomware Mistake

kelli@hlthcarecomp.com (Kelli Ngariki) — Tue, 29 Jul 2025 07:00:01 GMT

What the Syracuse ASC Breach Teaches About Healthcare Cybersecurity

A Real-World Ransomware Mistake Every Healthcare Practice Should Learn From

Cyberattacks aren’t just a big hospital problem . The recent ransomware attack at Syracuse ASC, a small, single-location ambulatory surgery center, shows that even modest healthcare practices can quickly end up under federal investigation. In this case, the result was a HIPAA settlement and a $250,000 fine. It’s a reminder: no practice is too small to be targeted or held accountable.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) investigated the March 2021 attack that exposed the electronic protected health information (ePHI) of 24,891 patients. Syracuse ASC reported the breach months later, but OCR found serious gaps in how they prepared for and responded to the incident.

The result? A $250,000 HIPAA settlement and a two-year corrective action plan.

What Went Wrong at Syracuse ASC

They never completed an accurate and thorough HIPAA risk analysis.
They didn’t have a risk management plan to address known vulnerabilities.
They failed to provide timely breach notification to patients and HHS.
Their written HIPAA policies were outdated or incomplete.
Their team did not receive regular, role-specific HIPAA training.

The attacker used PYSA ransomware, a known cyber threat in the healthcare industry. It's designed to encrypt and lock sensitive data quickly—and target systems with weak defenses.

What OCR Recommends to Prevent or Reduce Cybersecurity Threats

Following the Syracuse ASC ransomware settlement, the Office for Civil Rights (OCR) at HHS released a list of steps that all HIPAA-covered healthcare providers, health plans, clearinghouses, and business associates should take to prevent or mitigate cyber-threats:

Identify where ePHI is located in your organization, including how it enters, moves through, and leaves your systems.
Periodically conduct a HIPAA risk analysis, and update it as needed. Use this to create and follow a risk management plan that addresses any vulnerabilities.
Ensure audit controls are in place to log and examine system activity.
Regularly review system activity to catch unusual behavior early.
Use secure user authentication procedures to control who accesses ePHI.
Encrypt ePHI in transit and at rest, where appropriate, to block unauthorized access.
Learn from past security incidents and use those lessons to improve your future cybersecurity planning.
Provide HIPAA training to all workforce members, tailored to your practice and each employee’s role.

HIPAA Breach Notification Reminder:

If your practice experiences a breach of unsecured protected health information (PHI), you are required to report it through the HHS Breach Portal.

Here’s what HIPAA requires:

For breaches affecting 500 or more individuals:

You must notify HHS without unreasonable delay and no later than 60 calendar days from when you discovered the breach. You must also notify affected individuals and (if applicable) the media.

For breaches affecting fewer than 500 individuals:

You still need to notify affected individuals without unreasonable delay, but you may report all such breaches to HHS once per year, no later than 60 days after the end of the calendar year in which the breaches occurred.

Failing to follow this process is one of the violations that contributed to the $250,000 fine in the Syracuse ASC case. Timely reporting is not just a best practice—it’s a legal requirement.

OSHA 2025 Penalty Reductions: How Small Medical & Dental Clinics Can Save Up to 70%

kelli@hlthcarecomp.com (Kelli Ngariki) — Wed, 23 Jul 2025 15:49:47 GMT

New OSHA rules reward small healthcare practices with steep fine reductions for acting quickly and maintaining strong safety practices.

On July 14, 2025, OSHA announced important updates to its penalty reduction policies. These changes are especially good news for small healthcare practices, including dental and medical clinics with fewer than 300 employees. By understanding and meeting a few key criteria, your practice could qualify for substantial discounts—up to 70%—on OSHA penalties.

Here's what you need to know and how to take advantage of these changes:

1. OSHA Penalty Reduction by Employee Size

OSHA now offers automatic penalty reductions for employers based on the number of employees:

What to do: Keep accurate records of your employee count, including part-time and temporary staff. OSHA will use this information to apply the discount.

2. OSHA Abatement Discount (15%) for Quick Fixes

If your clinic fixes a cited hazard quickly and permanently, you may qualify for an additional 15% reduction.

Action steps:

Correct the hazard immediately after identification
Document the fix with photos, logs, or receipts
Provide proof to the inspector or in your response

3. Clean OSHA Inspection History Discount (20%)

A 20% discount is available if your clinic:

Has not been inspected by OSHA in the past 5 years, or
Has no serious, repeat, or willful violations

Action steps:

Maintain a record of past inspections and citations (if any)
Demonstrate a consistent safety record

4. Save with a Clinic Safety Plan (Up to 25%)

OSHA may reduce penalties by up to 25% if you can show that your clinic has an effective safety and health management system—even if it’s not formal.

What qualifies:

Written safety procedures (PPE, infection control, chemical handling, etc.)
Training logs and meeting notes
Routine safety checks and hazard correction
Encouraging staff to report safety concerns

Action steps:

Compile your safety documents and logs
Make sure staff are trained and involved
Assign a safety coordinator and review procedures regularly

How to Claim OSHA Penalty Discounts

Many of these reductions are applied automatically during or after an inspection. However, you can also:

Request them during your informal conference or
Include supporting documentation in your written response to citations

Bottom Line for Small Healthcare Clinics

With the right documentation and a proactive approach, small clinics can benefit significantly from OSHA's updated penalty policies. These changes reward clinics that prioritize safety and act quickly when issues arise.

Need help organizing your clinic's OSHA compliance or safety documentation? Contact us for practical tools and templates that make compliance easier—and more affordable. 541-345-3875 ext. 5

How to Build a Healthcare Compliance Program That Works

kelli@hlthcarecomp.com (Kelli Ngariki) — Sun, 22 Jun 2025 21:14:08 GMT

7 Elements of an Effective Compliance Program for Small Healthcare Practices

Running a small dental or medical office means wearing a lot of hats. Beyond delivering great care, there's the crucial task of staying compliant with laws like HIPAA, OSHA, and CDC guidelines. An effective compliance program is more than a formality, it’s a vital part of safeguarding your patients, supporting your team, and maintaining your professional credibility.

To make things easier, the U.S. Department of Health and Human Services (HHS) Office of Inspector General has outlined seven core elements every compliance program should include. Here's what they mean for small healthcare practices like yours:

1. Written Policies and Procedures

Start with clear, straightforward policies that reflect how your office operates. Cover essential topics like patient privacy, billing practices, workplace safety, and infection control. Make sure everyone knows where to find these documents and how to follow them.

2. Compliance Oversight

Appoint someone to oversee your compliance efforts. It might be your office manager, lead assistant, or even you. What's important is that someone keeps tabs on updates, deadlines, and compliance tasks.

3. Staff Training and Education

Everyone in your office should understand the rules that apply to their job. That means training on HIPAA privacy and security, OSHA safety, and your specific office protocols. Do this when people are hired and at least annually.

4. Open Communication

Create a work environment where team members feel comfortable speaking up. Whether it's an anonymous suggestion box, regular check-ins, or just a culture of openness, employees need a way to share concerns without fear.

5. Regular Monitoring and Auditing

Check in regularly to see how things are going. That could mean reviewing OSHA logs, spot-checking sterilization records, or ensuring patient forms are properly handled. These routine audits help catch small problems before they become big ones.

6. Fair Enforcement of Rules

Make sure your team understands that policies are enforced fairly and consistently. A simple, written discipline policy helps set expectations and avoid confusion.

7. Quick Response and Follow-Up

If something goes wrong, act quickly to fix it. That might mean retraining a staff member, updating a policy, or reporting a serious issue. The goal is to correct the problem and make sure it doesn’t happen again.

Putting these seven elements in place can seem like a big task, but you don’t have to do it all at once. Start with what you already have and build from there. Over time, these steps will help your office run more smoothly and with less risk.

Not sure where your compliance program really stands? You don’t need to have everything figured out—that’s what we’re here for. Our FREE OSHA Compliance Risk Review gives you:

A clear look at your current OSHA compliance status
Insight into gaps that often affect HIPAA and infection control too
A customized summary and next-step recommendations

Think of it as a compliance “check-in” that helps you move forward with confidence—without pressure or obligation. Book Your Free OSHA Compliance Risk Review

Can You Talk About a Patient If You Don’t Say Their Name?

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 20 Jun 2025 21:16:56 GMT

“It's not really a HIPAA violation if I don't say their name, right?”

It’s a question that comes up often in healthcare: “Can I talk about a patient if I don’t use their name?”

The answer isn’t as simple as it seems. Even if you don’t mention a name, you may still be violating HIPAA—or at the very least you may be unintentionally crossing a professional boundary.

HIPAA: More Than Just Names

Under the HIPAA Privacy Rule, protected health information (PHI) includes any details that could be used—on their own or combined—to identify a patient. That includes:

Dates of service
Location of care
Diagnoses
Physical descriptions
Occupation or employer

Even if a name is left out, if someone could reasonably figure out who you’re talking about, you may have violated HIPAA.

Patient Perception Matters

Sometimes, healthcare professionals share vague patient stories to help explain a medical concept, offer reassurance, or illustrate experience with a particular condition or procedure. While the intention may be to educate or support, this kind of storytelling—even without names or specific details—can still create problems.

Here’s the part many healthcare workers overlook:

Most patients don’t fully understand HIPAA— but they do know you’re required to follow it.

Even if your story doesn’t technically violate the law, the patient you're referencing—or another patient who overhears—might:

Feel that your being irresponsible or too casual with patient information
Perceive the conversation as a HIPAA violation
File a complaint with your employer or with the U.S. Department of Health & Human Services

Once a complaint is made, even a baseless one, your practice may be subject to an audit or investigation. At best, it creates unnecessary stress. At worst, it can lead to disciplinary action, loss of credibility, or reputational damage.

What’s at Stake

Protecting patient privacy isn’t just about avoiding legal trouble—it’s about maintaining the trust your patients place in you every day.

When healthcare workers casually talk about patients—even vaguely—it sends a message: “Your story might be shared without your consent.” That message can damage relationships, drive patients away, and affect how your entire practice is perceived.

Best Practices to Stay Compliant and Build Trust

Avoid casual stories about patient interactions, even if you leave out names.
Leave out any identifiable details like dates, locations, and diagnoses in all conversations.
Get written authorization if you're going to use a patient story publicly.
Educate your team regularly on HIPAA standards, perception risks, and your practice policies on patient trust.

Final Thoughts

Just because it feels vague doesn’t mean it’s safe to share. And even if HIPAA isn’t technically broken, your reputation can be.

Play it safe. Speak with care. Remember: Trust is easier to protect than to rebuild.

If your team needs clarity on what’s okay to share—and what crosses the line—training is the best first step.

At HCA, we make HIPAA and OSHA compliance practical, engaging, and tailored to your healthcare environment. Our onsite training gives your staff the tools and confidence they need to navigate privacy standards with professionalism and care.

Customized HIPAA & OSHA training using real-world examples
Oregon-specific regulatory insight for local clinics
In-office walkthroughs to identify and correct risks
Documentation that meets inspection and audit requirements
Boosted staff confidence, safety culture, and patient trust
Ongoing access to expert compliance support

Ready to strengthen your compliance culture and protect patient trust?

Fill out our Contact Us Form , and one of our helpful associates will reach out to answer your questions and get your training scheduled.

�� Or call us directly at 541-345-3875—we're here to help.

Is Online OSHA Training Acceptable? Why Onsite Training Is Better for Medical and Dental Practices

kelli@hlthcarecomp.com (Kelli Ngariki) — Tue, 17 Jun 2025 22:00:34 GMT

Understand OSHA requirements and discover why onsite, in-person training delivers better compliance, engagement, and protection for your practice.

When it comes to OSHA compliance for healthcare offices, many teams still rely on outdated manuals, one-size-fits-all online training, or last-minute Googling. But compliance is more than meeting a requirement—it’s a critical investment in patient safety, staff protection, and legal peace of mind.

That’s why partnering with a professional healthcare compliance company that offers onsite training and real-time support is a smart, stress-reducing solution.

Group Training Builds Stronger Teams

Onsite OSHA training for healthcare staff ensures your entire team receives consistent, relevant instruction. When everyone learns together, they apply the same safety practices and policies across the board.

Bonus : You can schedule sessions during lunch breaks or slower hours to reduce disruption.

Live OSHA Training Encourages Engagement

According to OSHA’s Bloodborne Pathogens Standard, employees must be able to ask questions during compliance training. That’s not possible with a video. Onsite OSHA compliance training for healthcare offices allows your staff to get clear answers—especially regarding workplace safety, exposure protocols, and regulatory requirements that directly impact them.

Walkthroughs Prepare You for Real Inspections

Our trainers don’t just deliver content—they walk through your facility with you, identifying risks, explaining fixes, and preparing your staff for what an OSHA inspection in a healthcare setting may involve. It’s a proactive, educational approach that reduces risk and boosts team confidence.

Real Support, Whenever You Need It

After training, questions still come up. That’s why we offer ongoing support—whether you’re preparing for an inspection, updating policies, or responding to an incident. HCA provides reliable, accessible guidance so HIPAA and OSHA compliance never becomes a burden.

Stay Up-to-Date on Regulations

Healthcare compliance standards change. From new OSHA safety guidelines to HIPAA privacy updates, it’s our job to stay on top of it. A trusted compliance partner ensures your policies, training, and practices stay current and compliant—so you’re never caught off guard.

Paid Training is Required—Make It Worth It

OSHA requires that employees are paid for time spent in compliance training—whether it’s onsite or virtual. So why not make it effective? With live, in-person training tailored to your office, your team learns what actually applies to their roles and leaves feeling confident, not confused.

Top Benefits of Onsite Compliance Training for Healthcare Offices

• Customized OSHA & HIPAA training for your specific environment

• Oregon-specific regulatory knowledge (for local clinics)

• In-office walkthroughs to identify and correct issues

• Documentation that satisfies inspection requirements

• Improved team morale, safety awareness, and emergency readiness

• Ongoing access to compliance support

Bottom Line:

If you're ready to simplify OSHA and HIPAA compliance for your healthcare office, onsite training is the most effective, engaging, and stress-free way to get there. At HCA, we make compliance practical, approachable, and personalized—so your team can focus on providing excellent patient care.

Want to make compliance easy?

�� Schedule a Free Compliance Check-Up

Or contact us anytime—our expert team is here for your questions and peace of mind.

541-345-3875

Do Dentists Have to Wear Gowns? Don't make this $162,000 mistake

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 13 Jun 2025 19:29:39 GMT

Why ignoring PPE requirements—like gowns—could cost your dental practice big money

In the hustle of running a dental office, it's easy to cut corners—especially if “no one's gotten hurt yet.” But when it comes to OSHA’s Bloodborne Pathogens Standard, skipping PPE like gowns isn’t just risky... it could be classified as willful neglect . And that’s a whole different level of consequence.

Let’s break this down.

The Gown Requirement (Yes, It’s a Requirement)

Under 29 CFR 1910.1030(d)(3), OSHA requires employers to provide appropriate personal protective equipment (PPE) at no cost to employees. That includes gowns or lab coats when there’s a risk of exposure to blood, saliva, or other potentially infectious materials (OPIM)—which, let’s be honest, is every dental procedure.

Willful = You Knew Better and Did It Anyway

If your office knows gowns are required but chooses not to wear them, OSHA can classify this as a willful violation. That means you weren’t just unaware—you consciously decided not to comply.

Potential fine? Up to $162,000 per violation in Oregon . And if multiple team members are working unprotected, each instance could be cited separately.

Real Talk: What We’re Hearing in the Field

At Healthcare Compliance Associates, we’ve had clients say:

“We just don’t wear gowns—it gets too hot.”
“Our hygienists think it’s unnecessary.”
“We never had a problem before.”

But here’s the thing: OSHA doesn’t base their standards on comfort or office culture. They base them on safety—and they have the authority to issue serious citations and hefty fines when those standards are knowingly ignored.

What You Should Do Right Now

1. Review your PPE policy — Is it clear? Is it enforced?

2. Train your team — Make sure everyone knows when and why gowns are required.

3. Document your efforts — Annual training, policies, and regular safety meetings matter.

4. Talk to your safety officer — They should be empowered to monitor and correct compliance issues in real time.

Final Word

Wearing a gown might feel like a small thing. But choosing not to? That could become a very expensive decision. Protect your team, protect your patients, and protect your practice—don’t let something as preventable as gown compliance turn into a willful OSHA violation.

Need help updating your policy or training your team? We’ve got you covered.

What Are Considered HIPAA Violations?

kelli@hlthcarecomp.com (Kelli Ngariki) — Wed, 30 Apr 2025 15:00:00 GMT

Essential Insights to Strengthen Your HIPAA Compliance Program

A HIPAA violation occurs when a covered entity (such as a healthcare provider) or a business associate (a contractor handling PHI on behalf of a covered entity) fails to comply with any aspect of the HIPAA Privacy, Security, or Breach Notification Rules. This includes the improper use, disclosure, access, or safeguarding of Protected Health Information (PHI), even if no actual harm results.

Common Examples of HIPAA Violations:

Unauthorized Access or Disclosure

Accessing patient records without a work-related reason.
Sharing patient information with unauthorized individuals.
Sending PHI to the wrong recipient by fax, email, or mail.

Failure to Secure Patient Information

Leaving paper records or computer screens containing PHI visible to unauthorized individuals.
Storing PHI on unencrypted devices (such as laptops, smartphones, or flash drives).
Using weak passwords or failing to log off systems appropriately.

Lack of Proper Administrative Safeguards

Failing to conduct regular HIPAA risk assessments.
Not having updated HIPAA policies and procedures in place.
Not providing regular HIPAA training for all employees handling PHI.

Improper Disposal of PHI

Disposing of documents containing PHI without proper shredding or destruction.
Reselling or discarding electronic devices without securely wiping stored PHI.

Failure to Provide Patients Access to Their Records

Refusing or delaying a patient's lawful request to view or obtain copies of their medical records.
Charging unreasonable fees for accessing records.

Using PHI for Marketing or Fundraising Without Authorization

• Sharing or using patient information for marketing communications without obtaining prior written authorization from the patient.

Who Must Comply with HIPAA?

HIPAA applies to:

Covered Entities: Healthcare providers, health plans, and healthcare clearinghouses.
Business Associates: Vendors or contractors that handle PHI on behalf of a covered entity.

Both are legally required to comply with the HIPAA Privacy, Security, and Breach Notification Rules. Compliance obligations extend to all workforce members, including employees, volunteers, and contractors.

The Importance of Proactive Compliance

A good HIPAA compliance program means prioritizing preventative measures. This includes regular risk assessments, proper employee training, and clear policies and procedures is the best defense against HIPAA violations.

By maintaining compliance, healthcare organizations not only avoid financial and reputational harm — they also build trust with the patients and communities they serve.

Take the Next Step Toward Stronger HIPAA Compliance

Proactive compliance starts with understanding your risks.

�� Download our HIPAA Security Risk Analysis Plan to help identify vulnerabilities, strengthen safeguards, and protect your organization and patients.

Why Every Dental Practice Needs Good Dentist, Poor Dentist

kelli@hlthcarecomp.com (Kelli Ngariki) — Sat, 26 Apr 2025 02:26:38 GMT

Discover the SAFER Compliance System for Dental Practices

If you're a dentist, office manager, or team lead, you’ve likely faced the same challenge: keeping your dental practice organized, compliant, and efficient — all while managing a growing list of patients, staff responsibilities, and regulatory changes.

That’s exactly why Good Dentist, Poor Dentist was written. This practical guide is packed with proven systems designed to reduce confusion, improve dental staff training, and help you run your office with less stress and more confidence.

What Is Good Dentist, Poor Dentist About?

Good Dentist, Poor Dentist introduces the SAFER Compliance System — a five-step framework specifically created for the dental industry. It’s built to help you streamline operations, stay on top of compliance requirements like OSHA and HIPAA, and build stronger systems that support your team.

You’ll learn how to:

S urvey your risks and compliance requirements
A rchitect written procedures (SOPs) for key dental tasks
F acilitate consistent performance using those SOPs
E ducate and onboard your dental staff with clarity
R eview and refine your systems for long-term success

5 Real Benefits Dental Practices See from the SAFER System

1. Clarity in Daily Dental Office Operations

Confusion leads to mistakes. SOPs (Standard Operating Procedures) give your dental team a clear roadmap for how to perform daily tasks, from instrument sterilization to patient check-ins.

2. Improved Dental Staff Satisfaction and Retention

When team members understand their roles and responsibilities, they feel more confident and supported. This leads to stronger morale and less turnover in your dental practice.

3. Faster Onboarding for New Dental Employees

Well-documented systems reduce the burden on your “go-to” employee. With SOPs in place, training becomes faster and more consistent — even when you're onboarding multiple roles at once.

4. Stronger OSHA, HIPAA, and Infection Control Compliance

Compliance doesn’t have to be overwhelming. With structured systems in place, your dental practice can meet regulatory standards and avoid costly mistakes or fines.

5. A More Self-Sufficient Dental Practice

Let’s be honest — many dental offices rely heavily on one team member who “knows everything.” If that person calls in sick, takes a vacation, or moves on, the entire workflow can grind to a halt.

With written systems and SOPs in place, your practice continues to function smoothly — even when your MVP isn’t there.

Why This Book Is Different

This isn’t another dry dental management textbook. Good Dentist, Poor Dentist is written in clear, conversational language, making it accessible for any team member — whether you’re in the operatory or at the front desk.

You’ll find real examples, common pitfalls, and simple checklists to help you create SOPs for your most essential dental tasks. It’s the missing manual for running a more efficient, compliant, and low-stress practice.

Want to Improve Your Dental Practice Systems?

If you’re ready to stop reinventing the wheel and start building a more reliable dental office, Good Dentist, Poor Dentist will show you how — one system at a time.

Order now at GoodDentistBook.com

Or connect with the author to bring the SAFER System to your team through coaching or speaking.

Glutaraldehyde in Your Clinic: What You Don't Know CAN Hurt You!

kelli@hlthcarecomp.com (Kelli Ngariki) — Tue, 22 Apr 2025 21:19:12 GMT

Is glutaraldehyde silently putting your team and patients at risk?

If your dental, medical, dermatology, or surgical clinic uses cold sterilant or high-level disinfectants, there’s a good chance glutaraldehyde is in your facility right now. While it’s incredibly effective at killing harmful microorganisms, it also comes with some serious safety and compliance strings attached.

Let’s break it down—without the jargon, confusion, or fearmongering.

The Hidden Dangers of Glutaraldehyde

Glutaraldehyde has been a go-to disinfectant for years. It’s powerful, but that power comes at a price.

Exposure—especially over time—can cause:

Irritated eyes, nose, and throat
Skin rashes or allergic reactions
Headaches and dizziness
Respiratory problems, including occupational asthma

Because it evaporates easily at room temperature, clinics that use it without the right ventilation or containment measures may regularly unknowingly expose staff to harmful vapors.

According to OSHA:

“Glutaraldehyde vapors can be released during cold sterilization and can linger in the air without proper ventilation.”

(Source: OSHA Glutaraldehyde Fact Sheet)

Are You Sure Your Clinic Is Handling Glutaraldehyde Safely?

Many clinics assume they’re compliant—until an audit or employee complaint says otherwise. Ask yourself:

Has your team received updated training on glutaraldehyde handling?
Do you use proper ventilation systems and ensure they’re regularly maintained?
Are staff provided with—and consistently using—appropriate PPE?
Is your documentation complete and current, including Safety Data Sheets (SDS) and training logs?

If you’re unsure or answered “no” to any of these, now’s the time to take action—before OSHA steps in.

The Compliance Solution: Simple, Clear, and Oregon-Specific

At Healthcare Compliance Associates (HCA), we specialize in helping clinics like yours take the guesswork out of OSHA compliance—including chemical safety and glutaraldehyde use.

Here’s how we support you:

On-Site Risk Assessments

We’ll review your current processes, storage practices, ventilation, and PPE usage.

Custom Compliance Plans

Tailored to your clinic’s needs and Oregon-specific regulations.

Engaging, Practical Training

Staff learn what matters most—without the boring slide decks or outdated videos.

Documentation & Support

We help you maintain inspection-ready records and respond confidently during audits.

Whether you're a small dental office or a multi-provider surgical center, we make it easy to stay compliant without losing focus on patient care.

How to Get Started

Step 1: Book a Free Compliance Check-Up

No pressure, just a quick review of your current safety protocols and documentation.

Step 2: Get a Personalized Plan

We’ll show you exactly what needs fixing—then give you a roadmap to compliance.

Step 3: Stay Protected

With our ongoing support, you’ll be prepared for any inspection or incident.

Pro Tip for Busy Office Managers

Compliance doesn’t have to mean more stress.

We know you’re wearing ten hats. That’s why HCA does the heavy lifting—so your team can stay focused on what they do best. You’ll get reminders, updates, and real-time support when you need it.

Ready to Eliminate Compliance Guesswork?

When it comes to chemical safety, doing nothing isn’t just risky—it’s costly. Protect your staff, your patients, and your practice.

Schedule Your Free Compliance Check-Up

Or Subscribe to Our Safety Meeting Blog

Is TB Testing Required for Dental Employees in Oregon?

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 11 Apr 2025 19:32:18 GMT

Everything Your Clinic Needs to Know About Oregon’s TB Rules

The release of the 2024 Oregon Community TB Profile means it’s time to update your required TB Facility Risk Assessment form .

If this is the first time you’re hearing about this requirement—no worries. We’ve got you covered! Keep reading to learn what’s required and how to stay compliant with confidence.

The Requirement for Healthcare (Including Dental) Clinics in Oregon

The Oregon Health Authority (OHA) requires all healthcare and outpatient clinics—including dental practices—to meet specific TB compliance standards.

What This Means for YOU

To stay compliant, your clinic must have:

An annually updated TB Facility Risk Assessment (using the most up-to-date Oregon Community TB Profile )
Healthcare personnel screening and documentation at the time of hire
A written TB Exposure Control Plan with clear roles, responsibilities, and protocols

All of these pieces must be in place to meet OSHA and OHA requirements—and to ensure your practice is audit-ready year-round.

What Happens If You Skip This Step

Failing to complete your TB Facility Risk Assessment may seem minor—but it’s a required part of annual compliance for all healthcare and outpatient clinics in Oregon, including dental practices. Here’s what your clinic could face if this step is missed:

Citations or fines from OSHA: Inspectors may request your TB risk assessment, employee screening records, and written exposure control plan. If anything is missing, your clinic could be cited for non-compliance.
Increased inspection scrutiny: Missing documentation can trigger broader reviews into your compliance program—leading to more time, paperwork, and potential violations.
Reputation and trust issues: Even small oversight can reflect poorly on your clinic’s commitment to safety. Being prepared shows your patients and staff that you take compliance seriously.

Whether your clinic is high-risk or low risk, you're required to assess, document, and maintain a TB compliance plan every year. Staying current protects your license, your team, and your reputation.

Make Sure Your Clinic Is Fully Covered—No Gaps, No Guessing

Getting compliant doesn’t have to be overwhelming. At Healthcare Compliance Associates (HCA) , we help Oregon clinics simplify OSHA, infection control, and HIPAA compliance—starting with one quick call.

Here’s what to expect:

Book a Discovery Call: We’ll ask a few questions to understand how your clinic currently handles compliance.
Identify hidden gaps: Walk away with clear, actionable strategies to boost safety, efficiency, and full compliance.
Relax: We'll handle the rest. ��

You shouldn’t have to second-guess your compliance program. We’ll help you get clear, confident, and covered—so you’re ready for whatever comes your way. �� Schedule Your Call TODAY!

Sources:

New Survey Reveals a Key Factor in Preventing HIPAA Data Breaches

kelli@hlthcarecomp.com (Kelli Ngariki) — Mon, 07 Apr 2025 20:32:31 GMT

Management support for compliance directly impacts the likelihood of a data breach

A recent HIPAA Journal Annual Survey uncovered something every healthcare clinic should pay attention to: management support for compliance directly impacts the likelihood of a data breach.

The survey focused on clinics with 200 or fewer employees—like many dental, dermatology, and surgical practices in Oregon—and the findings were eye-opening:

Here’s What They Found:

75% of clinics where staff felt the culture didn't encourage HIPAA compliance had under 200 employees.
66% of respondents who lacked management support were also from smaller practices.
Organizations with strong leadership support were more likely to take a proactive approach to compliance (audits, training, monitoring).

And here's the kicker:

Clinics with a proactive approach experienced nearly 3x fewer data breaches than those with a reactive one.

Why This Matters

If leadership isn’t fully behind your compliance efforts, it can:

Erode workplace culture.
Lead to inconsistent HIPAA enforcement.
Increase your risk of costly data breaches and violations.

The Takeaway

Management support isn’t just nice—it’s necessary.
A proactive, supported approach to HIPAA leads to stronger compliance and fewer breaches.
Especially in smaller practices, empowering your team with expert-led systems makes all the difference.

Need help making compliance a priority at your clinic?

At HCA, we partner with Oregon practices to take the stress out of HIPAA and OSHA. We make it simple, actionable, and customized to your office.

Book a Free Compliance Check-Up → Click here to Book now!

Can I Refuse an OSHA Inspection?

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 13 Mar 2025 16:23:16 GMT

As a healthcare employer, you may wonder about your rights when an OSHA (Occupational Safety and Health Administration) inspector arrives at your clinic. One of the most common questions is: Can I refuse an OSHA inspection? The short answer is yes, but refusing an inspection is not the best course of action. Instead, ensuring your practice is always inspection-ready and compliant with OSHA standards is far better.

What Happens if You Refuse an Inspection?

If you refuse entry, the following steps typically occur:

The Inspector Leaves: The inspector may terminate or limit the inspection to areas where no objection was raised.
OSHA May Obtain a Warrant: The CSHO will report the refusal to their Area Director, who may seek a warrant from a federal judge.
Inspection Proceeds with a Warrant: Once a warrant is granted, OSHA will return to conduct the inspection, and at that point, you must comply.

While you have the right to refuse, this can lead to increased scrutiny and a more adversarial inspection. Instead of delaying the inevitable, the best approach is to ensure your practice is always prepared for an OSHA visit.

�� Want to avoid unnecessary stress? Our compliance experts can help you prepare before OSHA arrives for just $197. Book your evaluation today! Read to the end to learn more about this special offer.

How to Ensure You're Ready for an Inspection

Being proactive about compliance helps avoid last-minute stress and demonstrates your commitment to workplace safety. Here’s how you can stay prepared:

Prepare Your Team: OSHA inspectors may interview employees about your safety policies. Regularly review the location of safety plans, policies, first aid kits, and other critical safety items with your team.
Keep Records Inspection-Ready: Ensure that all safety training logs, incident reports, and inspection records are well-organized and easily accessible.
Get Expert Compliance Support: Compliance regulations are complex and constantly changing. Working with a knowledgeable compliance consultant ensures you have expert guidance to keep your practice inspection ready.
Stay Proactive with Regular Assessments: Conduct routine hazard assessments and safety audits to catch and correct potential risks before they become violations.

�� Compliance doesn’t have to be overwhelming! Get expert guidance and feel confident in your OSHA readiness. Schedule your compliance evaluation now. Read to the end to learn more about this special offer.

How to Handle an OSHA Inspection with Confidence

If an OSHA inspector arrives, follow these best practices to protect your practice while maintaining compliance:

Contact Your Compliance Support Team ASAP: If you work with a compliance consultant, reach out immediately for guidance on navigating the inspection smoothly.
Be Positive and Professional: Inspectors are there to assess compliance, not catch you off guard. Be polite, cooperative, and transparent while providing requested information.
Document the Inspection Process: Keep a detailed record of the inspector’s name, date/time of the inspection, and any findings for accuracy and follow-up.

While refusing an OSHA inspection is within your rights, it’s not the best strategy. Instead, stay proactive and ensure your compliance program is strong. If you don’t currently have a compliance consultant on your team, we highly recommend working with an expert to ensure you have the right support whenever you need it.

Take Control of Your Compliance Today!

Not sure if your practice is inspection-ready? Now’s the perfect time to stop guessing and start knowing! For just $197, you can schedule a virtual OSHA COMPLIANCE EVALUATION with a trusted compliance expert. Simply click HERE to provide some basic information, and one of our friendly associates will reach out to schedule your evaluation. During the session, we will:

✅ Identify compliance gap

✅ Get personalized recommendations

✅ Eliminate uncertainty—know for sure if your practice is OSHA-compliant

Plus, learn how our exclusive OSHA Guarantee can give you even more peace of mind!

Book your virtual evaluation today and take the first step toward total confidence in your compliance program!

OCR Imposes $1.5M Penalty for HIPAA Violations

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 20 Feb 2025 21:50:27 GMT

Cyberattack Exposes Nearly 200,000 Patient Records, Leading to Regulatory Action

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $1.5 million civil money penalty on Warby Parker, a well-known eyewear retailer, due to violations of the HIPAA Security Rule following a cybersecurity breach. This enforcement action underscores the critical importance of robust cybersecurity measures in protecting sensitive patient information.

What Happened?

In December 2018, OCR launched an investigation after Warby Parker reported a data breach. The company discovered unusual login attempts on its website, which were later linked to a credential stuffing attack—a method where hackers use stolen username-password combinations from other breaches to gain unauthorized access to accounts.

Between September 25, 2018, and November 30, 2018, cybercriminals infiltrated Warby Parker’s systems, exposing the protected health information (PHI) of nearly 200,000 individuals. The compromised data included:

Names
Mailing addresses
Email addresses
Certain payment card details
Eyewear prescription information

Subsequent breach reports in April 2020 and June 2022 indicated that similar attacks had occurred again, further highlighting vulnerabilities in Warby Parker’s security measures.

OCR’s Findings

OCR determined that Warby Parker violated three key provisions of the HIPAA Security Rule by failing to:

Conduct a thorough risk analysis to identify vulnerabilities.
Implement adequate security measures to protect ePHI.
Regularly review system activity to detect and prevent breaches.

In September 2024, OCR proposed a $1.5 million penalty, which Warby Parker did not contest. The penalty was finalized in December 2024.

Lessons for Healthcare Providers & Business Associates

This case serves as a stark reminder that all entities handling protected health information (PHI) must maintain rigorous security standards. OCR recommends the following best practices to mitigate cyber threats:

Identify all ePHI storage and transmission points within the organization.
Conduct regular risk analyses and integrate findings into security policies.
Implement and review audit controls to track system activity.
Use multifactor authentication (MFA) to prevent unauthorized access.
Encrypt ePHI at rest and in transit for added security.
Train employees on HIPAA compliance and cybersecurity awareness.
Incorporate lessons from past breaches into ongoing security strategies.

The Takeaway

Warby Parker’s penalty reinforces the message that HIPAA compliance is not optional—it’s essential. Cyberattacks are becoming more frequent and sophisticated, and covered entities must take proactive steps to secure patient data and avoid costly penalties.

Stay Compliant & Secure

If you need assistance in strengthening your HIPAA compliance efforts, our team is here to help. Contact us today for expert guidance and customized compliance solutions. 541-345-3875 ext. 5

For more information on HIPAA compliance and cybersecurity best practices, visit the HHS OCR website.

Dental Unit Waterline Safety: Preventing Infections in Your Practice

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 07 Feb 2025 02:05:54 GMT

Why Regular Waterline Maintenance is Critical for Every Dental Practice

The tragic incident in Anaheim, California in 2016 brought attention to the crucial issue of maintaining dental unit waterlines. This distressing event occurred at a pediatric dental office, where contaminated water was unknowingly used during procedures, including pulpotomies, on young patients. As a result, numerous children suffered from severe infections, leading to the necessity of strong antibiotics, multiple surgeries, excruciating pain, and the potential for facial disfigurement.

Dental unit waterlines (DUWLs) are crucial components in dental care settings, ensuring the delivery of water for various procedures. However, if not properly maintained, they can harbor harmful microorganisms, posing a risk to both patients and staff. Here are some best practices to keep your DUWLs safe and clean.

The Risks

Dental unit waterlines can become breeding grounds for biofilms, thin layers of bacteria that adhere to surfaces. If contaminated water is used during dental procedures, these biofilms can lead to infections. Therefore, regular maintenance and monitoring are essential to prevent microbial contamination.

1. Waterline Cleaners

Routine use of chemical cleaners (germicides) specifically designed for DUWLs is a key practice. These cleaners help to break down and remove biofilms. Follow the manufacturer’s instructions for the correct dosage and frequency.

2. Regular Flushing

Daily flushing of waterlines is an effective way to reduce the accumulation of bacteria. It is recommended to flush each waterline for 20-30 seconds between patients and for a longer duration at the beginning and end of each day.

3. Water Quality Testing

Regular testing of water quality is essential to ensure it meets the safety standards. The American Dental Association (ADA) recommends testing at least once per quarter. Water used in dental treatment should meet the Environmental Protection Agency (EPA) standards for drinking water, which is less than 500 colony-forming units (CFU) per milliliter of heterotrophic water bacteria.

Testing the water quality at the output of each waterline is crucial. While some dentists assume that ensuring clean water enters the system is sufficient, it's essential to recognize that biofilm frequently develops within the waterline tubing itself.

4. Use of Sterile Water for Surgical Procedures

For surgical procedures involving the exposure of bone or sterile tissues, use sterile water or saline delivered through devices designed for such procedures. This significantly minimizes the risk of infection.

5. Installation of Anti-Retraction Devices

Anti-retraction valves or devices prevent the backflow of oral fluids into the waterlines, which can contaminate the water supply. Ensure these devices are installed and functioning correctly on all dental units. Regular flushing of waterlines is still recommended even when using these devices.

6. Adherence to Manufacturer’s Instructions

Follow the dental unit manufacturer’s instructions for the maintenance and care of DUWLs. This includes understanding the specific requirements for the use of chemical agents and the recommended maintenance schedule.

7. Standard Operating Procedures and Staff Training

Establish and follow written standard operating procedures for infection control of dental unit waterlines. Train all dental staff on the importance of maintaining these waterlines and ensure they fully understand the cleaning and testing protocols. Regular training sessions and updates are essential to maintain high standards of waterline hygiene.

8. Documentation and Monitoring

Keep detailed records of all maintenance activities, including cleaning, flushing, and water testing results. Regular monitoring and documentation help track the effectiveness of your infection control measures and ensure compliance with safety standards.

Conclusion

Maintaining clean and safe dental unit waterlines is critical for patient safety and the overall success of dental practices. By following these best practices, dental professionals can minimize the risk of infection and provide a safe environment for their patients. Regular maintenance, proper training, and adherence to guidelines are the pillars of effective DUWL management.

Implementing these practices enhances the quality of care and ensures compliance with health and safety regulations, protecting both patients and dental healthcare providers.

Dental Ergonomics: Save Your Back, Save Your Career

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 21 Nov 2024 16:36:32 GMT

5 Tips to Prevent Pain, Boost Comfort, and Extend Your Dental Career

Hello Dental Professional,

Your work is indispensable, but the physical demands of the job can take a serious toll on your body. Back pain, neck strain, and wrist discomfort are all-too-familiar challenges in the dental field. The good news? With a few intentional ergonomic adjustments, you can protect your health, prevent discomfort, and extend your career.

Here are some key areas to evaluate in your dental practice:

Key Aspects to Consider

Posture Essentials: Proper posture is the foundation of physical comfort. Adjust your seating to promote healthy alignment: your feet should rest flat on the floor, and your knees should bend at a 90-degree angle.
Patient Positioning: Correct patient positioning is critical for maintaining a neutral spine. Proper alignment helps you avoid excessive bending or twisting during procedures, minimizing strain on your back and neck.
Ergonomic Equipment: Assess the tools and equipment in your practice. Are they promoting proper ergonomics, or could they be contributing to chronic pain? Investing in solutions like saddle stools and cushioned instrument handles can significantly reduce physical strain.
The Role of Micro-Breaks: Even the best ergonomic setup can’t replace the need for regular movement. Take micro-breaks—just 20 seconds every 20 minutes—to stretch, relieve muscle tension, improve circulation, and stay energized.
Staying Active Beyond Work: Physical activity outside the clinic is essential for maintaining strength and flexibility during your workday. Yoga, Pilates, and core-strengthening exercises can improve posture, enhance endurance, and prevent discomfort.

Why It Matters

Your health and well-being are as important as the care you provide to your patients. By implementing ergonomic best practices, you can reduce discomfort, safeguard your physical health, and enjoy a long, rewarding career.

Want to learn more? Watch the full video here for practical tips and insights to keep you pain-free and at your best.

Does the HIPAA Privacy Rule permit health care provider to share patient health information for treatment purposes?

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 08 Nov 2024 17:51:05 GMT

Can our office share patient information with another healthcare office without getting the patient to sign a release?

Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone?

Answer:

Yes . The Privacy Rule allows covered health care providers to share protected health information for treatment purposes without patient authorization, as long as they use reasonable safeguards when doing so. These treatment communications may occur orally or in writing, by phone, fax, e-mail, or otherwise.

For example:

A laboratory may fax, or communicate over the phone, a patient’s medical test results to a physician.
A physician may mail or fax a copy of a patient’s medical record to a specialist who intends to treat the patient.
A hospital may fax a patient’s health care instructions to a nursing home to which the patient is to be transferred.
A doctor may discuss a patient’s condition over the phone with an emergency room physician who is providing the patient with emergency care.
A doctor may orally discuss a patient’s treatment regimen with a nurse who will be involved in the patient’s care.
A physician may consult with another physician by e-mail about a patient’s condition.
A hospital may share an organ donor’s medical information with another hospital treating the organ recipient.

The Privacy Rule requires that covered health care providers apply reasonable safeguards when making these communications to protect the information from inappropriate use or disclosure. These safeguards may vary depending on the mode of communication used. For example, when faxing protected health information to a telephone number that is not regularly used, a reasonable safeguard may involve a provider first confirming the fax number with the intended recipient. Similarly, a covered entity may pre-program frequently used numbers directly into the fax machine to avoid misdirecting the information. When discussing patient health information orally with another provider in proximity of others, a doctor may be able to reasonably safeguard the information by lowering his or her voice.

Source: https://www.hhs.gov/hipaa/for-professionals/faq/482/does-hipaa-permit-a-doctor-to-share-patient-information-for-treatment-over-the-phone/index.html

HIPAA Training Springfield, Oregon

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 18 Oct 2024 19:14:22 GMT

Steps you need to take NOW to Improve HIPAA Compliance

Healthcare providers and organizations in Springfield, Oregon, face constant pressure to ensure that their handling of patient information remains compliant with the Health Insurance Portability and Accountability Act (HIPAA). A well-rounded HIPAA compliance program is essential—not just to avoid hefty fines, but to maintain patient trust, safeguard sensitive data, and ensure your organization runs smoothly without legal hiccups.

But what exactly does a comprehensive HIPAA compliance program involve, and how can you improve your current standing? Let’s explore the critical importance of HIPAA compliance and three key steps you can take today to strengthen your program.

Why a Comprehensive HIPAA Compliance Program is Essential

Protecting Patient Data
HIPAA's primary goal is to protect patients' sensitive health information. In an age of rampant cyberattacks and increasing breaches, healthcare organizations must be vigilant. A comprehensive compliance program helps ensure that your organization’s policies, procedures, and technology systems are designed to keep Protected Health Information (PHI) secure.

Avoiding Penalties and Fines
HIPAA violations can lead to severe financial penalties, with fines ranging from thousands of dollars to HUNDREDS of thousands of dollars! Organizations that don't prioritize their HIPAA compliance program are at higher risk of unintentionally violating HIPAA's stringent requirements. The fines for even accidental violations can be devastating, particularly for small practices.

Building Patient Trust
Patients expect their healthcare providers to handle their personal information responsibly. A well-developed HIPAA compliance program instills confidence in patients that their data is safe. Organizations that prioritize compliance are more likely to maintain a positive reputation, foster patient loyalty, and avoid the damaging fallout of data breaches.

Top 3 Things You Need to Do NOW to Improve HIPAA Compliance

Here are three actionable steps to improve your HIPAA compliance program immediately:

1. Conduct a Thorough Risk Assessment

A HIPAA facility risk assessment is a required component under the HIPAA Security Rule, and it’s one of the most effective ways to identify vulnerabilities in your current systems. During a risk assessment, you will:

Identify where PHI is stored, received, maintained, and transmitted.
Review your current safeguards to determine if they are adequate.
Assess the potential impact and likelihood of risks like unauthorized access or breaches.

By conducting a risk assessment, you gain a clearer understanding of your weak spots and can take proactive steps to strengthen your security measures.

2. Train Your Staff Regularly

HIPAA training is not a one-time event. Regular, ongoing training for all staff—whether they're administrators, physicians, or support personnel—is essential to keeping your organization compliant. Every employee needs to understand how to:

Properly handle PHI.
Recognize and report a data breach.
Respond to patient requests for medical records in compliance with HIPAA rules.

Providing comprehensive HIPAA training not only reduces the risk of human error but also helps create a culture of compliance within your organization.

3. Implement or Update Your Written Policies and Procedures

It’s not enough to simply have policies and procedures in place—they must be regularly reviewed and updated to reflect changes in technology, regulation, or internal operations. This includes policies related to:

Data encryption and secure storage of electronic PHI (ePHI).
Breach notification protocols.
Access controls and user authentication.

Having up-to-date policies ensures that everyone in the organization is on the same page and that you have documented proof of your compliance efforts should an audit occur.

Conclusion

HIPAA compliance is not optional for healthcare organizations—it’s an essential part of your business operations. By conducting regular risk assessments, ensuring that all staff receive HIPAA training, and maintaining comprehensive, current policies, you’ll be well on your way to a stronger HIPAA compliance program. The cost of non-compliance, both in terms of financial penalties and damage to your reputation, far outweighs the investment in a robust compliance strategy.

If you need assistance with HIPAA training or compliance support, Healthcare Compliance Associates is here to help. Our expert team provides tailored training programs and compliance solutions that align with the specific needs of healthcare organizations in Springfield, Oregon (and the rest of Oregon). Reach out to us today to ensure your HIPAA compliance is on track!

Do I Need Cybersecurity and Breach Insurance?

kelli@hlthcarecomp.com (Kelli Ngariki) — Tue, 08 Oct 2024 18:14:17 GMT

How to Choose the Right Breach Insurance

With more patient records being exposed in data breaches, breach insurance is now more important than ever. It helps protect your clinic from losing money and damaging its reputation. Breach insurance can cover things like data recovery, HIPAA fines, and legal costs, helping your clinic recover quickly after a cyberattack.

How to Choose the Right Breach Insurance

Look at Your Risks: Think about how much patient data you handle, your IT setup, and what security measures you already have in place.
Find Healthcare-Specific Coverage: Make sure your policy covers healthcare needs like HIPAA violations, fines, and compliance costs.
Make sure the policy covers:
Data recovery
HIPAA fines
Legal fees for data breaches
Don't Assume, Check that the policy covers:
First-party costs: Like data recovery and notifying patients
Third-party costs: Legal defense against claims from patients
Reputation management: Help with public relations to protect your clinic’s reputation
Look for Incident Response Services: Some policies offer help when a breach happens, such as IT forensics and legal guidance.
Compare Cost vs. Coverage: D on’t just focus on price. Make sure the policy covers specific healthcare threats like ransomware and phishing.

If your clinic doesn’t have breach insurance, now is the time to explore your options. A good policy can protect your clinic from growing cybersecurity threats. Contact your insurance provider today to find a policy that fits your clinic.

How Healthcare COMPLIANCE Associates Prepares Your Office for a Breach

With the increasing risk of data breaches, having the right safeguards in place is crucial. At Healthcare Compliance Associates, we provide essential HIPAA training (along with other trainings), compliance manuals, and expert guidance to help your clinic protect patient information and meet regulatory requirements. In the event of a breach, being able to show proof of your security efforts is key to minimizing penalties and legal risks.

Get Started today to ensure your team is fully trained and your HIPAA compliance program is ready to defend against breaches.

Self-Care Practice for Healthcare Workers: Create Your Own Cozy Tea for Fall

kelli@hlthcarecomp.com (Kelli Ngariki) — Mon, 07 Oct 2024 22:47:31 GMT

Prioritizing Self-Care for Healthcare Workers with a Cozy Fall Tea Blend

As healthcare professionals, you dedicate your time and energy to improving the health of your community. You care for patients, navigate compliance demands, and manage critical tasks—all while juggling the fast-paced environment of healthcare. But with all these responsibilities, it’s easy to overlook your own well-being. The truth is, to continue delivering excellent care to others, you must also take time to care for yourself. Self-care isn’t just a luxury; it’s essential for maintaining your physical and mental health, ensuring you can stay sharp and energized in your role.

One simple and enjoyable way to practice self-care is by crafting your own cozy tea blend. Tea-making is a calming, mindful activity that not only allows you to unwind but also provides an opportunity to customize your tea to meet your unique health needs. Whether you’re looking for a way to relax after a busy shift, boost your energy, or strengthen your immune system, creating a tea blend is a fun and practical way to prioritize your well-being.

Why Self-Care is Vital for Healthcare Workers

Healthcare professionals are known for putting the needs of others ahead of their own, but this approach can lead to burnout. To continue making a positive impact on your community, it’s important to take time for yourself. Regular self-care practices can help you recharge, stay mentally focused, and prevent stress from accumulating over time.

By creating your own tea blend, you can integrate a small, mindful act of self-care into your routine. Not only does this give you time to slow down and reflect, but it also helps support your body’s specific needs, whether that’s immune support, stress relief, or improved focus.

Crafting Your Own Tea Blend: A Mindful Approach to Self-Care

Here are some easy ideas for crafting a tea blend that’s perfectly tailored to what you need most:

Immune Support: During flu season, staying healthy is critical, especially for healthcare workers exposed to germs daily. Add ginger, turmeric, and honey to your tea for their anti-inflammatory and immune-boosting properties.
Stress Relief: Managing patient care, compliance, and administrative tasks can be stressful. To lift your mood and reduce anxiety, blend peppermint, lemon balm, and rose petals. These ingredients are known for promoting calmness and mental clarity.
Energy & Focus: Healthcare work demands focus and stamina, especially during long shifts. For a natural energy boost without the crash, combine green tea, ginseng, and rosemary. This blend will help keep you sharp and alert throughout the day.
Relaxation & Sleep Support: After a long day, winding down is essential for recovery. Mix chamomile, lavender, and valerian root to create a soothing tea that promotes relaxation and restful sleep.

The Health Benefits of Tea for Healthcare Workers

Tea has been used for centuries to support health and well-being. For healthcare workers, tea can be an ideal self-care tool that offers both physical and mental benefits. It can help:

Boost immunity: Ingredients like ginger and turmeric provide support for your immune system, which is essential for staying healthy in healthcare environments.
Reduce stress: Herbal blends like lemon balm and peppermint help calm the nervous system, reducing the effects of daily stress.
Support mental clarity: Blends with green tea or ginseng can help sustain energy levels and improve focus, key for staying productive on busy days.
Promote relaxation: Chamomile and lavender are known to help the body and mind relax, allowing for better sleep and recovery.

Tea Blending Tips

Base Tea: Choose a neutral base like green tea, white tea, or caffeine-free herbal blends.
Flavor Enhancers: Add honey or maple syrup for sweetness and antimicrobial properties.
Aromatic Spices: Add warmth and flavor with spices like cinnamon, cardamom, or cloves, which may offer health benefits.

Conclusion: Self-Care for the Caregivers

To be effective in your role, taking care of your own health is essential. Crafting your own tea blend is a small but meaningful way to practice self-care. It allows you to slow down, take a breath, and focus on your own well-being—so you can continue to improve the health of those around you.

This fall, make time for yourself. Whether you need an immunity boost, stress relief, or a moment of relaxation, there’s a tea blend that’s just right for you. Take a break, brew a cup, and enjoy the calming practice of tea-making as a simple, mindful self-care ritual.

Need inspiration? Try these blends:

Immune-Boosting Ginger and Turmeric Tea
Relaxing Chamomile and Lavender Tea for Better Sleep
Energy-Boosting Green Tea with Ginseng and Rosemary
Stress-Relieving Peppermint and Lemon Balm Tea

Taking a few moments for yourself can make a big difference in how you feel—both mentally and physically. Your body and mind will thank you, and so will your patients.

Disclaimer: The recommendations in this blog are not intended to be a substitute for professional medical advice. Always consult your healthcare provider before making any changes to your diet or health regimen.

How Do I Spell HIPPA?

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 26 Sep 2024 21:21:56 GMT

Spoiler: It’s HIPAA, Not HIPPA!

If you work in healthcare, you've likely encountered the term HIPAA countless times. However, one of the most common mistakes is spelling it as “HIPPA.” Let’s clear up the confusion, explain what HIPAA stands for, why it matters, and how to ensure your clinic remains fully compliant.

HIPPA vs. HIPAA: Clearing Up the Common Spelling Mistake

It’s easy to see why someone might confuse HIPAA and HIPPA. Both look like they belong in healthcare, but only one is correct. The proper spelling is HIPAA, which stands for the Health Insurance Portability and Accountability Act.

What Is HIPAA?

Now that we’ve corrected the spelling, let’s dive into what HIPAA stands for and its importance in healthcare.

HIPAA, enacted in 1996, serves two critical purposes:

Health Insurance Coverage: It ensures continued health insurance coverage for workers and their families when they change or lose their jobs.
Protection of Health Information: It protects patient health information (PHI) from being disclosed without the patient's consent or knowledge.

HIPAA is the foundation of patient privacy in healthcare. It establishes national standards for safeguarding medical records and other personal health information. For healthcare workers, understanding and adhering to HIPAA regulations is not just a legal requirement—it's crucial for building and maintaining patient trust.

Why HIPAA Compliance Matters for Your Clinic

Maintaining HIPAA compliance is more than just avoiding fines or legal issues—it's about protecting sensitive patient information and sustaining the trust your patients place in your clinic. Data breaches in healthcare are on the rise, and failing to comply with HIPAA can result in costly consequences, loss of trust, and damage to your clinic’s reputation.

Here are a few key reasons why HIPAA compliance is vital:

Patient Trust: Patients expect their healthcare providers to keep their personal information confidential. Compliance ensures you meet this expectation.
Legal Requirements: Violating HIPAA can result in severe fines, legal battles, and a significant loss of time dealing with the fallout.
Reputation: A breach of patient data or non-compliance can severely harm your practice’s reputation, potentially making it difficult to recover.

How to Ensure HIPAA Compliance in Your Clinic

Achieving and maintaining HIPAA compliance is essential for the success of your healthcare practice.

At Healthcare Compliance Associates, we simplify compliance for healthcare professionals like you. We offer customized HIPAA training, audits, and ongoing support to help your clinic stay up to date with the latest regulations. Whether you need training or assistance in updating your current practices, we're here to help!

Don't wait until it's too late—protect your clinic and maintain your patients' trust with expert compliance support. Get started today and let us help you safeguard what matters most: providing excellent care to your patients.

What is a HIPAA (Privacy & Security) Officer?

kelli@hlthcarecomp.com (Kelli Ngariki) — Tue, 17 Sep 2024 17:22:51 GMT

Gain Clarity on HIPAA Compliance: What a HIPAA Officer Is and Their Essential Duties!

HIPAA Privacy & Security Officer

Job Summary: The HIPAA Privacy and Security Officer is responsible for developing, implementing, and overseeing the clinic’s privacy and security policies in compliance with the Health Insurance Portability and Accountability Act (HIPAA). This role ensures the protection of patient health information (PHI) and monitors compliance with HIPAA regulations, safeguarding both digital and physical records. The officer will lead initiatives to educate staff on privacy and security protocols and respond to potential breaches or violations.

Principal Responsibilities:

1. HIPAA Compliance Program Management

Develop, implement, and maintain the clinic’s HIPAA privacy and security policies to defend protected health information (PHI).
Regularly assess risks and vulnerabilities related to patient data security and implement corrective measures.
Conduct periodic audits of the clinic’s compliance with HIPAA requirements, both on the privacy and security sides.
Work with IT and administrative staff to ensure appropriate safeguards are in place to protect electronic PHI (ePHI).

2. Training & Education

Coordinate or provide ongoing HIPAA privacy and security training to all staff, ensuring employees know their responsibilities in protecting PHI.
Lead new hire orientations and coordinate annual training on privacy and security best practices.
Serve as a resource for staff regarding questions or concerns about HIPAA compliance.

3. Incident Management & Reporting

Investigate and respond to suspected HIPAA violations or breaches of PHI, conducting risk assessments and determining necessary actions.
Ensure the timely reporting of breaches to affected patients and regulatory bodies, following the appropriate breach notification protocols.
Maintain documentation of all incidents and corrective actions, ensuring compliance with federal and state reporting guidelines.

4. Privacy & Security Advocacy

Promote a culture of privacy and data security throughout the clinic, ensuring patient information is always protected.
Act as the main point of contact for all HIPAA-related inquiries from staff, patients, and regulatory bodies.
Collaborate with management and IT to continuously improve the clinic’s security practices, keeping pace with evolving regulations and technologies.

5. Regulatory Compliance

Stay current on HIPAA regulations and state-specific privacy laws that apply to healthcare practices.
Conduct regular risk assessments and self-audits to ensure privacy and security standards compliance.
Ensure that business associate agreements are in place and all vendors are HIPAA-compliant.

Qualifications:

Bachelor’s degree in health information management, Compliance, or a related field ( preferred ).
Comprehensive knowledge of HIPAA privacy and security rules and regulations.
Experience in managing privacy and security programs within a healthcare setting.
Strong leadership and communication skills, with the ability to train and influence staff.
Ability to conduct audits, investigate incidents, and manage compliance documentation.

HIPAA Compliance Checklist for Small Healthcare Practices

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 05 Sep 2024 02:18:49 GMT

10-Point HIPAA Checklist

Staying compliant with HIPAA (Health Insurance Portability and Accountability Act) can be daunting for small healthcare practices. With so many rules, regulations, and standards to keep track of, it’s easy to feel overwhelmed. However, ensuring the privacy and security of your patient’s health information is the law and a critical aspect of maintaining trust and professionalism in your practice.

To help simplify the process, we’ve compiled a comprehensive HIPAA compliance checklist for small healthcare practices. This guide will help ensure you cover all the key areas and comply with federal regulations.

1. Conduct Regular Risk Assessments

A HIPAA risk assessment helps you identify potential vulnerabilities in your practice’s handling of patient information. This includes assessing how you collect, store, and transmit Protected Health Information (PHI). Ensure your risk assessments are thorough and conducted at least annually or whenever significant changes to your systems occur.

Key Points:

Identify risks to PHI confidentiality, integrity, and availability.
Document all findings and develop a plan to mitigate risks.
Reassess risks regularly to stay ahead of potential threats.

2. Ensure Employee Training

HIPAA compliance is a team effort; all employees must understand the regulations. Regular training ensures that everyone in your practice, from front-office staff to healthcare providers, knows how to handle PHI properly and what to do in case of a data breach.

Key Points:

Conduct annual HIPAA training for all employees.
Provide role-specific training based on job duties.
Keep records of completed training sessions.

3. Implement Safeguards for Electronic PHI (ePHI)

The HIPAA Security Rule requires healthcare providers to implement safeguards to protect ePHI. These safeguards involve physical and technical measures to prevent unauthorized access to digital health information.

Key Points:

Use encryption to protect ePHI during transmission.
Implement secure access controls, such as strong passwords and multi-factor authentication.
Regularly update and patch software to address security vulnerabilities.

4. Create and Maintain HIPAA Policies and Procedures

Every small healthcare practice must have policies and procedures outlining how PHI is handled. These documents should cover everything from patient consent forms to how data breaches are reported and managed.

Key Points:

Ensure that policies are up-to-date and reflect current regulations.
Make these policies available to all employees.
Review and update your policies regularly.

5. Have a Breach Notification Plan

If a data breach occurs, HIPAA requires that you notify the affected patients and report the breach to the Department of Health and Human Services (HHS). A well-documented breach notification plan ensures you can respond quickly and correctly.

Key Points:

Develop a breach response plan that includes internal reporting and external notifications.
Know the timeline for breach reporting (within 60 days of discovery).
Keep patients informed of your actions to remedy the situation.\

6. Secure Physical Access to PHI

While much of HIPAA compliance focuses on digital data, physical security is just as important. Ensure that any paper records, filing systems, and workstations with access to PHI are secure.

Key Points:

Lock offices, filing cabinets, and storage rooms that contain PHI.
Limit access to areas where PHI is stored to authorized personnel only.
Implement clean desk policies to ensure no PHI is left unattended.

7. Maintain a Business Associate Agreement (BAA)

Small healthcare practices often work with third-party vendors, such as billing services or IT providers. You must have a signed Business Associate Agreement (BAA) if any of these vendors can access PHI. This document outlines the vendor’s responsibility to protect PHI and ensures they comply with HIPAA regulations.

Key Points:

Ensure all relevant vendors sign BAAs.
Review and update BAAs regularly to maintain compliance.
Keep records of all signed agreements.

8. Appoint a Privacy and Security Officer

Even small healthcare practices must designate someone responsible for overseeing HIPAA compliance. This could be a specific employee or an outsourced professional. The Privacy Officer handles compliance with the HIPAA Privacy Rule, while the Security Officer oversees compliance with the Security Rule.

Key Points:

Clearly define the roles and responsibilities of the Privacy and Security Officer.
Ensure they have the necessary training and resources to manage compliance.
Regularly review your practice’s compliance efforts with the appointed officer.

9. Monitor Access to PHI

One of the most important aspects of HIPAA compliance is ensuring that only authorized individuals have access to PHI. Implementing audit controls and monitoring systems can help you track access to both physical and digital records.

Key Points:

Implement audit trails to track who accessed or modified PHI.
Review access logs regularly for any suspicious activity.
Address unauthorized access immediately to prevent data breaches.

10. Regularly Review and Update Compliance Practices

HIPAA regulations can change, and new threats to patient data emerge over time. Regularly reviewing and updating your compliance practices is essential to staying compliant and protecting your patients’ information.

Key Points:

Schedule periodic reviews of your HIPAA policies and procedures.
Stay informed of any changes to HIPAA regulations.
Make updates as necessary to ensure your practice stays compliant.

Final Thoughts

HIPAA compliance doesn’t have to be overwhelming for small healthcare practices. Following this comprehensive checklist can create a solid foundation for protecting your patients’ health information and staying compliant with federal regulations. Regular assessments, employee training, and safeguarding both physical and electronic PHI are vital to ensuring your practice remains HIPAA compliant.

If you need assistance with HIPAA compliance or want to ensure your practice is fully protected, contact Healthcare Compliance Associates today. We specialize in making compliance simple, efficient, and stress-free for healthcare practices of all sizes.

HIPAA and Privacy Act Training

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 05 Sep 2024 01:56:13 GMT

Safeguarding Patient Privacy in Healthcare

In today’s healthcare environment, ensuring the privacy and security of patient information is critical. With the growing use of digital records and telemedicine, healthcare providers must diligently safeguard sensitive data. HIPAA (Health Insurance Portability and Accountability Act) and the Privacy Act are essential regulations that protect patient privacy and guide healthcare professionals on properly handling health information.

What is HIPAA?

HIPAA, enacted in 1996, was designed to protect patient health information (PHI) from being disclosed without the patient’s consent or knowledge. It sets standards for the secure transmission and storage of PHI and establishes patients' rights to access their health records. Compliance with HIPAA is not optional for healthcare providers— it's the law . Violations can result in hefty fines and damage to an organization’s reputation.

What is the Privacy Act?

The Privacy Act of 1974 applies to federal agencies and ensures they safeguard personal information in their systems. While HIPAA is specific to healthcare, the Privacy Act is broader, covering any personal data collected by the federal government. Understanding the differences between these laws is vital for healthcare professionals working in federal agencies or handling information related to government programs.

Why is HIPAA and Privacy Act Training Important?

Healthcare professionals must maintain compliance with HIPAA and the Privacy Act. Training helps ensure that everyone in the healthcare ecosystem—from front desk staff to IT professionals—understands how to handle patient data responsibly.

Here’s why HIPAA and Privacy Act training should be a priority:

Preventing Data Breaches: Training helps staff recognize and avoid risky behaviors that could lead to data breaches. This includes understanding phishing attacks, encryption practices, and the safe use of mobile devices in healthcare settings.
Building Trust with Patients: Patients trust healthcare providers with their most sensitive information. Providers can maintain that trust and foster a sense of security by ensuring compliance with HIPAA and the Privacy Act.
Minimizing Legal Risks: HIPAA and Privacy Act violations can lead to severe penalties. Training helps minimize the risk of legal repercussions by ensuring that staff knows and follows the law.
Creating a Culture of Compliance: Regular training ensures that privacy protection becomes second nature within your organization. When everyone understands the importance of compliance, it becomes part of the culture.

Critical Components of HIPAA and Privacy Act Training

Effective training should cover several essential areas:

Understanding PHI : Employees should know what constitutes protected health information and the rules for its disclosure.
Recognizing Security Threats : Cybersecurity training should be part of the curriculum, helping staff to identify and avoid potential threats.
Patient Rights : Staff must understand patients' rights to access and control their health information.
Incident Reporting : Employees should be trained to immediately report any potential breaches or unauthorized disclosures.

How Often Should You Conduct Training?

HIPAA mandates that training be conducted regularly, but many organizations offer annual refreshers to ensure compliance. New employees must complete training as part of their onboarding process, and updates should be provided whenever policies or regulations change.

Conclusion

HIPAA and Privacy Act training is not just about checking a compliance box—it’s about protecting patients, minimizing risks, and creating a secure environment for healthcare. Investing in thorough, ongoing training for your team you help build a culture of privacy and trust that benefits your organization and your patients.

Stay compliant. Stay secure. Stay trusted.

CDC Launches updated website

kelli@hlthcarecomp.com (Kelli Ngariki) — Sun, 19 May 2024 20:26:31 GMT

This is a subtitle for your new post

The CDC revealed its newly revamped CDC.gov website, marking a significant step forward in the agency’s commitment to improve public communication. Internal and external reviews of agency operations were conducted after the peak of the COVID-19 pandemic. The result was the CDC Moving Forward effort, which launched numerous initiatives to enhance the speed and clarity of agency communications. The newly streamlined website is the culmination of extensive user testing and feedback, ensuring that vital health information is more accessible and easier to find for all audiences.

What to do with Amalgam

kelli@hlthcarecomp.com (Kelli Ngariki) — Sun, 19 May 2024 20:22:09 GMT

What do you do with Amalgam in your Dental Practice?

Amalgam separators remove amalgam particles from the wastewater to reduce the amount of amalgam entering the sewage system. Amalgam separators are devices designed to capture amalgam particles from dental office wastewater through sedimentation, filtration, centrifugation, or a combination of these mechanisms.

Dental offices that place or remove amalgam must operate and maintain an amalgam separator and must not discharge scrap amalgam to the POTW (e.g., by disposing of amalgam via sink drains or toilets).

Existing amalgam separators must be properly maintained and may be operated for their lifetime or ten years from the effective date of the rule (June 14, 2027), whichever is shorter . When a separator needs replacement, or the ten-year period has passed, and the separator does not meet the standard of the final rule, a dental office must replace the separator with one that meets ISO 11143 (or ANSI/ADA 108-2009) standard (or equivalent) and a One-Time Compliance Report.

Safety Data Sheets (SDS) - Clean up

kelli@hlthcarecomp.com (Kelli Ngariki) — Sun, 19 May 2024 20:17:43 GMT

Have you reviewed your Safety Data Sheets recently?

A few tips for Safety Data Sheets:

Maintain a Safety Data Sheet (SDS) for all hazardous materials in your practice.
Remove any SDS sheets that are no longer being used and store them for 30 years! Yes, 30!
Double-check that there is an SDS for every hazardous material in your practice; if not, print one and add it to your binder and master inventory list.
Ensure everyone has been trained on the hazardous materials they use or come into contact with.

HIPAA - Don't get fined!

kelli@hlthcarecomp.com (Kelli Ngariki) — Sun, 19 May 2024 20:14:38 GMT

How often do staff in the healthcare sector witness HIPAA violations?

More than two-thirds (67%) of staff have witnessed a suspected HIPAA violation, according to The HIPAA Journal’s recent survey of 245 employees who work in the healthcare sector.

The most common types of HIPAA violations that staff believe they have witnessed were found to be:

Failure to log off – 56%
Unauthorized access – 49%
Gossip – 43%
Snooping – 41%
Improper disposal of records – 39%
Lack of employee training – 36%
Sharing passwords – 34%
Unauthorized release of records – 32%

Based on a survey by the HIPAA Journal.

Improving Team Morale: A Guide for Healthcare Safety Officers

Sun, 03 Dec 2023 22:26:28 GMT

Empowering Teams to Share Responsibilities and Prevent Burnout: Making safety a team effort!

The responsibilities of OSHA and HIPAA Officers in healthcare office often extend beyond the standard job description. The weight of ensuring compliance, safety, and security can lead to burnout, leaving safety officers feeling overworked and overwhelmed. However, the key to building successful and sustainable compliance programs lies in the shared responsibilities of a dedicated team.

In successful compliance programs, the responsibility of safety and security is not solely shouldered by one individual. Instead, responsibilities are distributed among team members while the safety officer monitors and ensure tasks are completed and maintained, fostering collaboration and preventing burnout. Here’s why sharing responsibilities is crucial:

Delegating Tasks for a Breath of Fresh Air

Delegating tasks not only lightens the load for safety officers but also promotes a sense of shared commitment among team members. Here are three easy tasks that can be delegated to distribute responsibilities more evenly:

Weekly Eyewash Station Flush (OSHA): Assign this task to a responsible team member on a rotating schedule.
Monthly Fire Extinguisher Checks (OSHA): Divide the responsibility among team members to ensure regular checks without overwhelming one person.
Regular Sharps Container Checks (OSHA): Create a schedule for different team members to inspect sharps containers periodically.

Tips for Effective Task Delegation

To ensure a smooth delegation process, consider these tips:

Create/Update Policies and Procedures: Clearly outline the steps for each delegated task in updated policies and procedures.
Regular Schedule: Assign specific days for each activity. Set reminders on calendars to maintain a consistent schedule.
Maintain a Logbook: Establish a logbook to document completed tasks, ensuring a transparent record of compliance .

Fostering Continuous Improvement

Shared responsibilities contribute to a culture of continuous improvement. When team members are involved in various aspects of compliance, it fosters an environment where everyone is encouraged to identify and implement better practices. This not only enhances compliance but also ensures that the team is always striving for excellence.

Conclusion: Building a Resilient and Collaborative Team

By distributing responsibilities among team members, healthcare offices can create a resilient and collaborative e nvironment. The shared commitment to safety not only prevents burnout for safety officers but also enhances the overall effectiveness of compliance programs.

In the pursuit of a safer healthcare environment, let’s remember that successful teams share responsibilities, cultivate open communication, and lift each other up in times of stress. Together, we can build a workplace where the b urden of compliance is lig htened by the strength of a supportive team.

Ready to Enhance Your Compliance Program? Schedule a Chat!

Ready to feel prepared, confident, and secure in your compliance program? Schedule a chat and learn how we can make your office become and stay OSHA & HIPAA compliant.

The Dangers of Neglected Infection Control in Dental Offices

Mon, 09 Oct 2023 19:37:06 GMT

In the world of dentistry, the mission is simple: ensure every smile is as vibrant and healthy as it can be. Yet, lurking beneath the pristine surfaces of dental chairs and gleaming instruments, a threat can shatter this mission: neglected infection control.

Let's pull back the dental chair curtain and reveal the stark reality: Inadequate infection control in dental offices can lead to many nightmarish scenarios. Dental offices that fail to comply with CDC Infection Control guidelines and OSHA regulations may experience breaches. These can lead to large amounts of money spent on testing and medical care for those affected and possibly loss of licensing.

A solid infection control program begins with an Infection Control Plan. This plan should consider workplace hazards and develop policies and protocols to diminish or eliminate these risks. By incorporating team awareness, training, and policies in the plan, dental facilities can prevent the most common infection control breaches listed below.

1. Improper Hand Hygiene

We know that your days are packed with patient appointments, sterilizing instruments, cleaning operatories, and keeping everything running smoothly. But here's something that can't be overstated: hand hygiene. It's the foundation of infection control, and inadequate hand hygiene can have dire consequences.

Improper hand hygiene can lead to the transmission of pathogens between dental staff and patients, increasing the risk of cross infections.

To make this manageable in your busy day, we recommend:

Adequate training for your staff.
Posting signs around the office to serve as reminders.
Gentle corrections and cues for team members when needed.
Ensuring your whole team is committed to making hand washing a top priority.
Random observations to ensure it’s being performed when and as recommended.

2. Improper Use of Personal Protective Equipment (PPE)

It can be a struggle to ensure everyone is using Personal Protective Equipment (PPE) correctly. Lack of training, supply shortages, and misconceptions can hinder proper usage. Non-compliance can be detrimental, potentially increasing the risk of infection transmission during dental procedures affecting dental staff and patients. To address this, it's crucial to provide adequate PPE to all staff, train them in its correct usage, and enforce its consistent use during patient care, cleaning, and device sterilization.

Dental infection control should include:

Review tasks performed throughout the day and create policies and procedures outlining necessary PPE
Periodically review donning and doffing procedures.
Provide adequate PPE for all staff. Ensure correct size and fit for all staff members.
Conduct comprehensive training.
Enforce consistent use during patient care.
Enforce consistent use during environmental cleaning.
Enforce consistent use during instrument disinfection and sterilization.

Not only does this protect your patients, but it also instills confidence in your safety program.

3. Inadequate Sterilization and Disinfection of Dental Instruments

Sterilization and disinfection are the unrewarded heroes of infection control. Properly executed, they eliminate the risk of transmitting infectious diseases between dental patients and healthcare workers.

Sterilization destroys and eliminates all microbial life forms, including bacteria, viruses, and spores. It is needed for instruments that encounter body fluids or the bloodstream. Disinfection reduces the number of pathogenic microorganisms to a level considered safe for patient contact. Disinfection is typically used for surfaces and non-critical instruments that do not penetrate body tissues.

Dental instruments are classified as:

Critical Instruments: These instruments directly contact body tissues or the bloodstream and include scalpels and needles. They must be sterilized using methods that achieve a high level of microbial kill.
Semi-Critical Instruments: These instruments contact mucous membranes or non-intact skin, but they do not penetrate body tissues. They should be either sterilized or subjected to high-level disinfection.
Non-Critical Instruments: These instruments come into contact with intact skin and do not penetrate mucous membranes or body tissues. They can be disinfected using low-level disinfection.

Sterilization Methods:

Standard methods of sterilization for critical and semi-critical dental instruments include:

Autoclaving: Steam under pressure is the most commonly used method for sterilization.
Dry Heat Sterilization: Some instruments may be sterilized using dry heat ovens.
Chemical Vapor Sterilization: Instruments can be sterilized using chemical vapors.
Ethylene Oxide (ETO) Sterilization: ETO gas may be used for items that cannot be autoclaved.

Disinfection Methods:

High-level disinfection is often achieved using chemical disinfectants approved for medical and dental use.
Intermediate-level disinfection may be used for semi-critical instruments.
Low-level disinfection is suitable for non-critical instruments and environmental surfaces.

To ensure that dental practices are safe and effective, it is important to establish protocols and assign responsible parties to monitor and document sterilization and disinfection processes. This can involve using chemical, mechanical, and biological indicators, as well as keeping detailed records. Dental healthcare providers need to receive proper training on sterilization and disinfection procedures, to ensure compliance and patient safety. It is important to clean and decontaminate dental instruments immediately after use and before sterilization or disinfection. Proper maintenance of equipment is also crucial to ensure that it functions properly.

Inadequate sterilization and disinfection of dental instruments represent a critical breach in dental infection prevention and control. Research shows that lapses in instrument disinfection and sterilization can contribute to dental healthcare-associated infections (HAIs). These lapses can occur due to equipment malfunction, improper technique, or insufficient training.

The consequences of this breach are severe. Patients can develop infections, including oral infections and systemic illnesses, from contaminated dental instruments. Healthcare offices may face hefty fines and legal actions as consequences. According to Centers for Disease Control and Prevention (CDC), each day, approximately 1 in 31 U.S. patients contracts at least one infection in association with their healthcare, underscoring the need for improvements in patient care practices in U.S. healthcare facilities.

4. Needlestick and Sharps Injuries

Accidental needlestick and sharps injuries can expose dental healthcare workers to bloodborne pathogens like hepatitis B and hepatitis C. According to the CDC, an estimated 600,000 needlestick injuries and other transdermic injuries occur annually among healthcare workers in the United States. The CDC also reports that about 1 out of 300 healthcare workers accidentally stuck with a needle from someone with HIV get infected. These injuries can happen during the handling and disposal of needles, scalers, or other sharp dental instruments.

The consequences of needlestick injuries can be long-term and potentially life-threatening. Dental workers can contract bloodborne infections, leading to health complications.

To mitigate this risk:

Prioritize staff training in safe handling and disposal of sharps.
Use safety-engineered devices. Each year, you are required to review potentially safer sharps devices.
Maintain and use sharps disposal containers.
Regularly review and update sharps handling procedures.

5. Cross-contamination from Contaminated Surfaces and Equipment

It is crucial to keep a dental office free from cross-contamination caused by contaminated surfaces and equipment. Failure to properly clean and disinfect dental surfaces and equipment can result in harmful bacteria and viruses lingering, which poses a significant risk to both patients and healthcare providers. Research shows that Hepatitis B can live on surfaces for 7 days.

Instruments used in invasive procedures that come into contact with bodily fluids must be sterilized to eliminate microorganisms. Even seemingly harmless surfaces, such as doorknobs and light switches, can be breeding grounds for germs if not regularly disinfected. To ensure a safe and healthy environment, dental teams must adhere to strict protocols, including wearing gloves, masks, and other protective gear and meticulously cleaning and disinfecting all surfaces and instruments. This not only ensures the well-being of their patients but also their staff. Inadequately cleaned and disinfected surfaces and equipment can lead to cross-contamination, a serious concern in dental offices. These incidents can occur due to oversight or lapses in cleaning protocols and can have varying consequences.

To prevent this:

Adhere to strict protocols.
Meticulously clean and disinfect all surfaces and devices using EPA-approved products.
Establish comprehensive cleaning and disinfection schedules and ensure they are followed.

The consequences of cross-contamination are far-reaching. It can lead to the transmission of pathogens between patients and dental staff, potentially causing infections and harm. To prevent this, it's essential to develop a comprehensive cleaning and disinfection schedule for all surfaces and equipment, with a particular focus on high-touch areas.

6. Improper Management of Dental Unit Waterlines

Failure to maintain and disinfect dental unit waterlines can lead to biofilm growth and the potential release of waterborne pathogens during procedures. In recent years, there have been reports of human illnesses and deaths caused by contaminated water from dental unit waterlines.

Biofilm buildup in dental unit waterlines can result from non-compliance with maintenance and disinfection protocols, potentially releasing waterborne pathogens during dental procedures, posing a risk to patients and dental staff.

To mitigate this risk, consider:

Test waterline bacterial count.
Regularly disinfect dental unit waterlines following manufacturer recommendations.
Work with equipment manufacturers to ensure that their dental treatment water meets or exceeds the standards set by EPA for drinking water.
Use commercial devices and procedures to improve water quality.
Use source water containing less than 500 CFR/mL of bacteria.
Clean self-contained water systems.
After each patient, run any dental device used in the mouth and connected to the dental water system for a minimum of 20-30 seconds.

Conclusion

In conclusion, neglected infection control in dental offices poses serious risks. From improper hand hygiene to inadequate sterilization, the consequences can be severe for both patients and staff.

To mitigate these risks, dental practices must prioritize proper hand hygiene, ensure correct PPE use, maintain meticulous instrument sterilization and disinfection, address needlestick injuries, prevent cross-contamination, and manage waterlines effectively.

Neglecting infection control can not only lead to patient infections and legal consequences but also put the safety of staff members at risk. Therefore, dental professionals must invest in training, equipment maintenance, and safety culture to provide quality care and ensure the safety of everyone involved in the mission of dentistry: vibrant, healthy smiles free from infection.

The learning doesn’t stop here; treat your staff to engaging, practical infection control training for dental professionals. Not only is Infection Control Certification required for your license, but it’s also best practice and should be conducted annually. Plus, it's a great opportunity to engage with your staff and ensure everyone is on the same page.

Don't let infection control breaches jeopardize your patients' health and your practice's reputation. Sign up for Infection Control Training today!

Sources:

Bloodborne Pathogens - Evaluating and Controlling Exposure | Occupational Safety and Health Administration (osha.gov)

Sharps Safety for Healthcare Settings | CDC

Why You Need OSHA Training in Healthcare

kelli@hlthcarecomp.com (Kelli Ngariki) — Mon, 04 Sep 2023 18:01:35 GMT

The Occupational Safety and Health Act of 1970 aims to protect American workers and prevent work-related injuries, illnesses, and deaths by setting and enforcing standards. As per OSHA guidelines, employers must comply with OSHA regulations. Therefore, they must provide the explicit safety and health training their workers need to perform their jobs safely.

Who Needs OSHA Training?

All healthcare workers with potential exposure to hazards must receive training on specific safety hazards and precautions (controls) before engaging in potentially hazardous activities. The timeliness of training is critical when it comes to adhering to OSHA regulations. While all employees are at risk, the risk of injuries and illnesses is even greater for newly hired employees. For this reason, all employees should receive OSHA training within the first ten days of employment and annually thereafter, as per OSHA requirements. Safety (OSHA) Officers should also receive training on identifying hazards, developing plans, and maintaining records.

What Help is Available?

Understandably, many employers are seeking assistance with the OSHA training process. Lack of time, resources, and intricate knowledge of ever-changing OSHA guidelines can expose employers to substantial risks and non-compliance penalties. Fortunately, employers don’t have to navigate this arduous process alone. At Healthcare Compliance Associates (HCA), we live and breathe OSHA compliance, so you don’t have to! Our job is to save you time, reduce risk exposure, and help you provide your employees with the best work environment possible.

Our specialists at HCA develop and conduct engaging training programs (on-site, virtual, and online), create practical checklists to make compliance easier, provide monthly newsletters with updates to stay informed, assist with setting up plans and policies, and provide personalized support to help in an inspection and with day-to-day challenges.

Working with an OSHA compliance company such as HCA has many advantages. Five of the most notable of these are:

Protects Employees

For employees, on-the-job injuries and illnesses can have devastating effects. According to a study by the American Journal of Industrial Medicine, a single workplace illness or injury costs an employee and their family on average $8,000 out of pocket. Employees may be forced to dip into their savings or default on payments. As a result, these employees are much more likely to lose their homes, cars, and health insurance.

Thankfully, you can significantly reduce the likelihood of injuries and illnesses by providing proactive and comprehensive OSHA training to all employees through a reputable OSHA compliance management company. Through this commitment to safety compliance, you can prevent much physical pain, emotional suffering, and financial stress on your workers. Additionally, establishing more standardized procedures creates consistency for employees, and an increased understanding of roles and expectations helps improve employee satisfaction. Smoother workflow processes and happier employees will likely result in a better patient experience…the ground on which great reputations and abundant referrals are built.

Increases Productivity and Saves You Money

According to the United States Bureau of Labor and Industries, in 2021, private industry employers reported 2.6 million non-fatal workplace injuries and illnesses. In 2020, the healthcare and social assistance industry had the most reported injuries and illnesses at over 800,000. Furthermore, healthcare and residential care had the highest number of incidents resulting in days away from work.

The financial toll of illnesses, injuries, and workplace fatalities can be enormous for employers. In today's business environment, this cost can be the difference between running in the black or the red. Small and medium-sized businesses are especially vulnerable to the impact of workplace injuries and illnesses. Slim budgets and the nature of “work-family” environments in businesses of these sizes can cause immediate and lasting financial and emotional trauma.

A quality training program that creates awareness about safety hazards and instructs employees on preventing them is a worthy investment. Returns on OSHA training investments include increased productivity, higher worker morale with decreased absenteeism, more predictable patient care, increased profitability, improved compliance with fewer worker's compensation claims, improved patient satisfaction, reduced insurance risk exposure, and minimized legal fees. Indirectly, an investment in OSHA training can also promote patient referrals, further supplementing your bottom line.

Reduces Your Risk of OSHA Fines and Citation

Employers have a moral obligation to protect their staff from unsafe working conditions. Further, non-compliance can lead to hefty fines reaching hundreds of thousands of dollars and citations that can cause individuals to lose their licenses. In many cases, the detrimental financial effects of non-compliance can be made even worse when a company’s reputation is tarnished. Effective training will reduce the risks of employees, patients, or members of the general public filing complaints about you to OSHA.

While some of these complaints can be minor, only warranting a letter asking for an explanation with possible internal remediation of the reported hazard, others substantiate an on-site OSHA investigation. If an inspector arrived at your facility today to thoroughly examine your potential risks, work practices, and controls, will you, your employees, and your facility be prepared to withstand the rigors of an OSHA compliance audit?

An effective OSHA training company should ensure that an OSHA trainer walks through your facility annually and recommends improving compliance. Your training company will likely give you an outline of the compliance process and specific instructions on responding to a complaint. More importantly, they should also provide you access to a local trainer who can serve as your representative during an inspection, offering guidance and assistance with any necessary follow-up.

This invaluable support will likely decrease the stress level for you and your staff. Additionally, OSHA inspectors will consider your 'good faith effort' to achieve compliance through safety plans, policies, and documented training. Your efforts may decrease sanctions or even avoid them altogether. Having an OSHA training certification not only provides your staff with continuing education credits (CE’s), it may save you money in fines. Annual professional training offers peace of mind knowing you're protected if an accident, complaint, or inspection occurs.

Increases Job Satisfaction and Morale

Everyone appreciates feeling valued and respected. Offering new-employee and annual staff training demonstrates management's commitment to the safety and health of their employees. By investing in staff education, management can earn the trust and loyalty of workers and boost morale. Better morale not only increases productivity and lowers the number of absences but also reduces the number of on-site accidents.

From our experience, the most effective and productive OSHA safety programs involve multiple staff working harmoniously to achieve and maintain compliance. This team approach takes the heavy lifting off of one or only a handful of employees and encourages the whole team to prioritize safety. Management’s fostering of teamwork and unity among workers typically leads employees to feel happier, more supported, and less stressed. When people know their role and the importance of workplace safety, they feel a greater sense of belonging to the group and empathy for their co-workers. As part of a team, members work together in a productive manner that results in better patient care and outcomes.

Keeps You Current on Laws and Requirements

Under OSHA rules, all healthcare employers should know and follow governmental regulations to protect their employees. Some OSHA rules haven't changed in many years, while others are revised often. Oregon OSHA (OR-OSHA) adds additional requirements to federal laws, making standards even more stringent. As an employer, you must keep up with frequent changes to federal and state-specific laws. Unfortunately, this can be challenging and time-consuming. To exemplify the complexities of changing regulations, Oregon OSHA Covid rules have been updated 14 times since coming out in 2020.

At HCA, we conduct ongoing research to stay current on OSHA guidelines and incorporate recent changes into our training program in a practical and helpful way that you and your staff can implement quickly. Working together, we focus your employees on areas that help your patients and generate income rather than compliance.

Finding an OSHA compliance expert in your state saves you time and money. There are numerous nuances in the world of OSHA compliance, and it helps to work with someone who knows the ins and outs of federal and state guidelines. For example, understanding which government organization to listen to, The Center for Disease Control (CDC), the Oregon Health Authority (OHA), or Oregon OSHA, can be very complicated. Depending on the specific hazard topic, any of these organizations might trump the others. But how would you know? A good compliance consultant will spend countless hours researching and communicating with these organizations to understand the distinctions.

Conclusion

Establishing and maintaining OSHA compliance can be tricky. By working with a reputable OSHA compliance company, you can remove the obstacles that put you and your companies at serious risk of injuries and illnesses. In working proactively and collaboratively, we can find and fix workplace hazards before employees are injured or become ill.

Proper employee training cultivates an understanding of OSHA responsibilities and empowers staff to make good decisions. OSHA training will reduce your risk of fines, legal fees, and citations, protect your team from injuries or illnesses, increase productivity and staff morale, keep you current on relevant laws and regulations, and improve patient outcomes.

OSHA certification demonstrates that you conduct business safely and ethically according to the law. It builds trust and improves your company's reputation with patients and the community. It will also likely minimize fines if your company has a complaint filed against you or OSHA arrives for an inspection. A reputable OSHA training and support company can assist you on your ever-evolving compliance journey.

We’ve got you!

We at Healthcare Compliance Associates live and breathe compliance, so you don’t have to.

We develop and conduct engaging training programs (onsite, virtual, and online), create practical checklists to make compliance easier, provide monthly newsletters with updates to stay informed, assist with setting up plans and policies, and provide personalized support to help in an inspection and day-to-day challenges. We keep your employees working and focused on areas that help your patients and generate income. Not focused on compliance.

In just 30 days, everyone in the office can be compliant, and it can cost less than $5 per day, depending on the size of your business.

Why You Need HIPAA Training

kelli@hlthcarecomp.com (Kelli Ngariki) — Mon, 07 Aug 2023 22:25:57 GMT

You know the importance of HIPAA (Health Insurance Portability and Accountability Act) for maintaining the privacy and security of your patient’s information. But are you up to date on new regulations? Does your staff know and understand their responsibilities and their accountability for patient data? Do you know what to do if there is a data breach? Has your liability been minimized because everyone in your practice is doing what they should?

HIPAA is a law that makes healthcare clinics and their employees accountable for health data and for keeping it private and confidential. It can be incredibly complicated, vague, and confusing. Unsecured protected health information (PHI) has affected millions of patients over the last decade. These breaches and violations cost businesses millions of dollars in lost productivity, patients, and revenue each year. Most of these breaches are preventable.

Who Needs HIPAA Training?

Everyone in healthcare who encounters patient data must receive training on general HIPAA compliance and specific business policies and procedures within the first 10 days of being hired and annually after that. Additional training should be conducted when there are technology or policy changes. HIPAA compliance is an ongoing process.

Business Associates who access or use patient PHI must implement security awareness and training for their workforce.

Here are five reasons HIPAA training is essential for every healthcare practice!

1. Reduces the Risk of HIPAA Violations

Employees cause approximately 75% of HIPAA data breaches in healthcare. Most of these disclosures are due to inadvertent actions, not knowing or following specific policies and protocols, and accidentally letting hackers into the system.

All workforce members must have a basic understanding of HIPAA to be compliant. Security awareness training helps staff recognize and prevent potential cyber-attacks . Your practice’s security position to minimize attacks is improved.

The purpose of the training is to give staff an understanding of HIPAA-related policies and security rules to perform their roles and avoid mistakes that could lead to disclosures and violations.

With practical HIPAA training, staff members better understand their accountability concerning patient PHI. It encourages more specific policies and procedures in the practice so that everyone follows the same standards. This leads to more efficiency and employee satisfaction because their role is clear. A more standardized experience is established and maintained for the patient.

The cost of HIPAA training pays for itself in increased productivity, predictable care for patients, Medicare star ratings, and profitability.

2. Minimizes Your Professional Liability

The HIPAA security and privacy rules carry a moral obligation to protect patient privacy . Along with that are hefty fines and citations if non-compliance becomes an issue. Companies can be fined hundreds of thousands of dollars , and individuals can lose their licenses. This is detrimental to the financial bottom line and damaging to reputations.

If there is a disclosure or breach, depending on the circumstances, it may need to report to the HHS Office of Civil Rights. If they investigate, they will consider your ‘good faith effort’ to achieve HIPAA compliance through privacy and security policies and documented training. Your efforts may decrease sanctions or even avoid them altogether.

If you value the professional integrity of your healthcare practice, HIPAA training provides peace of mind that all employees know how to protect patient information, thus minimizing your liability.

3. Laws and Requirements are Constantly Changing

Knowledge is power, and technology is ever evolving-evolving. New technology often requires added privacy and security of electronic data. Under HIPAA rules, all healthcare professionals should know and follow governmental regulations to protect their patients’ information. Following these rules includes staying current on technology to increase cybersecurity and minimize inappropriate disclosures of patient PHI.

The ONC Cures Act came out in 2016 and is an add-on to the HIPAA rules. It requires patients to have more access to their data to be better informed and involved in their own care. Healthcare practices and their staff need to understand what’s involved and how they should react.

HIPAA training should cover current technology and recent rule changes. Keeping up with this is a daunting task. Keep your staff focused on patients and find a competent compliance company to conduct your HIPAA training.

4. Decreases Anxiety and Frustration of Staff

Everyone in healthcare must know and understand HIPAA privacy and security rules. Unfortunately, many individual employees do not understand these regulations. As a result, they turn to supervisors and managers for guidance. This can be frustrating and overwhelming for managers who already have a full plate.

All levels of healthcare must be trained and empowered to protect patient PHI. This training helps workers better understand their role in compliance so they can take ownership of it.

Ethical values require a top-down approach. Owners and managers must make privacy and security a priority . Management commitment ensures patients and staff feel safe and comfortable within the clinic.

5. Increases Standards of Patient Care

When a patient trusts their healthcare provider, they tend to be more open about sharing symptoms and health concerns. This increases the accuracy of diagnosis and improves overall patient outcomes. Healthcare workers know some of the most intimate details of individual’s lives. You are highly trusted and honored for that. Don’t take this lightly.

Most healthcare workers and owners want to help people. They also have a substantial value for integrity and fairness. Invading someone’s privacy is generally considered a personal violation and betrayal. Patients can incur severe financial and emotional damage when their information is exposed and misused.

Neglecting a patient’s privacy and security or care downgrades the integrity of your company and your staff. It compromises ethics and overall compliance. Patient care is everyone’s responsibility and includes their physical and emotional well-being and protection of their PHI.

HIPAA training can help to create loyal patients through efficient, effective standard operating procedures . Improve patient outcomes by defending your security system and training your staff.

Conclusion

Staying in compliance with HIPAA can be tricky. The proper training develops an understanding of HIPAA accountability and empowers staff to make good decisions. HIPAA training will reduce your risk of HIPAA violations, minimize professional liability, increase knowledge, decrease anxiety, and improve patient outcomes.

HIPAA certification demonstrates that you conduct business ethically according to the law. It builds trust and improves your company’s reputation with patients and the community. It will also likely minimize fines if your company goes through a security breach or cyber-attack.

A reputable HIPAA training and support company can assist you on your ever-evolving compliance journey.

We Got You!

We, at Healthcare Compliance Associates, live and breathe compliance so you don’t have to.

We develop and conduct engaging training programs (onsite, virtual, and online), create practical checklists to make compliance easier, provide monthly newsletters with updates to stay informed, assist with setting up plans and policies, and provide personalized support to help in an inspection and with day-to-day challenges. Basically, we keep your employees working and focused on areas that help your patients and generate income . Not focused on compliance.

In just 30 days, everyone in the office can be compliant, and it can cost less than $5 per day , depending on the size of your business.

OSHA Heat Prevention: Requirements and Practical Tips

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 07 Jul 2023 23:26:17 GMT

Under OSHA regulation, employers are responsible for providing workplaces free of known safety and health hazards including protecting workers from heat-related hazards.

Heat stress is a serious condition that can lead to heat exhaustion and heat stroke when the body's internal temperature regulation is compromised. Heat illness symptoms can look like excessive sweating, dizziness, headaches, rapid pulse, and nausea. These signs should never be ignored, they indicate the body's struggle to cope with heat. OSHA (Occupational Safety and Health Administration) recognizes the significance of preventing heat-related illnesses. There are simple steps you can take to develop a Heat Illness Prevention Plan within your office during the warmer seasons.

To prevent heat stress in warmer seasons, whether at work or outdoors, follow these practical tips:

1. Stay hydrated: Hydration is essential for regulating body temperature. Drink water frequently, even if you don't feel thirsty. Proper hydration replenishes lost fluids due to sweating.

2. Take regular breaks in the shade: When the heat becomes overwhelming, take breaks in shaded or air-conditioned spaces. These breaks help prevent overexertion and reduce the risk of heat-related illnesses.

3. Dress for the heat: Opt for lighter, loose-fitting clothing made from breathable materials like cotton. Breathable fabrics facilitate air circulation, evaporation of sweat, and effective temperature regulation.

4. Check on your coworkers: According to OSHA, over 70 percent of heat-related deaths occur during a worker's first week. Existing employees are also at risk when temperatures rise. Ensure you and your coworkers are trained to recognize and respond to heat-related illnesses promptly. If symptoms occur, take appropriate steps such as drinking water, seeking a cool spot, and obtaining medical attention if needed.

NOTE: While wearing a lab jacket is required by OSHA during clinical procedures, it shouldn't be worn outside the clinic area. Opt for short-sleeved clothing to provide relief from heat when not engaged in clinical duties.

Providing OSHA heat prevention training and following practical tips for heat prevention are crucial for maintaining well-being, particularly during warmer seasons. Remember to stay cool, stay hydrated, and stay safe. Prioritize your safety and the safety of your coworkers by recognizing and addressing the risks associated with heat stress.

2023-24 Oregon BOLI Poster

kelli@hlthcarecomp.com (Kelli Ngariki) — Thu, 22 Jun 2023 01:33:20 GMT

Order required Oregon BOLI poster by June 20

Oregon Bureau of Labor and Industries (BOLI) just released the new 2023-24 Oregon, and Federal required postings composite poster.

This poster is valid from July 1, 2023 to June 30, 2024.

This new poster includes the new Oregon Minimum Wage and the Paid Leave Oregon posting.

Purchase the official Oregon BOLI Poster for $17.

OR-OSHA is Fining Healthcare Clinics

kelli@hlthcarecomp.com (Kelli Ngariki) — Fri, 13 Jan 2023 21:23:02 GMT

OR-OSHA is Fining Healthcare Facilities for not following their own COVID Infection Control Plan

The Oregon OSHA COVID-19 rules, updated in September of 2022, continue the requirement that healthcare facilities (called exceptional risk in the rule) have a COVID-19 Exposure Risk Assessment and Infection Control Plan. These should have been created with staff input in 2020 and updated as OSHA rules, or other factors, changed.

Now that OR-OSHA inspectors are out conducting inspections again, they are looking at your COVID-19 Risk Assessment and Infection Control Plan. If your staff are not following your documented COVID-19 Infection Control Plan, you will be cited.

An example of this would be, back in 2020 all healthcare employers were required to ensure everyone entering the facility be screened for COVID-19 symptoms. You would have included screening in your plan at that time. The screening rule is no longer required and many clinics are no longer screening patients. If an OR-OSHA inspector comes on site and sees that your Infection Control Plan still says you are screening patients and guests, but you are not, you will be cited and fined.

OR-OSHA Required COVID-19 Documentation:

Here are documents you must have readily available for all staff (and the OSHA Inspector:

Updated Oregon OSHA COVID-19 Rules
COVID-19 Risk Assessment
COVID-19 Infection Control Plan
COVID-19 PPE Supply and Crisis Management Plan

Go Solo Interview - Compliance, Simplified! - Healthcare Compliance Associates

Fri, 07 Oct 2022 22:02:52 GMT

Check out our Go Solo interview! https://gosolo.subkit.com/healthcare-compliance-associates/

Masks in Healthcare – Resources to help!

Fri, 07 Oct 2022 21:57:09 GMT

New guidance for masks in healthcare

https://conta.cc/3yhfQeb

N95’s Still Required in Oregon for Healthcare?

Fri, 07 Oct 2022 21:55:53 GMT

If your county is in the green, meaning low-risk level, you may be able to discontinue the use of N95’s. Oregon OSHA points to this CDC guidance:

General Healthcare:

HCP working in areas with minimal to no community transmission, should continue to adhere to Standard and Transmission-Based Precautions based on anticipated exposures and suspected or confirmed diagnoses. This might include use of eye protection, an N95 or equivalent or higher-level respirator, as well as other personal protective equipment (PPE). In addition, universal use of a well-fitting facemask for source control is recommended for HCP if not otherwise wearing a respirator.

Dental:For DHCP working in facilities located in areas with no to minimal community transmission

DHCP should continue to adhere to Standard Precautions (and Transmission-Based Precautions, if required based on the suspected diagnosis).
DHCP should wear a surgical mask, eye protection (goggles or a face shield that covers the front and sides of the face), a gown or protective clothing, and gloves during procedures likely to generate splashing or spattering of blood or other body fluids. Protective eyewear (e.g., safety glasses, trauma glasses) with gaps between glasses and the face likely do not protect eyes from all splashes and sprays.

If your county is at moderate or higher risk level, you are still required to wear an N95 or equivalent when performing aerosol generating procedures.

What is a Firewall, and Why do I Need One?

Fri, 07 Oct 2022 21:54:58 GMT

As a healthcare practice, Health Insurance Portability and Accountability Act (HIPAA) requires that you safeguard your patient’s protected health information (PHI). This confidential data is highly susceptible to hackers via internet traffic. A firewall monitors your incoming and outgoing network traffic and, based on is a pre-determined set of security rules, permits, or blocks data. The firewall is a barrier between your internal network and incoming traffic, thereby blocking viruses, ransomware, and types of malicious software (malware).

How does a Firewall work?

Firewall security rules filter traffic coming in from unsecured or suspicious sources. These filters protect your computer and network against potential attacks by limiting traffic at your computer’s entry point (port), where information exchanges with external devices. The firewall also controls access levels: who has access to the system and how much information each user can access.

Firewalls

Your firewall can be software or hardware, but best practice recommends that you have both. A software firewall is a program downloaded onto your computer that controls traffic through ports and applications. For hardware, you maintain equipment installed between your network and the gateway to external networks.

What You Need To Know About The ONC Cures Act

Fri, 07 Oct 2022 21:53:00 GMT

The Health Insurance Portability and Accountability Act (HIPAA) act was passed by the 104th Congress, and signed into law by President Clinton in 1996, with the goals of protecting patient privacy and creating standards for the handling of medical records in the healthcare industry. It took a very long time for the health care industry to develop best practices to comply with HIPAA, and the 2020 ONC Cures Act presents another set of rules that healthcare professionals are required to comply with. Healthcare compliance can be complicated and the penalties for non-compliance can be harsh, that’s why it’s important to work with an Oregon HIPPA consultant to help guide you safely through these muddy waters.

What Is the ONC Cures Act?

Office of National Coordinator for Health Information Technology’s (ONC) primary goal is to ensure that patients and their healthcare providers have prompt access to their electronic health records by prohibiting “information blocking,” with penalties up to one million dollars per violation. ONC also encourages innovation by reducing the cost of developing and maintaining application program interface’s (API), while maintaining the intellectual property rights of software developers. It also attempts to reconcile conflicts that exist between HIPAA and other security and privacy statutes. One thing is clear, ONC creates new responsibilities for the entire health care industry that require immediate attention to avoid fines and penalties, but is especially strict with Electronic Health Record (EHR) providers.

Who Must Comply With ONC?

ONC specifies the entities, called “Actors,” that must comply with information blocking requirements under the Act, which became enforceable on April 5th, 2021:

Health care providers;
Health IT developers and
Health Information Networks (HIN’s or HIE’s)

All violations will be prosecuted against IT’s, HIN’s and HIE’s, but health providers will only be charged if they blocked information with knowledge and intent. This doesn’t automatically let physicians off the hook for mistakes, because a long delay could be construed as intent especially if it’s a patient that didn’t pay their bill. That’s why it’s important to work with an Oregon HIPAA consultant to ensure that your procedures have been updated to comply with current law.

What’s Considered Information Blocking Under ONC?

These are the types of activities that are targeted by ONC as information blocking:

Any practice that restricts access to patient records from other healthcare providers for treatment
Any practice that restricts authorized access or exchange of EHI;
Any nonstandard method that is complex or burdensome;
Limits or restrictions on information sharing for legally permissible persons or purposes;
Implementing IT so as to restrict access or make it more difficult to switch platforms or exchange information;
Acts that impede innovation and advancement;
Fraudulent, wasteful or abusive acts or omissions;
Access restrictions expressed in license terms, contracts, policies and procedures and
Manipulative and opportunistic economic practices that function to restrict access.

Oregon HIPPA Consultant

If you’re a health care provider or own a business that provides EHI records or develops products for this industry, it’s urgent that you begin operating within the bounds of ONC. Talk with the IT company that provides your HER to be sure they are in compliance with these new regulations. Hire an experienced Oregon HIPPA consultant as soon as possible to review your procedures and advise you about what you need to do to be in compliance.

Can I Disclose Someone’s Vaccine Status?

Fri, 07 Oct 2022 21:50:32 GMT

It is acceptable for healthcare providers to ask if a patient is fully vaccinated (14 days past the second dose of the vaccine). You may also disclose vaccination information for a patient to another healthcare provider or business associate, provided the disclosure was for treatment, payment, or healthcare operations, or if the patient expressly authorizes it.

A healthcare provider may also share vaccine status with a public health organization for “public health activities.” This could include collecting or receiving vaccination information to prevent or control disease, injury, or disability.

Non-healthcare organizations

Generally speaking, organizations that are not HIPAA Covered Entities (healthcare) or Business Associates are not subject to HIPAA regulations. But they may be subject to other federal, state, or international laws.

Do I still have to wear a mask?

Fri, 07 Oct 2022 21:49:14 GMT

On May 13, Center for Disease Control (CDC), issued new guidance for fully vaccinated individuals; they no longer have to wear masks or physically distance, “except where required by federal, state, local, tribal, or territorial laws, rules, and regulations, including local business and workplace guidance.”

Following the CDC’s recommendations, Governor Kate Brown issued an official press release indicating that Oregon would follow suit.

“Starting today, Oregon will be following this guidance, which only applies to fully-vaccinated individuals,” said Governor Brown. “That means Oregonians who are fully-vaccinated no longer need to wear masks or social distance in most public spaces.”

While fully-vaccinated individuals will be able to enjoy the ability to go without a mask for the most part, there are some exceptions. For instance, fully-vaccinated folks will still be required to wear masks and physically distance in the following places:

Public transportation
Hospitals
Health care clinics
Correctional facilities
Long-term care facilities

Oregon Health Authority (OHA) will be updating its guidance to provide employers with greater flexibility to cut back on masking and physical distancing requirements for fully-vaccinated employees. However, it is not required that all businesses adopt new masking and physical distancing policies.

Further: All healthcare personnel in Oregon counties at Moderate or higher Risk Level are still required to wear an N95 (or equivalent) when performing aerosol generating procedure s.

OSHA and HIPAA Training for New Employees

Fri, 07 Oct 2022 21:47:50 GMT

There is so much involved in onboarding for healthcare staff: human resource forms, tax forms, site tours, policies, procedures, and safety and compliance training. How do you keep it all straight and make sure you cover everything? You want to help new staff feel comfortable, know how to perform job tasks, work safely and maintain confidentiality of patient information. This can feel overwhelming. But it doesn’t have to be.

OSHA Requirements

HIPAA Requirements

HIPAA training should be designed to reduce the potential exposure of patient protected health information (PHI). This training is required for “each new member of the workforce within a reasonable period of time after the person joins the Covered Entity’s (healthcare) workforce. This is interpreted as requiring training within the first few days of being hired.

Training is necessary for members of the workforce to carry out their duties. Healthcare staff and business associates should “implement a security awareness and training program for all members of the workforce” (HIPAA Security Rule). According to this rule, HIPAA training is required “periodically”, which is interpreted as annually.

If there is a data breach of patient PHI, and an investigation finds that there has not been appropriate training for the staff, then that could result in a substantial fine.

Site Tour

One of the most important steps to onboarding a new employee is the site tour. This tour should not only orient the employee to the facility but also point out potential hazards and controls that minimize those hazards. For example, the sterilization area poses potential contamination and sharps injury hazards. This area should be set up with detailed procedures to minimize the risk of cross-contamination or a sharps injury. A new employee should be shown where hazard prevention and clean up devices are located including sharps containers, biohazard receptacles, and the spill kit.

The Solution is Simple

At Healthcare Compliance Associates, we simplify the onboarding process with New Employee OSHA and HIPAA Online Training . This package encompasses OSHA and HIPAA standard requirements in easy-to-follow training videos and a comprehensive onboarding checklist. The training videos teach OSHA and HIPAA general healthcare compliance. Following the onboarding checklist will help you with human resource forms, guide you through the site tour and remind you of what HIPAA forms need to be completed by the employee. Take the stress out of New Employee OSHA and HIPAA training with our New Employee Online OSHA and HIPAA training.

Patients are asking if my staff is vaccinated…

Fri, 07 Oct 2022 21:42:33 GMT

Can you share with patients that your staff are vaccinated for COVID-19?
Answer: Only with written consent from each staff member
An employee’s immunization status is protected health information (whether written, verbal or electronic) and should be kept confidential unless explicitly authorized by the employee for disclosure.If your employee consents to allow the clinic to share their COVID-19 immunization status, use the form: HIPAA Authorization to Use/Disclose Healthcare Information found in your Healthcare Compliance Associates HIPAA manual on page 7.

Do I need to Shock my Dental Unit Water Lines??

Fri, 07 Oct 2022 21:40:29 GMT

This is not regulated by OSHA because it concerns the safety of patients, not employees.
Short answer: Check manufacturer guidance!
The ADA says:Check with your dental unit manufacturer for recommendations on how to clean your waterlines, even if you use an independent water source. They may suggest options such as filtration or use of chemicals or a combination of these. Guidance differs depending on factors, including block type. Be sure you know that a particular reagent is appropriate for your specific dental unit.
Once you have identified a process that fits your needs and is compatible with your dental unit (per the manufacturer) establish a schedule for waterline maintenance as well as an individual designated for this responsibility.

Dental – Respiratory Protection Program Update!

Fri, 07 Oct 2022 21:39:05 GMT

Oregon OSHA came out with an updated Respiratory Protection Program strictly for dentists. Follow the link to watch the recording of how to efficiently set up your Respiratory Protection Program using this new OSHA document. Follow this link to watch this extremely helpful webinar .

DENTAL-Updated Respiratory Protection Plan

Fri, 07 Oct 2022 21:36:11 GMT

Oregon OSHA created a new Respiratory Plan specific for dental clinics. Please download, input your practice information, print out and keep in your Respiratory Protection Binder.
Download DENTAL Respiratory Protection Plan.

CDC Updated Dental Settings Guidance Aug. 4, 2020

Fri, 07 Oct 2022 21:34:33 GMT

CDC just updated their Coronavirus guidance for Dental Settings. Check out the changes…
https://www.cdc.gov/coronavirus/2019-ncov/hcp/dental-settings.html

COVID-19 Oregon OSHA guidance on PPE for DENTAL

Fri, 07 Oct 2022 21:32:53 GMT

During the COVID-19 Pandemic:

Key takeaway…

When performing aerosol generating procedures (AGP) it is REQUIRED to wear:

Eye Protection
Gloves
Gown (Single Use only During AGP’s or NON-AGP’s!)
Respirator (*see specific guidance on respirator type and requirements for extended and reuse strategies)

Oregon OSHA COVID-19 Workplace Advisory Memo

Fri, 07 Oct 2022 21:31:25 GMT

OSHA put out an advisory memo for businesses regarding face coverings:
Oregon OSHA COVID-19 Workplace Advisory Memo (6.27b)
Business/Employer Enforcement of the Oregon Health Authority “Statewide Mask, Face Shield, Face Covering Guidance”
https://osha.oregon.gov/Documents/COVID19-Face-Covering-Advisory-Memo.pdf

Face Masks “Most” of the Time…

Fri, 07 Oct 2022 21:29:46 GMT

The June 25 Oregon Health Authority (OHA) general mask guidance says that that Oregonians should be wearing a face mask, shield or other covering at anytime in business, on transit or in public areas. (See entire guidance at OHA 2288K) We have been asked by healthcare workers, “Do we really have to wear a mask ALL the time?” Well, on page 2 of the OHA guidance it says:
A business is required to:
Require employees, contractors and volunteers to wear a mask, face shield, or face covering, UNLESS an accommodation or exemption is required by law OR the following exemption applies:
Employees, contractors and volunteers: Masks, face shields or face coverings are NOT required when eating/drinking or when at or in a location where the employee, contractor or volunteer is not interacting with the public and six (6) or more feet of distance can be maintained from other people.

Required 2020-2021 Posters

Fri, 07 Oct 2022 21:27:57 GMT

Oregon Bureau of Labor and Industries (BOLI) has a CORONAVIRUS poster that EVERY employer needs to print out and post for all employees to see. Here is the link to the free poster: https://www.dol.gov/sites/dolgov/files/WHD/posters/FFCRA_Poster_WH1422_Non-Federal.pdf

Oregon BOLI also has an updated composite poster that every employer needs. Here’s the link to purchase the poster for $17 (plus shipping) from Oregon BOLI. Be sure to select the 2020-2021 Commonly Required Postings in Oregon Poster.
https://apps.oregon.gov/boli/storefront/

Need PPE?

Fri, 07 Oct 2022 21:25:35 GMT

Oregon OSHA has an Oregon Supply Connector Page that helps you find local resources for PPE: gowns, masks, N95’s, gloves, and eye protection. We are still getting calls that most healthcare clinics do not have enough masks, N95’s (or equivalent), gowns or eye protection. We are still waiting on promised guidance from Oregon OSHA on how healthcare should proceed when PPE supplies are limited.

Mandatory Respiratory Protection Program…

Fri, 07 Oct 2022 21:23:48 GMT

In the Oregon Health Authority (OHA) May 9,2020 update (OHA 2288J) it states:

“If Aerosol-Generating Procedures (AGP) are necessary for any patient, Healthcare Personnel should use gown, gloves, eye protection, and a fit-tested N95 mask or higher respiratory protection.”

This means that any practice that is conducting aerosol generating procedures will need to have a Respiratory Protection Program.

Healthcare Compliance Associates recommends creating a binder for your respiratory program. The respiratory program needs to be accessible to any applicable employee. Maintain the following documentation in the binder:

Respiratory Program Checklist
Respiratory Program
Medical evaluation documentation for each employee required to wear a respirator (keep this in a confidential personnel file)
Fit Testing documentation for each employee who is required to wear a respirator (pg. 34 in Respiratory Program above)
Respiratory Training including:
The respiratory hazards to which they are potentially exposed during routine and emergency situations – See CDC guidance
Training of employees in the proper use of respirators, including putting on and removing them, any limitations on their use, and their maintenance.
Procedures for regularly evaluating the effectiveness of the program.
Compliance

Who do I listen to? OSHA, CDC, ADA, AMA, OHA or OR-OSHA?

Tue, 04 Oct 2022 22:46:30 GMT

Everyone seems to be offering conflicting information. So who do we look to for guidance? Well, in Oregon, we get our guidance from Oregon Health Authority (OHA) and Oregon OSHA. These two look to these other associates and agencies for direction but then come up with their own guidance for businesses in Oregon. So, be careful when reading guidance from associations or federal agencies (like federal OSHA) because they may conflict with Oregon OSHA and ADA.

healthcare-compliance-associates-website-final

HIPAA Compliance for Healthcare Practices: 3 Hidden Gaps

Identifying Common Blind Spots in Your HIPAA Program

OSHA Compliance Checklist for Dental & Medical Clinics (2026)

A practical safety guide for small dental and medical offices to meet 2026 OSHA standards and avoid costly compliance mistakes.

HIPAA Patch Management for Dentists: What “Patching” Means

Your IT Handles Updates –But Can You Prove It? A practical checklist for small practices to reduce ransomware risk and strengthen HIPAA compliance.

What Is a HIPAA Business Associate? Training Requirements for 2026

Why HIPAA Still Applies to You — Even If You Don’t “Work in Healthcare”

Immediate-Use Steam Sterilizer (STATIM): When and How to Use It Safely in Healthcare Settings

A practical guide for dental and medical teams on safe STATIM sterilizer use, based on CDC and Oregon OSHA guidelines.

Best Practices for Cleaning and Sterilizing Dental Burs

From Dirty to Sterile—Without Guesswork or Risk

Why Bleach Should Never Be Used in Dental Unit Waterlines

Helping Oregon dental teams keep compliance simple, safe, and stress-free.

Do I Need to File a Workers’ Comp Claim for a Needlestick Injury?

Preventing Workplace Violence in Healthcare: A Proactive Compliance Strategy

Creating a Workplace Where Safety, Respect, and Readiness Come First

OSHA Safety Meetings: Why They Must Focus on Employees

Patient Safety Matters, but OSHA Safety Meetings Are About Safeguarding Employees

Why Employees File OSHA Complaints—And How to Prevent Them

How to reduce risk and build a workplace where employees feel heard

What to Do When Patient Records Are Delayed

Frustrated by long waits for patient records? You're not alone.

Don’t Let Infection Control Be Your Weak Spot

The Truth About CDC and OSHA Requirements for Infection Control in Dental Practices

What is a Spoofed Email and How Should Healthcare Clinics Respond?

How to Spot, Prevent, and Respond to Spoof Emails for Healthcare Settings

When Records Are Delayed: Navigating Requests with Confidence, Clarity, and Results

Protecting Patient Privacy on Social Media

A Practical Guide for Dental and Healthcare Offices

Do I Need Infection Control Training?

If you’re not 100% sure when your team last completed infection control training—or who even needs it—this quick guide is for YOU!

When Patients Cry “HIPAA Violation”: What to Do

How to Handle HIPAA Complaints with Professionalism, Compassion, and Confidence

Healthcare Cybersecurity

Breaking Down Silos to Build Smarter Data Protection

Learn From a Ransomware Mistake

What the Syracuse ASC Breach Teaches About Healthcare Cybersecurity

OSHA 2025 Penalty Reductions: How Small Medical & Dental Clinics Can Save Up to 70%

New OSHA rules reward small healthcare practices with steep fine reductions for acting quickly and maintaining strong safety practices.

How to Build a Healthcare Compliance Program That Works

7 Elements of an Effective Compliance Program for Small Healthcare Practices

Can You Talk About a Patient If You Don’t Say Their Name?

“It's not really a HIPAA violation if I don't say their name, right?”

Is Online OSHA Training Acceptable? Why Onsite Training Is Better for Medical and Dental Practices

Understand OSHA requirements and discover why onsite, in-person training delivers better compliance, engagement, and protection for your practice.

Do Dentists Have to Wear Gowns? Don't make this $162,000 mistake

Why ignoring PPE requirements—like gowns—could cost your dental practice big money

What Are Considered HIPAA Violations?

Essential Insights to Strengthen Your HIPAA Compliance Program

Why Every Dental Practice Needs Good Dentist, Poor Dentist

Discover the SAFER Compliance System for Dental Practices

Glutaraldehyde in Your Clinic: What You Don't Know CAN Hurt You!

Is glutaraldehyde silently putting your team and patients at risk?

Is TB Testing Required for Dental Employees in Oregon?

Everything Your Clinic Needs to Know About Oregon’s TB Rules

New Survey Reveals a Key Factor in Preventing HIPAA Data Breaches

Management support for compliance directly impacts the likelihood of a data breach

Can I Refuse an OSHA Inspection?

OCR Imposes $1.5M Penalty for HIPAA Violations

Cyberattack Exposes Nearly 200,000 Patient Records, Leading to Regulatory Action

Dental Unit Waterline Safety: Preventing Infections in Your Practice

Why Regular Waterline Maintenance is Critical for Every Dental Practice

Dental Ergonomics: Save Your Back, Save Your Career

5 Tips to Prevent Pain, Boost Comfort, and Extend Your Dental Career

﻿

Key Aspects to Consider

Why It Matters

Does the HIPAA Privacy Rule permit health care provider to share patient health information for treatment purposes?

Can our office share patient information with another healthcare office without getting the patient to sign a release?

Does the HIPAA Privacy Rule permit a doctor, laboratory, or other health care provider to share patient health information for treatment purposes by fax, e-mail, or over the phone?

HIPAA Training Springfield, Oregon

Steps you need to take NOW to Improve HIPAA Compliance

Why a Comprehensive HIPAA Compliance Program is Essential

Top 3 Things You Need to Do NOW to Improve HIPAA Compliance

1. Conduct a Thorough Risk Assessment

2. Train Your Staff Regularly

3. Implement or Update Your Written Policies and Procedures

Conclusion