OSHA Forms Alliances with Organizations to Improve Workplace Safety and Health in Healthcare

Posted by Steve Alder

The Occupational Safety and Health Administration (OSHA) has announced that five organizations and businesses nationwide have signed or renewed alliance agreements with OSHA to provide workers with access to accurate and up-to-date information on their legal and fundamental rights, and guidance and training resources on workplace safety and health. By forming alliances, these businesses and organizations can better focus on hazards in ways that are specific to their industries and workplaces. These organizations and businesses will work with OSHA on initiatives in Missouri, Kansas, North Carolina, Montana, and Nebraska.

The agreement between OSHA Billings Area Office and the Marsh McLennan Agency Northwest Region (MMA NWR) will provide around 10,000 MMA NWR clients and others with information, guidance, and access to training resources to help them protect the health and safety of workers in healthcare and other industries. The aim of the alliance is to develop effective training and education programs to reduce and prevent exposure to hazards specific to each industry and help ensure that employees understand the rights of workers and the responsibilities of employers under the Occupational Safety and Health (OSH) Act.

The agreement between the OSHA Region VII, Kansas City, Omaha, Saint Louis, Wichita Area Offices, and the National Association of Health Care Assistants (NAHCA) is focused on sharing information about workplace safety in Missouri, Nebraska, and Kansas. Employers and employees will be provided with information, guidance, and access to training resources that will help them protect workers by reducing and preventing exposure to safety and health hazards, and improve education about workers’ rights and employer responsibilities under the OSH Act.

The alliance will share information on OSHA’s National/Regional/Local initiatives, occupational safety and health laws and standards, information on the recognition and prevention of workplace hazards, and will promote safety and health best practices. Forums, roundtable discussions, or stakeholder meetings on safety and health hazards in the healthcare industry will be convened or participated in to help forge innovative solutions in the workplace or to provide input on safety and health issues. OSHA will provide technical support and health and safety information to help with the development of effective training and education programs for certified nursing assistants (CNAs) and their employers.

The other alliances are focused on promoting workers’ rights for Mexican Nationals in Missouri and Kansas, sharing information about safe excavation and trenching work in Missouri, and sharing safety best practices between OSHA and the Navy Fleet Readiness Center East in North Carolina.

“The most effective way to protect workers is for every employer to embrace safety and health as a core value in their workplaces,” said Doug Kalinowski, director of Cooperative and State Programs at OSHA. “These alliances from across the country and in various industries show that these employers have made worker safety and health a core value and are leaders in workplace safety.”

The post OSHA Forms Alliances with Organizations to Improve Workplace Safety and Health in Healthcare appeared first on HIPAA Journal.

462,000 Hawaiians Affected by Data Breach at Navvis & Company

Posted by Steve Alder

Approximately 462,000 individuals who enrolled in health plans through the Hawaii Medical Service Association (HMSA) have been affected by a data breach at the St. Louis, MO-based business services provider Navvis & Company. Navvis & Company detected unauthorized activity within its systems on July 25, 2023, and the forensic investigation confirmed that an unauthorized third party had access to its systems between July 12, 2023, and July 25, 2023, and exfiltrated sensitive information.

Navvis & Company mailed notification letters to the affected health plan enrollees last month. The information exposed in the incident included names, dates of birth, health plan information, medical treatment information, medical record numbers, patient account numbers, case identification numbers, provider and doctor information, and health record information. The affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Navvis & Company reported the breach to OCR as affecting 917 individuals, with the affected clients mostly choosing to report the breach themselves. As such the total number of individuals affected is not known. Other affected clients included SSM Health.

Atlanta Women’s Health Group Notifies 30,000 Patients About April 2023 Cyberattack

Atlanta Women’s Health Group has notified approximately 30,000 patients that their protected health information was stolen in a cyberattack that was detected on April 12, 2023. Third-party cybersecurity experts were engaged to investigate the extent of the breach and an extensive data mining exercise was conducted to determine the individuals affected and the types of data involved.

Atlanta Women’s Health Group said for the majority of patients, the exposed data was limited to names, dates of birth, patient ID numbers, and other information that may be contained in medical records. It was not possible to tell which specific types of information were accessed or acquired. The review was time-intensive, hence the delay in issuing notification letters. Following the attack, Atlanta Women’s Health Group worked with outside security consultants to implement additional cybersecurity measures to prevent further attacks. While data theft occurred, Atlanta Women’s Health Group said it is unaware of any misuse of patient data.

Coastal Hospice & Palliative Care Confirmed PHI Exposure in July Cyberattack

Coastal Hospice & Palliative Care in Salisbury, MD, has confirmed that the protected health information of 29,100 individuals was potentially compromised in a July 2023 cyberattack. The attack was detected on July 24, 2023, when its network was disrupted. Cybersecurity experts were engaged to investigate the incident and assist with the recovery process.

The review of the files on the affected part of the network was completed on November 20, 2023, and confirmed that the following information had been exposed and was potentially obtained by the attackers: name, Social Security number, date of birth, medical diagnosis information, individual health insurance policy number, physician or medical facility information, medical condition or treatment information and patient account number. Coastal Hospice & Palliative Care said the incident was reported to the Federal Bureau of Investigation and steps have been taken to improve security to prevent similar incidents in the future.

The post 462,000 Hawaiians Affected by Data Breach at Navvis & Company appeared first on HIPAA Journal.