OSHA Proposes Heat Injury and Illness Prevention Rule

Posted by Steve Alder

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) has proposed the first federal workplace heat standard to protect millions of Americans from the health risks associated with exposure to extreme heat. Heat is the leading cause of death out of all hazardous weather conditions in the United States and caused an average of 40 workplace fatalities a year between 2011 and 2022. During that period, an estimated 33,890 employees took time off work due to heat-related injuries and illnesses, although the actual number is likely to be significantly higher.

Health-related injuries, illnesses, and fatalities are not only weather-related. Employees working in indoor environments can be exposed to dangerous heat levels if their place of work lacks adequate climate controls, especially in areas where there are heat-generating processes such as ovens and furnaces. Some employees, such as pregnant women, face a greater risk from heat exposure and workers of color and migrant workers are more likely to be employed in locations where they are exposed to hazardous heat levels.

The proposed rule requires employers to develop an injury and illness prevention plan, evaluate heat risks in internal and external work environments, and ensure that steps are taken to reduce the risks to workers. Those measures include making drinking water available, ensuring workers get adequate rest breaks, and implementing measures to control indoor heat. Employers must also develop a plan to protect new and returning workers who may not be accustomed to working in high-heat conditions. Training must be provided to workers to ensure that they are aware of heat risks, and procedures must be developed that can be followed in the event of a worker showing symptoms of health-related illness. If those symptoms are observed, immediate action must be taken to assist those workers.

An initial heat trigger of 80°F requires employers to provide drinking water, a break area at indoor and outdoor worksites, acclimatize new and returning workers, and provide paid breaks if needed. When heat levels rise past the second heat trigger of 90°F, employers must give workers a 15-minute paid rest break at least every 2 hours and display warning signs in areas of excessive heat, among other measures.

A notice of proposed rulemaking (NPRM) will soon be published in the Federal Register, although an unofficial copy of the rule is available here and OSHA has published a fact sheet on the heat standard rulemaking.  OSHA welcomes feedback from the public on the proposed rule once it has been published in the Federal Register. After the comment period closes, OSHA anticipates holding a public hearing ahead of the publication of a final rule. The aim is to issue a final rule that ensures workers are protected, hazards are reduced, and that the measures required are feasible for employers.

“Every worker should come home safe and healthy at the end of the day, which is why the Biden-Harris administration is taking this significant step to protect workers from the dangers posed by extreme heat,” said Acting Secretary of Labor Julie Su. “As the most pro-worker administration in history, we are committed to ensuring that those doing difficult work in some of our economy’s most critical sectors are valued and kept safe in the workplace.”

The post OSHA Proposes Heat Injury and Illness Prevention Rule appeared first on The HIPAA Journal.

Seattle Plastic Surgery Practice to Pay $5 Million to Resolve False Review and Illegal NDA Lawsuit

Posted by Steve Alder

A Seattle, WA, plastic surgery practice has been ordered to pay a financial penalty of $5 million to the Office of the Washington Attorney General to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), Washington Consumer Protection Act (CPA), and the federal Consumer Review Fairness Act (CRFA).

Dr. Javad Sajan, the owner of Allure Esthetic, has offices in Washington and other states and provides surgical and non-surgical plastic and cosmetic surgery procedures operating as Allure Esthetic, Gallery of Cosmetic Surgery, Seattle Plastic Surgery, Alderwood Surgical Center, Northwest Nasal Sinus Center, and Northwest Face and Body.

Washington Attorney General, Bob Ferguson, filed a lawsuit against Allure Esthetic and Dr. Sajan alleging the practice falsified online reviews to inflate the plastic surgeon’s reputation. According to the lawsuit, between 2017 and 2019, Dr. Sajan forced patients to sign illegal non-disclosure agreements that prohibited them from posting any negative online comments about Allure Esthetic. Those non-disclosure agreements were only provided after a $100 non-refundable consultation fee was paid. The non-disclosure agreements also required some patients to waive their HIPAA rights to allow the practice to respond to negative reviews using their personal health information.

Patients who were unhappy with their treatment and posted negative reviews were offered money and free services if they agreed to take down their reviews, and were threatened with fines if they posted negative reviews in the future. Some patients were sued when they refused to take down their truthful reviews. Dr. Sajan was also accused of instructing employees to set up fake email accounts posing as patients to post fake, positive reviews on sites such as Yelp and Google, and altering before and after photographs before they were added to the company’s social media accounts. Dr. Sajan was also accused of rigging “best doctor” competitions hosted by local media outlets, and applying for and retaining tens of thousands of dollars in rebates that should have been provided to patients.

In April 2024, a federal judge ruled that Allure’s non-disclosure agreements violated the Consumer Review Fairness Act (CRFA), which protects consumers’ rights to post truthful reviews about a business, and that Allure Esthetic’s practices violated HIPAA and the CPA. The consent decree issued by the U.S. District Court for the Western District of Washington requires Allure to pay $1.5 million in restitution to around 21,000 Washington residents. Each of those individuals will receive a check for $50 or $120, based on their circumstances. If they were forced to sign a non-disclosure agreement they will receive $50, and if they paid the non-refundable fee, they will receive $120 as a refund of the fee plus interest.

Allure is required to notify all individuals by mail that they will be receiving a check as a result of the Attorney General’s lawsuit and that they have been freed from the terms of their illegal NDAs. Allure must also send them their checks along with a letter from the Attorney General’s Office. The remaining $3.5 million of the settlement will go to the Attorney General’s Office to cover attorneys’ fees, investigation and prosecution costs, future monitoring, and enforcement of the decree and Washington’s consumer protection laws.

Allure is also required to conduct an audit of all review sites and request the removal of any review that Allure was involved in creating, posting, or shaping, and must remove any misleading photographs from its social media platforms. Allure is prohibited from altering future before and after photographs and using and attempting to enforce illegal non-disclosure agreements. Allure must also pay for a third-party forensic accounting company to conduct a full audit of its consumer rebate program to identify all consumers owed rebates that were illegally claimed by Allure.

“Writing a truthful review about a business should not subject you to threats or intimidation,” said AG Ferguson. “Consumers rely on reviews when determining who to trust, especially services that affect their health and safety. This resolution holds Allure accountable for brazenly violating that trust — and the law — and ensures the clinic stops its harmful conduct. We will take action against any business that attempts to silence and intimidate honest Washingtonians.”

The post Seattle Plastic Surgery Practice to Pay $5 Million to Resolve False Review and Illegal NDA Lawsuit appeared first on The HIPAA Journal.

Seattle Plastic Surgery Practice to Pay $5 Million to Resolve False Review and Illegal NDA Lawsuit

Posted by Steve Alder

A Seattle, WA, plastic surgery practice has been ordered to pay a financial penalty of $5 million to the Office of the Washington Attorney General to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), Washington Consumer Protection Act (CPA), and the federal Consumer Review Fairness Act (CRFA).

Dr. Javad Sajan, the owner of Allure Esthetic, has offices in Washington and other states and provides surgical and non-surgical plastic and cosmetic surgery procedures operating as Allure Esthetic, Gallery of Cosmetic Surgery, Seattle Plastic Surgery, Alderwood Surgical Center, Northwest Nasal Sinus Center, and Northwest Face and Body.

Washington Attorney General, Bob Ferguson, filed a lawsuit against Allure Esthetic and Dr. Sajan alleging the practice falsified online reviews to inflate the plastic surgeon’s reputation. According to the lawsuit, between 2017 and 2019, Dr. Sajan forced patients to sign illegal non-disclosure agreements that prohibited them from posting any negative online comments about Allure Esthetic. Those non-disclosure agreements were only provided after a $100 non-refundable consultation fee was paid. The non-disclosure agreements also required some patients to waive their HIPAA rights to allow the practice to respond to negative reviews using their personal health information.

Patients who were unhappy with their treatment and posted negative reviews were offered money and free services if they agreed to take down their reviews, and were threatened with fines if they posted negative reviews in the future. Some patients were sued when they refused to take down their truthful reviews. Dr. Sajan was also accused of instructing employees to set up fake email accounts posing as patients to post fake, positive reviews on sites such as Yelp and Google, and altering before and after photographs before they were added to the company’s social media accounts. Dr. Sajan was also accused of rigging “best doctor” competitions hosted by local media outlets, and applying for and retaining tens of thousands of dollars in rebates that should have been provided to patients.

In April 2024, a federal judge ruled that Allure’s non-disclosure agreements violated the Consumer Review Fairness Act (CRFA), which protects consumers’ rights to post truthful reviews about a business, and that Allure Esthetic’s practices violated HIPAA and the CPA. The consent decree issued by the U.S. District Court for the Western District of Washington requires Allure to pay $1.5 million in restitution to around 21,000 Washington residents. Each of those individuals will receive a check for $50 or $120, based on their circumstances. If they were forced to sign a non-disclosure agreement they will receive $50, and if they paid the non-refundable fee, they will receive $120 as a refund of the fee plus interest.

Allure is required to notify all individuals by mail that they will be receiving a check as a result of the Attorney General’s lawsuit and that they have been freed from the terms of their illegal NDAs. Allure must also send them their checks along with a letter from the Attorney General’s Office. The remaining $3.5 million of the settlement will go to the Attorney General’s Office to cover attorneys’ fees, investigation and prosecution costs, future monitoring, and enforcement of the decree and Washington’s consumer protection laws.

Allure is also required to conduct an audit of all review sites and request the removal of any review that Allure was involved in creating, posting, or shaping, and must remove any misleading photographs from its social media platforms. Allure is prohibited from altering future before and after photographs and using and attempting to enforce illegal non-disclosure agreements. Allure must also pay for a third-party forensic accounting company to conduct a full audit of its consumer rebate program to identify all consumers owed rebates that were illegally claimed by Allure.

“Writing a truthful review about a business should not subject you to threats or intimidation,” said AG Ferguson. “Consumers rely on reviews when determining who to trust, especially services that affect their health and safety. This resolution holds Allure accountable for brazenly violating that trust — and the law — and ensures the clinic stops its harmful conduct. We will take action against any business that attempts to silence and intimidate honest Washingtonians.”

The post Seattle Plastic Surgery Practice to Pay $5 Million to Resolve False Review and Illegal NDA Lawsuit appeared first on The HIPAA Journal.

HIPAA Transactions and Code Sets Rules

Posted by Steve Alder

The HIPAA transactions and code sets rules have the objective of replacing non-standard descriptions of healthcare activities with standard formats for each type of activity in order to streamline administrative processes, lower operating costs, and improve the quality of data.

During the 1970s and 1980s, an increasing number of organizations in the healthcare and health insurance industries adopted Electronic Data Interchanges (EDIs) to accelerate manual healthcare processes such as eligibility checks, treatment authorizations, and remittance advices. However, many organizations developed proprietary transaction and code set formats to describe specific healthcare activities based on the formats used for internal operations.

Consequently, prior to the passage of HIPAA, it was estimated there were up to 400 proprietary formats in use. Acknowledging this would be a barrier to the objectives of the Administrative Simplification Regulations, Congress instructed the Secretary of Health and Human Services (HHS) to adopt standard HIPAA transactions and code sets rules for health plans, health care clearinghouses, and healthcare providers that transmitted health information electronically.

HIPAA Transactions and Code Sets Rules Adopted Quickly

At the time, most federal agencies and larger private organizations had adopted formats based on the ICD-9-CM and ASC X12N classification systems for diseases and medical data elements (i.e., diagnoses, procedures, and drugs). Indeed, many of the classification systems that would eventually be adopted as the HIPAA transactions and code sets rules were already mandated for use in some federal and state healthcare programs – including Medicare and Medicaid.

Because the adoption of standard formats was at an advance stage, it did not take long for proposed HIPAA transactions and code sets rules to be published (May 1998), and for the rules to be finalized (August 2000). The rules omitted code sets for health claims attachments and first report of injury transactions (which are still “deferred”), but included code sets for coordination of benefits transactions. The list of HIPAA transactions for which code sets apply are:

Payment and Remittance Advice and Electronic Funds Transfer.

Health Care Claims Status.

Health Plan Eligibility Benefit Inquiry and Response.

Claim or Equivalent Encounter Information.

Health Plan Enrollment and Disenrollment.

Referral Certification and Authorization.

Health Plan Premium Payments.

Coordination of Benefits.

The Standards for Code Sets are Updated Frequently

While the only change to the list of transactions was the addition of code sets for Medicaid pharmacy subrogation transactions in January 2009, the standards for the code sets used in HIPAA transactions are updated frequently. For example, ICD-9-CM code sets were replaced by ICD-10-CM in October 2015, Healthcare Common Procedure Coding System (HCPCS) code sets are updated quarterly, and the National Drug Code Directory is updated daily.

In addition, since January 2014, health plans have had to comply with the HIPAA Operating Rules as required by §1104 of the Patient Protection and Affordable Care Act. The HIPAA Operating Rules place additional requirements on health plans to provide quicker, more complete responses to healthcare providers when healthcare providers make inquiries about individuals’ eligibility for benefits, claim statuses, fund transfers, and remittance advices.

How Compliance with the Rules is Enforced

Compliance with the HIPAA transactions and code sets rules is enforced by HHS’ Centers for Medicare and Medicaid Services (CMS). CMS has the authority to investigate complaints made by covered entities when another covered entity is using incorrect transaction codes or HIPAA identifiers, or not complying with the HIPAA Operating Rules. Covered entities can test compliance with the HIPAA transactions and code sets rules and file complaints via CMS’ ASETT portal.

If a complaint is investigated and found to be justified, CMS has the same enforcement powers as HHS’ Office for Civil Rights. This means CMS can impose corrective action plans or civil money penalties for compliance failures. In addition, via HHS’ Office of Inspector General, CMS can also exclude healthcare providers from federal healthcare programs if the failure to comply with the HIPAA transactions and code set rules is attributable to fraud, theft, abuse, neglect, or an unlawful activity.

The post HIPAA Transactions and Code Sets Rules appeared first on The HIPAA Journal.