Healthy Together Announces Successful Completion of SOC 2 Audit – Clayton County Register
Healthy Together Announces Successful Completion of SOC 2 Audit Clayton County Register
What does OSHA Regulate? – HIPAA Journal
What does OSHA Regulate? HIPAA Journal
What does OSHA Regulate?
The Occupational Safety and Health Administration (OSHA) is responsible for the regulation and enforcement of safety and health standards in most private and public workplaces in the United States. Key areas that OSHA regulates include:
- Safety Standards
- Hazard Communications
- Recordkeeping and Reporting
- Training and Education
- Inspections and Enforcement
- Emergency Preparedness and Response
- Whistleblower Protections
Overview of OSHA Regulation
OSHA is best known for setting and enforcing workplace safety and health standards. These standards include rules and regulations concerning the use of personal protective equipment (PPE), fall protection, and the safe handling of hazardous materials.
The agency requires employers to inform and train employees about hazards in the workplace, safe handling procedures, and emergency protocols. This includes the use of Safety Data Sheets (SDSs) and the proper labeling of hazardous substances.
With regard to recordkeeping and reporting, employers must maintain records of work-related injuries and illnesses, submit annual summaries of the injuries and illnesses, and report serious incidents such as fatalities and injuries resulting in hospitalization.
OSHA provides training programs and educational resources to enhance employer and employee knowledge of occupational safety and health. These include outreach programs that recognize exemplary safety and health programs that result in fewer days lost to injury and illness than the national average.
Enforcement, Emergency Preparedness, and Whistleblower Protections
OSHA is most often alerted to potential non-compliance with safety and health standards via injury reports, worker complaints, and referrals from state and federal agencies. OSHA conducts workplace inspections according to a “system of priorities” to ascertain adherence to its standards. If violations are identified, OSHA has the authority to issue citations and fines.
Outside of its regulatory responsibilities for individual organizations, OSHA develops, regulates, and orchestrates safety and health practices for multiple response organizations in emergency situations. Response organizations can sometimes be overwhelmed in large-scale events such as extreme weather events, and OSHA has the authority to take control of emergency response if required.
Finally, OSHA’s Whistleblower Protection Program enforces the whistleblower provisions of more than 20 statutes. In addition to protecting whistleblowers against retaliation for reporting safety and health violations, the Program protects employees who report issues relating to consumer products, the environment, health insurance reform, food safety, and motor vehicle safety.
What does OSHA Regulate? Conclusion
OSHA regulates many aspects of workplace safety and health – not only in the private sector but in some public sector workplaces as well. Because it is important for businesses to understand which standards may apply to their activities, we have compiled an OSHA compliance checklist that provides more information about OSHA and the OSHA requirements for employers.
Businesses that require further information – or who need help to comply with OSHA’s safety and health standards – should reach out to OSHA via the agency’s website or seek independent compliance advice.
The post What does OSHA Regulate? appeared first on HIPAA Journal.
VUMC Faces Lawsuit Over Disclosure of Medical Records of … – HIPAA Journal
VUMC Faces Lawsuit Over Disclosure of Medical Records of Transgender Patients to State AG
Vanderbilt University Medical Center (VUMC) in Nashville, TN, has confirmed that the medical records of transgender patients have been provided to Tennessee Attorney General, Jonathan Skrmetti, in connection with an investigation of medical billing fraud.
According to AG Skrmetti’s Chief of Staff, Brandon Smith, the medical records were requested as part of an investigation into medical billing fraud focused on VUMC and related healthcare providers, rather than patients. The AG’s office has not explained the nature of the fraud investigation to ensure the integrity of the investigative process.
VUMC has provided gender-affirming care to minors since 2018 and typically performs around 5 surgeries a year. VUMC said all procedures, none of which were genital procedures, were performed on minors over 16 years of age with parental consent. On Tuesday this week, VUMC confirmed that it provided patient records to the state Attorney General after receiving two civil investigative demands (CIDs); a move that has resulted in considerable backlash from the LGBTQ+ community. “The Tennessee Attorney General has legal authority in an investigation to require that VUMC provide complete copies of patient medical records that are relevant to its investigation. VUMC was obligated to comply and did so,” said VUMC spokesperson, John Howser.
Concerns have been raised about the disclosures in light of the soon-to-be-introduced ban on gender-affirming care for minors in Tennessee. The state law is due to take effect on July 1, 2023, and will prevent doctors from providing gender-affirming care to individuals under the age of 18. The law has been challenged and while the ban was partially blocked, prohibiting surgical procedures on minors but allowing puberty blockers and hormone therapies to be prescribed, the 6th Circuit Court of Appeals lifted that block, reinstating the ban on all gender-affirming care for minors.
Since the VUMC announcement, several individuals have taken to social media platforms alleging the medical record disclosures violated HIPAA and patient privacy. HIPAA places restrictions on disclosures of medical records but permits disclosures in response to “an administrative request, including an administrative subpoena or summons, a civil or an authorized investigative demand, or similar process authorized under law.” In such cases, the information provided must be relevant to the inquiry and if de-identified protected health information could not reasonably be provided. VUMC has not confirmed how many records were disclosed in response to the CIDs but said the records requested by the Attorney General dated back to 2018 and that the patients concerned had been enrolled in TennCare insurance plans. The individuals concerned were notified by VUMC that their records had been provided to the state Attorney General as part of a civil investigation.
HIPAA permits but does not require healthcare providers to disclose patient data and VUMC has been criticized for not making a stand, although refusing the request would only likely have delayed the disclosures. The affected patients are fearful that regardless of the outcome of the fraud investigation, the Attorney General’s office will still have a list of individuals who have received gender-affirming care. Brandon Smith expressed concern about the decision of VUMC to make the disclosures public knowledge, stating “We are surprised that VUMC has deliberately chosen to frighten its patients like this,” and claimed the VUMC investigation has been running since September 2022 and VUMC has been providing information pertinent to the investigation since December 2022.
The medical record disclosures have prompted a class action lawsuit by two of the affected patients who allege VUMC was aware that the state has been targeting the transgender community, yet still provided patient records to the Attorney General and violated the HIPAA Rules by doing so. The lawsuit claims VUMC disclosed the information of 106 individuals, including individuals “on the state employees’ health plan and their family members, and people who receive their health care through TennCare,” as well as the information of some individuals who were not VUMC Transgender Health Clinic patients. According to the lawsuit, an additional CID was issued for all communications between VUMC’s Dr. Melissa Ciperski and others working at Centerstone regarding or related to a potential gender dysphoria diagnosis of a person receiving mental health treatment at Centerstone.
The lawsuit, filed by the law firm Herzfeld, Suetholtz, Gastel, Leniski & Wall, and Abby Rubenfeld, takes issue with the amount of data provided, which included highly sensitive health information including photographs of genitalia, private communication with clinicians, sexual histories, and the identities of intimate partners, and the failure to provide de-identified information in response to the CIDs.
The post VUMC Faces Lawsuit Over Disclosure of Medical Records of Transgender Patients to State AG appeared first on HIPAA Journal.
The Consumer Health Data Amendments to the Connecticut Data … – JD Supra
A health system tests virtual reality to help train nurses – STAT
Suit: AG Had Target List of Transgender Patients – Nashville Scene
Suit: AG Had Target List of Transgender Patients Nashville Scene