HHS OCR Requests Feedback on HIPAA Privacy Rule

On January 28, 2019, the Office of Health and Human Services the Office for Civil Rights (HHS OCR) issues a Request for Information (RFI) seeking input from covered entities regarding several aspects of the Health Insurance Portability and Accountability Act (HIPAA).  Specifically, the HHS OCR is seeking input regarding several elements of the Privacy Rule, including the following: Encouraging information-sharing for treatment and care coordination Facilitating parental involvement in care Addressing the opioid crisis and serious mental illness Accounting for disclosures of PHI for treatment, payment, and health care operations as required by the HITECH Act Changing the current requirement for certain providers to make a good faith effort to obtain an acknowledgment of receipt of the Notice of Privacy Practices I am aware that several AAA member services who have struggled with many of the HIPAA restrictions regarding the sharing of PHI with other healthcare entities.  In particular, with regard to individuals who suffer opioid overdoses and efforts to ensure the individual has access to drug treatment programs.  Additionally, HHS OCR is seeking input from covered healthcare providers regarding the “good faith” efforts to obtain acknowledgement of the receipt of Privacy Practices.  This has been a considerable challenge for...

This content is available only to AAA members.
Log In or Register

OSHA Reminder 2019

OSHA Injury Posting & Reporting of 2018 Injury Data It is important that employers remember that they must post a copy of their OSHA Form 300A which is a summary of workplace injuries starting February 1, 2018 through April 30, 2018.  The OSHA Form 300A is a summary of all job-related injuries and illnesses that occurred in an employer’s workplace during 2018.  If a company recorded no injuries or illnesses in 2018, the employer must enter “zero” on the total line. The form must be signed and certified by a company executive. The OSHA Form 300A Injury Summary must be displayed in a common area where notices to employees are usually posted.  In addition to posting these reports in the workplace, covered employers should be electronically submitting their 2018 workplace injury data to OSHA via the Injury Tracking Application (ITA).  If members need assistance with the workplace posting or electronic injury reporting submission, contact the AAA. 2019 OSHA Penalty Adjustment Also, a reminder to employers who are subject to OSHA or to those who operate in a state with an OSHA approved state level plan, the penalty amounts for OSHA violations are increasing effective the publication of the new rates...

This content is available only to AAA members.
Log In or Register

HIPAA Breach Results in Highest Settlement in OCR History

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced earlier this month that is has entered into the largest settlement agreement in the history of the Department with Anthem, Inc., the largest Blue Cross and Blue Shield health benefit companies in the country.  Anthem, Inc. agreed to pay $16 million to HHS and take substantial corrective action to settle numerous potential violations of both HIPAA Privacy and Security Rules after it exposed protected health information (PHI) for nearly 79 million people. In March 2015 Anthem filed a breach report with OCR after they discovered that their Information Technology (IT) systems were infiltrated by cyber-attackers who had gained access to their systems after an Anthem employee opened a phishing email.  This email released an undetected continuous persistent threat attack that permitted the cyber-attackers to access their systems from December 2014 through the end of January 2015.  This attack opened access that ultimately resulted in the PHI of nearly 79 million people to be stolen. OCR’s investigation revealed that Anthem failed to conduct an enterprise-wide risk analysis.  Additionally, OCR determined that Anthem “failed to have sufficient policies and procedures to regularly review IT system activity, identify...

This content is available only to AAA members.
Log In or Register

Notice of Proposed Change to OSHA Injury Reporting

Notice of Proposed Change to OSHA Electronic Injury Reporting Regulations The Occupational Safety and Health Administration (OSHA) announced on July 27, 2018 that it has published a Notice of Proposed Rulemaking (NPRM) that would change the Electronic Injury Reporting Regulations (29 CFR Part 1904) for employers with 250 or more employees. OSHA is proposing this change due to a heightened concern that employee Personally Identifiable Information may be at risk of disclosure through the Freedom of Information Act (FOIA). Currently, all EMS employers must submit their annual injury and illness data to OSHA through the Injury Tracking Application (ITA). Historically, employers were required to track all workplace injuries and illnesses and maintain records of those incidents in the workplace on the OSHA Form 300, 301, and 300A. Each year, employers are required to post a Summary of Workplace Injuries and Illnesses on the Form 300A from February 1st through April 30th. In May 2016, OSHA amended the regulations requiring all employers to submit their Form 300A Summary electronically through the Injury Tracking Application (ITA). Employers with 250 or more employees were required to electronically report all injury and illness data from Forms 300, 301, and 300A each year. Initially OSHA...

This content is available only to AAA members.
Log In or Register

Confidential support for AAA member organizations

Confidential support for employees of AAA member organizations As first responders, you regularly bear witness to traumatic events, and you directly experience loss, sadness, and sometimes even frightening violence outside the norm of the human experience. Exposure to trauma can cause emotional reactions for weeks or even months following. If you’re struggling to cope with difficult emotions or dealing with symptoms of an acute stress reaction, the American Ambulance Association can help. Confidential counseling from LifeWorks—At no cost to you. LifeWorks is your employee assistance program (EAP) and well-being resource. We’re here for you any time, 24/7, 365 days a year, with expert advice, resources, referrals to counseling, and connections to specialty providers including substance abuse professionals. Toll-free immediate support by phone if you’re in distress. Up to three face-to-face confidential counseling sessions per issue. Counseling live by video to meet clinical needs and preferences. All counselors are experienced therapists with a minimum Master’s degree in psychology, social work, educational counseling, or other social services field. Onsite CISM Services – Round-the-clock support for critical incidents. If your ambulance service has experienced an employee death, severe vehicle accident, staff suicide, or other traumatic event, AAA is here to help. Email info@ambulance.org...

This content is available only to AAA members.
Log In or Register

Data Privacy

This past January, the AAA hosted a webinar presented by EMS/healthcare Attorneys Matthew Streger, Margaret Keavney, and Rebecca Ragkoski, titled Cybersecurity, Top 10 Considerations in Healthcare and How to Address Them. During this very informative webinar, Matt, Margaret, and Rebecca covered one of the biggest issues facing EMS and other healthcare providers today, data security. If you did not get chance to listen in on this program, it is available on-demand at the AAA website. As highlighted in their webinar, data security and data breach concerns are one of the most frequently encountered issues facing EMS agencies as healthcare providers but also as employers. Ensuring that patient and employee protected health information (PHI) and personally identifiable information (PII) is adequately protected from access or intrusion is critically important. Alabama becomes the 50th state to enact data breach requirements for all individuals and businesses in the state. The Society for Human Resource Management (SHRM) provides a great summary of the new breach requirements in several article resources published this week. The National Conference on State Legislatures is a great resource for learning the laws that apply to your organization. Of course, it is recommended that all members engage a law firm...

This content is available only to AAA members.
Log In or Register

OSHA Injury Reporting

Last year we notified AAA members that they must begin electronically reporting their workplace injury data to OSHA starting December 1, 2017 for 2016. This is just a reminder to all employers can begin electronically reporting their 2017 workplace injury data through the OSHA Injury Tracking Application (ITA). 2017 Injury Data must be submitted to OSHA no later than July 1, 2018. For employers in states that are covered by OSHA approved state level work injury regulations, OSHA has announced on April 30, 2018 that employers in states that have not completed the adoption of a state rule must also report their 2017 injury data through the OSHA ITA. If any member has not set up their account with OSHA on the ITA, we strongly suggest that you do so immediately. The AAA can assist members who need assistance ensuring they are compliant with this reporting requirement....

This content is available only to AAA members.
Log In or Register