Blog Posts

Coronavirus Update: Mask Shortage

Wednesday, March 11th, 2020

We have received numerous support calls regarding the mask shortage.  Please read this information carefully.

Coronavirus Disease 2019 (COVID-19) is a respiratory disease caused by the SARS-CoV-2 virus. Symptoms include fever, cough, and shortness of breath. Some people have reported other symptoms while others report no symptoms at all. CDC indicates that symptoms of COVID-19 may appear in as few as 2 days or as long as 14 days after an exposure.

How to Stay CyberSane

Thursday, February 27th, 2020

Ransomware hits 400 dental offices. Cybercriminals are now demanding ransom directly from the patients according to one Florida plastic surgeon who had to post a notification on his website. Cybercriminals seek hundreds of thousands of dollars to decrypt your data held at ransom. HIPAA fines and penalties can be millions of dollars. Do you feel like you are losing your sanity trying to maintain your office’s cybersecurity and HIPAA compliance?

The first step in achieving cybersanity is to learn about cybersecurity. You can’t run from it. Simply having a trusted IT person is not sufficient.

Hey, Boo Boo: These Aren’t Your Average Gloves!

Monday, February 17th, 2020

As a human, our hands are pretty important. As a dental professional, they’re mandatory!

When it comes to selecting items for Professional Hand Safety, use your head! Utility gloves are meant to protect you from SHARPS and CHEMICALS, not butter knives and dish detergent. Exam gloves aren’t going to provide the level of protection you need. Utility gloves need to be made from strong material such as rubber, nitrile, or latex and be given worthy titles such as “puncture resistant” and “heavy duty”. The right type may not be available at Walgreens. Yes, it’d be nice if they carried them, but we can’t have everything.

Don’t Let Your Livelihood Go Up in Flames

Monday, February 17th, 2020

I’ve always been a cautious individual. I never wanted scars or great stories of how I narrowly escaped harm. I like my teeth, limbs, and eyebrows just the way they came, and the emergency room doesn’t seem thrilling. However, I realize there are some daredevils out there. I knew a couple of girls in high school who lit their batons on fire and performed for hundreds at football games. I didn’t envy their fame a bit, and I always wondered if they got burned. Whether you enjoy the adrenaline rush or not, I bet no one at your place of employment wants to be out of work due to a fire. So, if a fire began in your vicinity, what would you do?

International Assistance Dog Week

Wednesday, October 16th, 2019

IADW was created to recognize all the devoted, hardworking assistance dogs helping individuals mitigate their disability-related limitations. The goals of IADW are to:

  • Recognize and honor assistance dogs
  • Raise awareness and educate the public about assistance dogs
  • Honor puppy raisers and trainers
  • Recognize heroic deeds performed by assistance dogs in our communities

The Importance of Audit Logs

Wednesday, September 25th, 2019

Some of the top breaches happen due to unauthorized users accessing ePHI. What exactly is an unauthorized user? An unauthorized user is any individual(s) who have not been authorized or have not been given access to ePHI. It is the person or persons who used the protected health information or to whom the disclosure of protected health information was made. Under HIPAA, this is considered a breach and by law is reportable. Breaches of ePHI can be caused by mistakes (someone loses a laptop) or by a bad actor (hacker, rogue employee).

OCR – Right to Access

Wednesday, September 18th, 2019

UPDATE Membership Plans

Friday, September 13th, 2019

This video addresses the Tennessee Department of Commerce and Insurance’s recent position regarding dental service plans.

Workplace Violence Policy & Abusive Conduct Prevention Policy

Wednesday, September 4th, 2019

Bullying includes acts of cruelty, belittlement, degradation, yelling or screaming, excessive or unjustified criticism, public reprimand or behavior intended to punish, such as ignoring or excluding someone from workplace activities, intimidation, ridicule, threats, insults or sarcasm, humiliating or demeaning a person in front of others, trivialization of views and opinions, or unsubstantiated allegations of misconduct, sabotaging someone’s ability to do their job, unfairly blaming them for mistakes or stealing credit for their work, assigning an excess of work deliberately to cause stress to the individual, or physical violence such as pushing, shoving, or throwing of objects.

CDC Publishes New Guidelines for TB

Wednesday, July 24th, 2019

Center for Disease Control and Prevention (CDC) published new guidelines, Tuberculosis Screening, Testing, and Treatment of U.S. Health Care Personnel: Recommendations from the National Tuberculosis Controllers Association and CDC on May 17, 2019.  These revised recommendations update those published in year 2005. 

The goal in healthcare is to provide early identification and prophylactic treatment of personnel who convert a TB skin test and prevent the spread of nosocomial TB within the facility. 

According to the CDC, health care personnel working in the U.S. are no longer considered at an increased risk for latent tuberculosis infection (LTBI) and TB disease from occupational exposures.  Based on these findings, routine serial TB testing at any interval after baseline in the absence of known exposure or ongoing transmission is no longer recommended.  

Risk Analysis/Risk Management

Tuesday, July 16th, 2019

All ePHI that is created, received, maintained, or transmitted by an organization is subject to the HIPAA Security Rule. What is the HIPAA Security Rule exactly? “The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity.” https://www.hhs.gov/hipaa/for-professionals/security/index.html

HIPAA and Cybersecurity

Thursday, May 23rd, 2019

It’s no secret that HIPAA regulatory compliance can be very time consuming and substantially increase costs. Confusing, obtuse regulations written in difficult to understand language can be bewildering and overwhelming for healthcare organizations, especially small to midsize organizations with limited management resources. HIPAA compliance is no exception. According to the Office of Civil Rights, covered entities must make a ‘good faith effort’ in the following areas of compliance: 1) Recent Security Risk Assessment; 2) Active Risk Management Process (Work Plan); 3) Current policies and procedures for protection of patient data; 4) Signed Business Associate Agreements; and 5) Employees having been trained within the last year.

The Importance of HIPAA Training

Tuesday, April 9th, 2019

A recent study in the Journal of the American Medical Association showed that over half of data breaches are caused by internal issues – many of which are directly related to a lack of effective employee training. You can read more about the recent study at https://www.hcinnovationgroup.com/cybersecurity/news/13030905/study-internal-negligence-not-hackers-responsible-for-half-of-data-breaches. Clearly employee training should not be taken lightly.

10 Most Common Questions about HIPAA

Tuesday, January 29th, 2019

We get a lot of questions from our clients and thought we would share some of the most frequent with you:

Q. When can we say we are HIPAA compliant?
A. We get this question a lot. There is no definitive answer on this. However, based on what we see from the Office of
Civil Rights, an organization will be considered HIPAA compliant if they make a “good faith” effort, which would
generally, include the following:

CE Requirements for Tennessee Dental Offices

Wednesday, October 31st, 2018

As we approach the end of the year, please be sure your entire team has satisfied continuing
education (CE) requirements. The Board of Dentistry requires strict compliance. Additionally, verify that the dental licenses are current. Failure to maintain a current license is a costly mistake that has a negative impact on your team member and you.

Display the dental licenses in a conspicuous place as required by the board. In this manner, you can ascertain that the licenses are current. Calendar the renewal dates to ensure that there is no lapse. Otherwise, maintain a spreadsheet with everyone’s names and renewal dates.

HIPAA Business Associate Agreements

Wednesday, October 24th, 2018

Business Associate Agreements (BAAs) are a very important requirement of HIPAA compliance and should not be overlooked.  Organizations have gotten into trouble because of lack of a BAA and Business Associates (BAs) are quite often the source of breaches.  This tip is written from the point of view of a Covered Entity, although the same concepts apply to BAs as well (Note: a BA can also have a BA! This is called a “downstream” BA – see below.)

HIPAA Security Incidents and Breaches

Monday, October 1st, 2018

Many people believe that a HIPAA breach automatically leads to investigations and fines.  This is not necessarily the case. The purpose of the HIPAA Security Rule and the goal of HIPAA compliance is to position your organization to minimize the chance of a breach and to properly deal with a breach if one occurs.  That said, it is impossible to eliminate all possibility of a breach. For example, the actions of your employees and Business Associates are completely out of your control. Again, HHS (Health & Human Services) and the OCR (Office for Civil Rights) are not expecting perfection.  In fact, it is estimated that if you have 10,000 records in your office, chances are 1 in 3 that you will have a breach – so odds are you will have one sooner or later. This article is designed to examine security incidents and breaches and determine how to deal with them.

HIPAA Compliance and Vulnerability Scans

Monday, August 6th, 2018

This article provides useful tips for HIPAA security officers. As a HIPAA security officer, you can divide your list of tasks into two categories: “ad-hoc” tasks and maintenance tasks. Examples of dealing with “ad-hoc” tasks include remediating gaps
identified on a Risk Assessment and dealing with a security incident. There are also maintenance tasks that must be performed on a regular basis. One example is tracking Employee Training. Another maintenance task example is a vulnerability scan.

HELP!!!!!! OSHA is Here!! What do I do now?

Monday, July 23rd, 2018

The key to having confidence in your compliance program is preparation. This article is designed to help you prepare for an OSHA visit. The Occupational Safety and Health Administration (OSHA) is an agency of the U.S. Department of Labor. Tennessee OSHA is an agency of the Tennessee Department of Labor and Workforce Development. In addition to Tennessee, there are other states who have OSHA-approved State Plans. (1)

There are different types of audits:

Top Ten Violations TOSHA Will Look For

Monday, March 12th, 2018

Many dental offices are scrambling to achieve OSHA compliance with the recent announcement of random audits as part of TOSHA’s Local Emphasis Program. Numerous dental offices across the state of Tennessee have been randomly audited. There has been much confusion and quite a bit of stress resulting.

This article explores common violations we commonly see in dental offices in Tennessee. We hope you will find this information helpful in closing the gaps in your compliance program.