CMS Updates Policy to Allow Texting Patient Information and Patient Orders

Posted by Steve Alder

The Centers for Medicare and Medicaid Services (CMS) at the Department of Health and Human Services (HHS) has updated its policy on texting patient information between members of the care team and texting patient orders. Clinical teams are now permitted to text patient information provided they use a HIPAA-compliant texting platform to do so, and provided they are in compliance with the Conditions of Participation (CoPs). The CMS also permits the texting of patient orders.

In January 2018, the CMS issued a QSO-19-10-Hospital, CAHs Revised memorandum – Texting of Patient Information among Healthcare Providers in Hospitals and Critical Access Hospitals (CAHs) – acknowledging that many hospitals had adopted a secure text messaging platform for communicating among hospital and CAH team members; however, the CMS stated that texting patient orders from a provider to a member of the care team was not compliant with the CoPs due to concerns about privacy, record retention, and the confidentiality, security, and integrity of systems at the time. When the memorandum was written, most hospitals did not have the capability to use secure text messaging platforms to incorporate messages into electronic health records (EHRs). Improvements in technology over the past 6 years, such as the use of encryption, ensure that sensitive health information can be transmitted and stored securely and advances in technology, especially the application interface capabilities of text messaging platforms, allow data to be transferred into EHRs.

While texting patient orders is now permitted, Computerized Provider Order Entry (CPOE) is the preferred method of order entry by a provider. If an order is entered via CPOE and immediately downloaded into the hospital’s or CAH’s EHR system, it is permitted under the CoPs because the order is dated, timed, authenticated, and promptly placed in the medical record. However, providers must utilize and maintain systems/platforms that are secure and encrypted. They must ensure the integrity of author identification and minimize risks to patient privacy and confidentiality, as required by HIPAA.

In addition, procedures and processes should be implemented that routinely assess the security and integrity of the texting systems/platforms to avoid negative outcomes that could compromise the care of patients. Any provider that opts to incorporate texting patient information or orders into the EHR should ensure that the platform is compliant with the requirements of the HITECH Act and HIPAA.

The post CMS Updates Policy to Allow Texting Patient Information and Patient Orders appeared first on HIPAA Journal.

OSHA Recordkeeping and Reporting Requirements Explained in Two Webinars

Posted by Steve Alder

The Occupational Safety and Health Administration (OSHA) is hosting two webinars in February that explain the OSHA recordkeeping and reporting requirements. The first, this Wednesday, will explain the process for  submitting workplace injury and illness data through OSHA’s online Injury Tracking Application.

The second webinar, on February 28, will be an overview of the OSHA recordkeeping and reporting requirements that will include information about the most common recordkeeping and reporting mistakes made by employers and provide tips on how employers can effectively audit their recordkeeping program.

What Are the OSHA Recordkeeping and Reporting Requirements?

The OSHA recordkeeping and reporting requirements are covered in §1904 of the OSHA Standards. This standard requires all qualifying employers to maintain a log (Form 300) of serious work-related injuries and illnesses (as defined in §1904.4) and post a summary of the log (Form 300A) in a conspicuous place in the workplace by February 1 of the following year.

In addition, the information on the summary Form 300A must be submitted to OSHA. Since 2017, all qualifying employers under Federal OSHA have had to submit the information via OSHA’s Injury Tracking Application which allows information to be uploaded manually, via a CSV file, or via an API. The 2024 deadline for submitting data to OSHA is March 2, 2024.

Who is Required to Comply with the OSHA Requirements?

Since January 2024, all employers with 250 or more employees are required to maintain a log of serious workplace injuries and illnesses and submit a summary to OSHA each year. Employers with 20-249 employees in certain industries with traditionally high rates of workplace injuries and illnesses are subject to the same OSHA recordkeeping and reporting requirements.

However, all employers under OSHA jurisdiction of any size and of any activity must report workplace fatalities (within 8 hours) and any injuries that result in an in-patient hospitalization, an amputation, or the loss of an eye (within 24 hours). Employers that fail to comply with any of the OSHA recordkeeping and reporting requirements can be fined up to $16,131 per violation.

How the Webinars Should Help

According to OSHA, the administrative burden of complying with the annual reporting requirements should be less than one hour per year. However, many employers have reported that the process of calculating the required injury and illness incidence rates, transferring the data to Form 300A, and uploading the information via the Injury Tracking Application can take longer.

OSHA hopes to reduce the administrative burden by explaining in its webinars how best to use the Injury Tracking Application to upload 2023 data  and how to avoid the most common recordkeeping and reporting mistakes that can extend the time it takes to upload the data or require the data to be resubmitted.

OSHA Webinar Information

February 14, 9-10:15 a.m. EST: This presentation will explain the process for electronically submitting 2023 workplace injury and illness data through OSHA’s online Injury Tracking Application.

February 28, 9-10:15 a.m. EST: This presentation will be an overview of OSHA’s recordkeeping requirements and address common mistakes made by employers, incentive and disincentive programs, and tips on how an employer can effectively audit their recordkeeping program.

Employers interested in learning more about the OSHA recordkeeping and reporting requirements can register for both free webinars via this link.

Related Content

When Should the OSHA Annual Summary be Posted?

What is an OSHA Safety Walkthrough List?

OSHA Publishes 7 Year Lookback Report

What is OSHA Certification?

Who is Covered by OSHA?

The post OSHA Recordkeeping and Reporting Requirements Explained in Two Webinars appeared first on HIPAA Journal.

Coalition of Attorneys General Petition OSHA to Adopt Emergency Temporary Standard for Extreme Heat

Posted by Steve Alder

The Occupational Safety and Health Administration (OSHA) has been petitioned by a coalition of 11 state attorneys general to implement an Emergency Temporary Standard to protect workers from excessive heat exposure on the job. The coalition is led by New York Attorney General Letitia James, who was joined by the state attorneys general from Arizona, Colorado, Connecticut, Illinois, Maine, Maryland, Massachusetts, New Jersey, Pennsylvania, and the District of Columbia.

The Centers for Disease Control and Prevention (CDC) has warned that extreme summer heat is becoming much more common, and climatologists predict that extreme heat events will increase in the coming years due to climate change. National Center for Health Statistics data shows that 1,700 people died from heat-related injuries in 2022 compared to 454 in 2000 and each year, 170,000 workers are made sick, injured, or killed due to exposure to excessive heat in the workplace.

Employers can’t change the weather but they can prevent injuries from extreme heat in the workplace. Some U.S. states have laws governing exposure or extreme heat in the workplace, and the Occupational Safety and Health Act of 1970 requires employers to provide a place of employment free from recognized hazards, but there is no federal law that specifically applies to extreme heat exposure. OHSA has uploaded information to its website on “Working in Outdoor and Indoor Heat Environments,” which educates employers and individuals about the dangers of working in hot environments, but the state attorneys general want OHSA to take action.

The state attorneys general wrote to Julie Su, Acting Secretary of Labor, and Douglas L. Parker, Assistant Secretary of Labor for Occupational Safety and Health at the United States Department of Labor calling for them to promulgate an emergency temporary standard for extreme heat beginning May 1, 2024, which should cover, at a minimum, farmworkers, and construction workers. OSHA has previously acknowledged that the enforcement of heat hazards under the General Duty Clause of the Occupational Safety and Health Act is difficult as there is no defined heat standard. It is therefore necessary for OSHA to prove on a case-by-case basis that a heat hazard existed in the workplace when the injury or fatality occurred. Employers have also not been provided with specific guidance on what constitutes a heat hazard under the Act. An emergency temporary standard would give OSHA stronger enforcement power and would provide employers with specific requirements and guidelines for protecting workers from extreme heat.

OSHA has been urged to issue an emergency temporary standard for occupational heat exposure that applies when the heat index reaches 80°F, after which point there are increased rates of serious heat-related illnesses. In an announcement about the petition, Attorney General James listed 5 cases of heat-related deaths in the workplace in the United States in the summer of 2023. The attorneys general are also calling for Congress to pass – and President Biden to sign – the Asunción Valdivia Heat Illness, Injury, and Fatality Prevention Act, which directs OSHA to establish short- and long-term measures to protect workers from extreme heat. Asunción Valdivia, was a farmworker who died of heatstroke after picking grapes for 10 hours in extreme heat.

The post Coalition of Attorneys General Petition OSHA to Adopt Emergency Temporary Standard for Extreme Heat appeared first on HIPAA Journal.

Dentist Sentenced for Theft of $8.5 Million from Medicaid

Posted by Steve Alder

A former Maryland dentist has been sentenced for practicing dentistry without a license and fraudulently billing Medicaid for $8.5 million. Seyed Hamid Tofigh, 57, of Potomac, MD, used the names, provider numbers, and professional credentials of four licensed dentists to submit claims to the Maryland Medicaid program, which is a state-run program that provides healthcare benefits to low-income individuals. The majority of Tofigh’s patients were children.

Tofigh had been a licensed dentist since September 1994 and operated several dental practices with two of his brothers. By 2015, the brothers had separated their ownership of the practices and Tofigh retained ownership of Greenbelt Family Dentistry in Greenbelt, MD, and Rockville Family Dentistry in Rockville, MD. In 2014, after receiving several complaints from patients, the Maryland Board of Dental Examiners suspended Tofigh’s license to practice dentistry due to there being a substantial likelihood that he posed a risk of harm to public health, safety, and welfare. In 2015, after a continued investigation, his license was revoked. The Maryland Board of Dental Examiners found Tofigh kept “consistently incompetent and egregiously deficient” dental records, provided incompetent and substandard treatment, billed for services that he never provided, and engaged in unprofessional and dishonorable conduct.

From 2015 through January 2023, Tofigh continued to practice dentistry on Medicaid recipients, but since he was not able to personally bill Medicaid for his services, used the stolen identities of other dentists – two of his brothers, a nephew, and a former colleague – to submit claims. Tofigh continued to provide substandard treatment, billed for procedures that were not performed, conducted unnecessary procedures such as extractions, fillings, and root canal treatments, and intimidated and bullied patients who complained.

On February 6, 2024, Tofigh pleaded guilty to one count of defrauding a state health plan (Medicaid) and one count of practicing dentistry without a license. The Honorable Carol Ann Corderre of the Circuit Court for Prince George’s County sentenced Tofigh to 5 years in jail, with all but 78 days suspended. Tofigh was placed on home detention for 18 months and will serve 5 years of probation for the Medicare fraud count. Tofigh was also sentenced to serve 1 year in jail and a five-year probation term for practicing dentistry without a license. The jail term was suspended, and the two sentences will run consecutively. Tofigh has been prohibited from providing healthcare services that are partially or wholly funded by state or federal governments and must permanently surrender his Maryland dental license. He has also been ordered to pay $8.5 million in restitution within 12 months, of which $4.5 million has already been paid.

“This case revealed a complex healthcare fraud scheme that not only drained taxpayer dollars away from our State’s Medicaid program but also placed Dr. Tofigh’s young patients in real danger,” said Attorney General Brown. “By stopping Dr. Tofigh, my office continues in its commitment to protecting patients and ensuring the integrity of State programs remains intact.”

The post Dentist Sentenced for Theft of $8.5 Million from Medicaid appeared first on HIPAA Journal.