Are you doing enough to prevent breaches of protected health information?

HIPAA violations can have serious legal consequences.

Case in point: A federal grand jury has indicted a former employee at the University of Pittsburgh Medical Center for allegedly stealing patient data. The defendant disclosed to other people the names, birth dates and Social Security numbers of patients – information later used to file false tax returns. The law carries of maximum sentence of 80 years in prison, a fine of more than $4.7 million, or both.

In another case, a former researcher at the UCLA School of Medicine has been sentenced to four months in federal prison for HIPAA violations. Upon learning that he was being dismissed from his job, the UCLA employee accessed the medical records of his superior and coworkers, as well as more than 320 patient records (many of them celebrities) during the following four weeks. Charges were filed in 2009 and the defendant pleaded guilty in early 2010 to four misdemeanor counts of illegally reading private and confidential medical records.

Not only do these cases demonstrate the long reach of HIPAA enforcement, but also the importance of bumping up security and other safeguards to prevent these types of medical data breaches.

What is a breach?

A breach occurs when 1) there has been “unauthorized” access, use or disclosure of “unsecured” PHI that violates the HIPAA Privacy Rule, and 2) the disclosure “compromises the security or privacy” of the PHI, which means that it “poses a significant risk of financial, reputational or other harm to the individual.”

What is “unsecured” PHI?

The rules define “unsecured” PHI as any information that has not been rendered unusable, unreadable or indecipherable to unauthorized individuals through the application of a technology such as encryption and destruction.

Encryption - Proper encryption should use an algorithmic process to transform data into a form that is meaningless without a confidential process or key (which also must be protected).

Destruction - Hard copy PHI, such as paper or film, needs to be thoroughly shredded or destroyed so that it cannot be read or reconstructed.

How do I protect my business?

To steer clear of HIPAA violations and breaches, you should:

Establish breach notification procedures and update policies - Develop guidelines for determining when a breach has occurred, who will prepare individual notifications, and when a breach will trigger a requirement for notice to the media or immediate notice to HHS. Amend your HIPAA privacy and security policies, too, to cover the security breach notification rules.

Maintain a breach incident log - Set up a system to log security breaches affecting fewer than 500 individuals, which you must file with HHS within 60 days after the end of the year.

Revise business associate agreements - Discuss with your business associates (and put in writing) when they should notify you of a breach by their organization, what information should be reported, and which party will issue the required notifications.

Train employees on proper procedures - Employees should understand when they have encountered a breach and how to report it. A successful training program will provide formal instruction on HIPAA-related policies and procedures, as well as build awareness through workplace postings and other employee materials.

Employee safety during winter's "big chill"

When the winds are howling, the snow drifting and the temperatures plummeting, your employees have more to worry about than “Jack Frost nipping at their nose.”

If forecasts hold true, this could continue to be an especially rough winter season for much of the country. Now is the time to step up your cold-weather safety training to ensure your employees work safely outdoors and are prepared for any winter-related emergencies.

For your employees at the greatest risk …

If your business involves construction, commercial fishing, maritime or agriculture, much of your workforce is directly exposed to the dangers of extreme cold. Meet your obligation under OSHA to provide a safe working environment by educating outdoor employees on cold-weather risks and guiding them on proper winter wear.

The two biggest health threats for your outdoor employees are frostbite and hypothermia. Alert them to the early signs of cold stress, and what they should do if they (or a coworker) show symptoms of either condition.

Frostbite occurs when body tissues freeze, most often affecting the fingers, toes, nose, cheeks and ears. It can permanently damage tissue and cause loss of movement in the areas affected. Early symptoms include numbness, tingling or stinging, aching, and bluish or pale skin.

Recommended first aid: Move the victim to a warm room or shelter; discourage the victim from walking on frostbitten feet or rubbing the frostbitten area, which can cause damage; and immerse the affected area in warm water.

Hypothermia occurs when body temperatures drop to dangerously low levels due to exposure to cold (as well as other factors, such as high winds, exhaustion and wet clothes.) Early symptoms include shivering, fatigue, loss of coordination and disorientation. In later stages, hypothermia can lead to bluish skin, dilated pupils, slowed pulse and even unconsciousness and death, if left untreated.

Recommended first aid: Move the victim to a warm room or shelter; remove wet clothing; warm the chest, neck, head and groin with an electric blanket, if possible; provide warm beverages; and keep the victim dry and wrapped in a warm blanket.

Keep in mind that these risks increase significantly in relation to the windchill factor. On blustery, cold days, the wind eliminates the thin layer of air that acts as an insulator between the skin and the outside air, which can cause a loss of as much as 80 percent of a person’s total body heat.

Even when conditions aren’t severe enough to cause frostbite or hypothermia, they may lead to other safety hazards for your employees. For example, a worker that loses feeling and dexterity in his hands may have difficulty handling tools, equipment and other materials, increasing the chance of an accident.

What they wear matters

The right clothing is a vital defense against the cold weather. While OSHA does not require you, in most cases, to provide cold-weather personal protective equipment (PPE) to employees at no cost to them, it’s certainly a good idea to inform them on what type of gear will safeguard them from the elements.

To prevent heat loss, employees should wear several layers of loose clothing and a durable winter coat that provides adequate insulation, sheds snow and wetness, and allows the escape of moisture from within. Thermal underwear is also recommended, along with wool socks, quilted or lined pants, waterproof, insulated footwear, wool knit caps or hat liners, and gloves or mittens.

Office feeling a little ho-hum? Wrap up the gift of employee morale

Between planning a cross-country vacation to visit Aunt Judy or navigating the nearest mega-mall for last-minute gifts, many employees find their focus dropping faster than the needles on a Fraser fir during the holiday season.

The floundering economy has many a staff crying, “Bah! Humbug!”, as well. Whether it’s due to weak, year-end sales or the company being forced to cancel the annual holiday extravaganza, employee morale may be in a slump. From G.Neil’s HR Library of interesting, insightful HR articles, I bring you some tips to boost employee morale during the holidays and keep energy levels high well into the new year:

Food. Food has a magical way of bringing employees together and putting everyone in a good mood. Throughout the year and especially during the holiday season, get employees together by holding bake sales for charity, organizing potluck luncheons or simply bringing in a bag of bagels.

Holiday cards. Business holiday cards are a simple and easy way for companies to show their appreciation for the hard work employees have put in all year long. Remember to go one step further and write a personal, hand-written message on the inside of the card for a special touch.

Compliments. Like a sweet treat, compliments have a way of immediately lifting our spirits and bringing a smile to our face. Encourage supervisors to compliment their employees regularly. It’s a free and easy way to improve employee morale not only during the holidays, but year-round.

Fun. Look for simple ways to lighten the mood at work. Hold whimsical contests, bring in pizza for lunch or make up playful celebrations, like “Favorite Team Jersey Day.” If the weather permits, buy some frisbees or footballs and take the action outside of the office. Keep your ideas simple, get everyone involved and have a good time.

Humor. Bring some laughter back into the office with a fun activity. For example, organize an office-wide event where employees hand out funny awards to coworkers and supervisors. Keep costs low by using common office supplies to create the awards. See how creative employees can get by using what they find in the supply cabinet.

The holidays offer a great opportunity to improve employee morale around the office. All it takes is a little ingenuity and some simple ideas. Don’t wait until January 2nd to get started - get going today!

DOL and ABA partner to help resolve wage-related complaints

In the first-ever collaboration between a federal agency and the private bar, the Department of Labor (DOL) and American Bar Association (ABA) will join forces to resolve employee complaints received by the Wage and Hour Division (a department that handles more than 35,000 employment-related legal complaints in a typical year).

Through an attorney-referral system, the new program will ensure more workers obtain legal assistance for complaints such as not getting paid the minimum wage, not being paid overtime, or being denied family medical leave.

As of December 13, complainants whose cases cannot be resolved by the DOL due to limited capacity will get a toll-free number connecting them to a network of state and local ABA-approved attorneys. If the DOL has already conducted an investigation, the complainant will receive the findings to share with the attorney who takes the case. The DOL also has established a special process to help complainants and representing attorneys obtain additional case details and documents.

According to DOL Secretary Hilda Solis, this collaboration “streamlines worker access to additional legal resources and builds on the Department of Labor’s continued efforts to ensure that employers comply with America’s labor laws.”

To learn more, check out the We Can Help area of the DOL’s website.

Be more safety savvy by educating employees on the latest CPR guidelines

As you know, the American Heart Association (AHA) recently released new CPR guidelines (see previous blog post) specifying that chest compressions come first, followed by clearing the airway and mouth-to-mouth breathing. The new guidelines also indicate how fast and how hard rescuers should push on the breastbone during compressions.

What are you doing to share this new CPR procedure with your employees? You play a key role in empowering your workforce with the latest safety guidelines. Satisfy OSHA’s requirement for posting essential safety information by hanging a current CPR poster in your workplace.

We’ve refreshed our Lifesaving CPR and Choking Posters to make it easy to keep your company up to date on the latest CPR technique. When prominently displayed, the boldly illustrated, laminated posters provide immediate access to the new CPR steps, possibly shaving seconds off a life-sustaining emergency procedure. Order now and save 10% off the regular price.

'Tis the season for sexual harassment training

In just a few festive hours, an employee can do or say something at the annual holiday party (see previous post) that could lead to a sexual harassment claim – and a legal mess that lasts long after the tinsel comes down.

To keep the good cheer in check and protect your company from a harassment claim:

Remind employees of your no-harassment policy. Redistribute the policy before the holiday party, and emphasize that all guidelines will be in full force, even if the party occurs off-site or after work hours. Be certain your employees understand that harassment can be verbal, physical or visual. The areas that could get someone in trouble at a holiday event are most likely verbal and physical harassment, including inappropriate comments, jokes, unwelcome physical contact, invading one’s physical space and offensive gestures.

Make sure all employees and supervisors have received sexual harassment training. If you haven’t conducted sexual harassment training in the past year, consider organizing a one- to two-hour session that covers definitions and examples of harassment, an overview of employee rights, and clear communication that the company will not tolerate harassment of any kind.

A few last tips …

Since you could be found liable for injuries caused by a drunken employee, consider not serving alcohol at all – or taking steps to limit consumption, such as providing a limited number of drink tickets for each employee, closing the bar well before the party ends or offering perks to employees who volunteer to be designated drivers.

Also, stress to supervisors the importance of setting a professional example, and that you’re counting on them to keep an eye on any employee antics that could get out of hand.

It's (work) party time! How to ring in the holidays without regrets

Whether a corporate-sponsored, semi-formal event or a group outing at a local watering hole, holiday gatherings are festive events, which can lead to careless carousing (especially when the eggnog is spiked).

That doesn’t mean employees can’t and shouldn’t have fun. They simply need to party smart. There is no other event on the corporate calendar that offers greater opportunity to be noticed - whether it’s as employee of the year or the guy who slow-danced with the table centerpiece.

Help your employees have a joyous and memorable-for-all-the-right-reasons corporate holiday season by encouraging them to follow these party pearls of wisdom:

1. Join the festivities. First and foremost, encourage employees to attend the event. Yes, it’s the holidays and everyone is busy but “no-shows” are noticed. At the very least, attending demonstrates that you’re a team member and not an outsider.

2. Dress appropriately. This is no time to be a jester in a court of kings. Don’t show up looking like you’re cleaning out the garage … or test the boundaries of good taste with clothes too tight, too short or too low. Do your best to blend and remember that how you dress matters.

3. Restrict the refreshments. Too many trips to the spiked punch bowl or open bar can lead to inappropriate words and actions. Limit yourself to one or two drinks, so you can leave the party with your wits - and reputation - intact.

4. Toe the line. Although employees are not officially on the clock, their conduct during on-site or off-site events should be the same: businesslike. Many a career has taken a turn for the worse due to loose lips, lapses in sound judgment and other embarrassing shenanigans. Keep it clean and keep it professional.

5. Expand your social circle. While it’s easier to hang out with your “regular” group of coworkers, a holiday gathering is a great environment for getting to know employees you don’t regularly interact with. On the flip side, don’t attach yourself to just one person and monopolize the conversation. Move around and mingle.

6. Limit “shop talk”. While you’re mingling with others, try to keep the business talk to a minimum. Instead, take advantage of the opportunity to get to know your coworkers on a more personal level. Be positive and stick with safe topics like travel, family, local sports and movies.

7. Be appreciative. Before leaving the party, make an effort to thank a senior executive. Not only is it proper etiquette, but it also gives you a chance to make a positive (perhaps even first) impression. Your politeness will be remembered.

Check out Friday’s blog post for some final tips from the HR front for keeping your holiday event happy and harassment-free.

Labels :

Copyright (c) 2010. Blogger templates by Bloggermint