First Annual Report to Congress on BreachesHHS has provided the first report to Congress on breaches as required by Section 13402(i) of the HITECH Act and the report provides some very interesting information on breaches which have occurred in 2009 and 2010. The definition of breach is clearly defined in the report presented in August 2011 and prepared by the Office for Civil Rights a department of Health and Human Services.

“Breach is defined as the acquisition, access, use, or disclosure of protected health information in a manner not permitted by the HIPAA Privacy Rule which compromises the security or privacy of the protected health information.” Once a breach is identified, appropriate patient reporting must occur in addition to notification to Health and Human Services and in some cases, notification to local media outlets.

ReasonsforBreachesImpacting500orMoreIndividuals• Theft of laptop, desktop, portable electronic

device and paper records.

• Loss of electronic media or paper records containing protected health information such as unencrypted back-up tapes.

• Unauthorized access to, use, or disclosure of protected health information which included hacking into network and phishing scheme allowing access to log-in information.

• Human error examples included a covered entity who returned 20 leased copy machines with hard drives which were sold by the wholesale company without the hard drives being cleansed or removed.

• Improper disposal.

The total number of large breaches is astounding especially as you tie it to the number of people impacted.

ReasonsforBreachesimpactingFewerThan500IndividualsThe most common occurrence was related to misdirected communications and typically affected only one individual.

• Clinical or claims record of one individual was mistakenly mailed or faxed to another individual.

• Test results were sent to the wrong patient.

• Files were attached to the wrong patient record.

• Emails were sent to the wrong addresses.

Much can be learned from these examples and practices can take steps to reduce the likelihood of a breach occurring. HHS actually identified action items in the report to assist in the prevention of these significant patient events.

Outlined below are a few of the items HHS listed that you may want to consider as you look at protection of patient information in your practice.

• Perform and/or review risk assessment.

• Evaluate and revise business associate contracts to clearly outline required protection for confidential information.

• Training or retraining workforce members who handle protected health information.

•

•

•

www.TotalMedicalCompliance.com

ReasonsforBreachesimpactingFewerThan500IndividualsCONT.• Improving physical security by installing

new security systems or by relocating equipment or records to a more secure area.

• Adopting encryption technologies.

• Imposing sanctions on workforce members who violated policies and procedures such as removing protected health information from the facility against policy, and unauthorized access.

292 separate incidences impacting 7.8 millionindividuals!But, these numbers are only for three months in 2009 and 2010. Already in 2011 there have been significant events impacting millions of individuals. We are entrusted with very personal information on a daily basis and it is our obligation to protect that information. Once information has been breached, reporting must occur which will be costly to the practice, but more importantly the trust patients have in your practice will be diminished.

Article continued on Page 2

NOV 2011888.862.6742WWW.TOTALMEDICALCOMPLIANCE.COM

P1

FIRST ANNUAL REPORT TO CONGRESS ON BREACHESPAGE 1 & 2

NEW HOURS FOR TMCPAGE 2

IS GLUTARALDEHYDE UTILIZED IN YOUR OFFICE?PAGE 2

HIPAA AUDITS TO COMEPAGE 3

GO GREEN! - WITH TMC’S EMAIL NEWSLETTERPAGE 3

IS INFECTION CONTROL A PRIORTY?PAGE 3

AGAPE DENTAL MINISTRYPAGE 3

WORKPLACE VIOLENCE...ARE YOU SAFE? PAGE 4

3D PPE – DONNING, DUFFING, AND DISPOSAL PAGE 4

IN THIS ISSUE

NOV 2011888.862.6742WWW.TOTALMEDICALCOMPLIANCE.COM

crucial. Gloves, splash proof goggles or safety glasses with full face shields, gowns, lab coats and aprons with sleeves should be considered for short intervals of exposure. Keep in mind that nitrile gloves are recommended while Polyvinyl chloride (PVC), neoprene, and latex gloves are not.

If for some reason an employee should receive a splash to the eye(s), flushing with water is recommended for at least 15 minutes. Additional in the OSHA document Best Practices for Use of Glutaraldehyde in Healthcare, which can be found at www.osha.gov/Publications/glutaraldehyde.pdf an eyewash should be located within a 10 second walk from the area of chemical use. Also, In the event of a spill, review the manufacturer’s recommendations on how to clean up a spill and refer to the appropriate MSDS. For a small spill (less than 1 gallon) a mixture of half ammonia and half water may be utilized to deactivate the chemical. Wipe off the deactivated chemical with an absorbent sponge, towel or mop, being sure to thoroughly rinse after use.

Of course we cannot mention glutaraldehyde without discussing infection control so make sure you are using test strips and documenting results each day of use to ensure the concentration levels are adequate. When purchasing test strips you want to make sure they coincide with the concentration level of the product you are using. For example, if you have a 2.4% solution, the test strips should test for that percentage. With that said, remember that the solution is in a secondary container and should be labeled according to the labeling requirements.

In working with our clients we often ask: do you need to use this product or is there a safer alternative which creates a safer work environment? Additional methods to reduce health risk to employees include replacing the products with less harmful FDA approved chemicals (Cidex OPA, Sporox II, Compliance, or Sterilox), switching to disposable instruments where applicable, and using automatic processors or even consider moving ahead to digital radiography. There is much discussion about going green, and what is eco-friendly but we also must consider what is employee-friendly.

First Annual Report to Congress on Breaches Continued from Page 1In fact, a recent survey of approximately 10,000 individuals by Fair Warning provided the following information about patient expectations and perceptions related to sensitive patient information and breach reporting.

• 85.2 percent of participants indicated that if they had a sensitive medical condition, a care provider’s reputation for protecting privacy would influence their choice to seek care from that provider.

• 27.1 percent of patients stated they would withhold information from their care provider based on privacy concerns.

• 58.8 percent of patients report that their belief that their care provider keeps their information private influences their choice to seek care from that provider.

• 84 percent of patients noted a provider’s reputation influences their choice to seek care from that provider. 64.1 percent of patients indicated that if their care provider suffered a privacy breach and the patient learned of the breach in the media, they would no longer seek care from this provider while 19.1 percent of patients indicated that if their care provider suffered a privacy breach and the patient learned of the breach from the provider first, they would no longer seek care from this provider.

For the full report go to: www2.idexpertscorp.com/assets/uploads/Fairwarning_survey_on_privacy.pdf

Take a few minutes today to look at how you are protecting patient information both in written and electronic format in order to ensure the safety of patients and your practice.

For additional information on the HITECH Rules and how the rules impact your practice and the required changes for Business Associates join TMC for complimentary webinars. Information about these sessions can be obtained by going to www.totalmedicalcompliance.com and clicking on FREE Webinars on the right hand side of the page.

P2

Is Glutaraldehyde Utilized in Your Office? The Hazard Communication Standard clearly outlines the employee’s right to know the chemicals they work with and the associated hazards. Glutaraldehyde is a chemical most widely recognized in the healthcare industry for its use as a chemical sterilant and high-level disinfectant. This chemical makes it possible to disinfect heat-sensitive equipment such as endoscopes, bronchoscopes, dialysis equipment and reusable plastic devices in dentistry. It is also used as a tissue fixative in labs and a hardener in x-ray developing chemicals to expedite film drying time.

Glutaraldehyde is an irritant which poses significant health risks. The signs of exposure are many, and may include contact dermatitis, occupational asthma, itching of the eyes, rhinitis and headaches. Identifying sources of exposure to glutaraldehyde in your practice is the first step in creation of a safety plan. Common tasks that may put you in the exposure zone may include:

• Activating and pouring the chemical into or out of a cleaning container system

• Processing x-ray films

• Opening the cleaning container system to add to or remove instruments

• Flushing out instrument parts with a syringe

As outlined in the Hazardous Communication Plan, Material Safety Data Sheets (MSDS) need to be readily accessible so employees can learn about products they are working with. The MSDS is where you will find information such as health hazards, storage and handling precautions, recommended personal protective equipment, and spill clean-up instructions. Additionally, manufacturer guidelines/product labels should be read and thoroughly understood prior to use of the product.

While OSHA does not have a Permissible Exposure Limit for glutaraldehyde, the National Institute for Occupational Safety and Health (NIOSH) established a Recommended Exposure Limit (REL) of 0.2 ppm. In order to meet this standard at a minimum 10 air exchanges per hour should occur in the room where the chemical is used. The best practice would be exhaust ventilation installed at the point of release of glutaraldehyde vapors by means of a local exhaust hood or a self-contained, freestanding, recirculating exhaust ventilation system. The container housing the chemical should remain closed at all times except when adding the devices to be disinfected or sterilized. Also remember the chemical should not be mixed, or once poured, stored in patient care areas or in other areas where employees would be for purposes other than disinfecting of instrumentation.

Wearing the appropriate personal protective equipment during these times of exposure is

To better serve you TMC Client Services will now be

opening at 7:30am!

The center’s hours will be as follows: 7:30am-5:00pm Monday-Thursday

& 7:30am-4:00pm Friday

As always you can leave a message after hours and expect a response on the next working day.

HIPAA Audits to ComeAccording to Susan McAndrew, the Deputy Director for Health Information Privacy, The Department of Health and Human Services has awarded a $9.2 million contract to the consulting firm KPMG to launch an audit program as mandated by the HITECH Act. The formal program, will begin once 20 test audits are completed which is expected to be late this year or early 2012.

The program which consists of three phases will include development of a set of protocols on how the audits will be conducted and how compliance will be measured. Once completed, a round of test audits will be completed with the formal program of up to 150 on-site audits being performed through-out 2012.

Based on an interview with Healthcare Information Security, McAndrew reports the selection process will not be incident driven and her office will try to select a wide variety of organizations based on type, size and location. Once chosen, the organization will be provided advance notification, but should expect an on-site audit process to occur which will focus on compliance with the HIPAA privacy and security rules.

While the chances of an on-site audit may be small, be sure to take the time now to review items such as employee education, policies and procedures which ensure protection of patient information, security of electronically stored protected health information to include encryption if possible, business associate relationships and completion of the required risk analysis.

Is Infection Control a Priority?While the reason people go into health care is to “take care of patients”, as practices struggle to address decreased reimbursement, focus on implementation of an electronic health record, and monitor the revenue cycle, there is a chance that patient safety is not in the forefront of activities. Patients come to your practice believing they will receive safe care and especially in the outpatient arena there have been multiple examples of how lapses in basic infection control standards have left patients with infections, some of which have the potential for life changing consequences.

Patients often times have multiple health issues, the move of more difficult procedures to the outpatient environment, and the lack of appropriately trained individuals on infection control principles allow for the increase in significant patient events. Total Medical Compliance is pleased to announce its upcoming schedule of infection control seminars and webinars for 2012. NC State law .0206 requires health care facilities performing invasive procedures have a person in each site trained on infection control concepts. Additionally any certified ASC is required by CMS Conditions to have an appropriately trained individual who oversees the infection control program. These sessions will give you the tools you need to be sure your patients receive the excellent care that is the cornerstone of your practice. Practical solutions to your infection control challenges will be provided as basic principles of epidemiology, disinfection, sterilization, and techniques to reduce the spread of infection are reviewed. In addition, discussion of CDC guidelines and recommendations provided by OSAP and APIC will help position your practice to provide a safe work environment for both patients and employees.

2012TMCSeminar&WebinarDatesJanuary 24 and 31 – MEDICAL WebinarFebruary 16– MEDICAL Seminar CharlotteFebruary 17 – DENTAL Seminar CharlotteMarch 15 – MEDICAL Seminar RaleighMarch 16 – DENTAL Seminar RaleighApril 17 and 24 – DENTAL Webinar

For a full description of these TMC 2012 courses can be found at:

http://www.totalmedicalcompliance.com/category/all-products/infection/

Agape Dental MinistryFrom October 2002 through November 2010 the Mecklenburg Baptist Nursing Fellowship (MBNF) Dental Ministry provided free dental care for 4420 people. Those served felt helpless because they could not receive relief for their severe dental pain after visiting many different medical facilities and hopeless because of the lack of free dental care in the Charlotte community. In order to provide care for these people, MBNF Dental Ministry used the NC Baptist Men’s Dental Bus one week out of each month for eleven months each year which was staffed totally by volunteers. The Baptist Men were partially reimbursed for the use of the bus by donations. Care is free for the patients; their smiles and hugs are payment enough to continue the ministry.

In January 2011, MNBF and New Hope Baptist Church formed a partnership for the church’s mission house to become the Agape Dental Ministry. Because the property needed to be rezoned, a permit for the necessary renovations to comply with the City of Charlotte codes had to be obtained, and the financial means to make the changes needed to be raised, it has taken many months to make the Ministry a reality.

Generous community and church donors have provided financial support and volunteers and private companies have donated supplies and their time for the renovations.

Unfortunately, the Tuesday after Labor Day a break-in was discovered. Large equipment which had been donated by a retired local oral surgeon, computers, printers, blood pressure cuffs, other dental supplies, and household items were taken. In response, two

manufacturers of dental equipment and supplies have offered to donate new equipment, as well as anything needed to replace the stolen items. Heidi Erdos, from Total Medical Compliance, is working with Agape Dental Ministry from a patient and worker safety perspective to ensure volunteers and patients are provided a safe experience.

The new permanent location will allow care to be delivered Monday through Friday but hours of operation will be determined by the number of dentists and others who volunteer. Many compassionate people will be needed each day to provide the care for these underserved people. Will you join this ministry to provide people help and hope by relieving their pain?

For more information or to volunteer: Contact Elizabeth Locklare Call - 704-535-8545 or email- lockisin@gmail.com

Go Green!America is shifting to a “green culture” where over 300 million citizens are embracing the fact that environmental responsibility is everyone’s responsibility.

Here at Total Medical Compliance, we believe we can save the planet one office at a time. Going paperless will help us achieve our commitment. Starting immediately we begin emailing our monthly compliance letter to your designated email. If you haven’t already done so please supply your email to: info@totalmedicalcompliance.com.

We appreciate your business and your commitment to making our planet a “green culture.”

P3

Workplace Violence… Are you Safe?Unfortunately we often read of tragic situations occurring in of all places, the workplace. As you will recall, OSHA’s mission is to ensure employees have a safe place to work. To support that mission, in September OSHA published a directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, which establishes uniform procedures for inspectors when investigating incidences. Over 3,000 homicide victims and 15,000 non-fatal injuries were reported from 2006-2010, holding its ranking in the top four causes of death in the workplace for the past fifteen years. For women, it is the leading cause of death in the workplace.

As defined by NIOSH, workplace violence is, “violent acts (including physical assaults and threats of assaults) directed toward persons at work or on duty.” As a healthcare worker, you are considered to be at high risk so how will you address this in your office? What is your plan? The first step is recognizing what puts you in harm’s way. Analyze your workplace for potential risk factors as it relates to your environment, patients and co-workers.

Consider the following:

• Narcotics and cash in the office. Could this make you a target for robbery?

• Unrestrictedvisitoraccess. Do you control access to clinical areas? How do you identify visitors?

• Lack of staff training. Would employees recognize unusual behavior and know how to protect themselves? Are employees comfortable confiding in leadership about potential domestic violence situations which would put the employee or others at risk?

• Poorlylitparkingareas. Do you have employees who arrive or leave while it is dark outside?

• Low staffing levels. Are you seeing more agitated patients due to increased wait times?

• Highcrimelocation. Do you have alarms in place and a panic button?

After identifying your potential hazards, minimize your risks by establishing a workplace violence prevention program. Incorporate a zero-tolerance policy toward workplace violence against and by employees, patients, vendors and anyone else you may come in contact with. Employee feedback is critical in order to identify needed security measures.

Similar to other safety plans, you will want to include engineering controls and work practice controls based on the hazards identified. An example of engineering controls would be the installation of deadbolts locks on entry doors, while a work practice control may include using the “buddy system” when walking to and from your vehicle.

All employees should be trained and know the importance of reporting acts of violence. In the

training, discuss the need to be aware of danger signs and what employees should do in potentially harmful situations. Everyone must understand that workplace violence will be taken seriously and promptly addressed.

While there is not a specific OSHA standard associated with workplace violence, the General Duty Clause outlines employers are responsible for providing a place of employment that is free from recognizable hazards that cause or are likely to cause death or physical harm to employees. Inspectors technically could cite an employer under the general duty clause if it is felt employees are at increased risk for workplace violence which could have been prevented through a well-established safety plan.

If you would like to develop a Workplace Violence Prevention Plan, safety tips and information about preventing workplace violence are located in the TMC OSHA manual behind the Emergency Procedures tab. Also, OSHA has launched a new web page on workplace violence prevention which is www.osha.gov/SLTC/workplaceviolence/. This website includes information specific to healthcare environments.

The threat of workplace violence is a serious occupational hazard particularly in some healthcare environments and even under the best of circumstances anything can happen, but with a well written Violence Prevention Program, engineering and administrative controls and employee education in place, your chances of an unfortunate event can be reduced.

3D PPE – Donning, Duffing, and DisposalPersonal protective equipment or PPE is an important component in the protection of employees against exposure to bloodborne illness as well as certain respiratory illness and also plays a role in the reduction of spread of infection to the patients cared for in the practice. And while you will not need any special glasses to read this article it is very important to remember three key concepts when utilizing PPE, which are Donning, Duffing, and Disposal.

Appropriate PPE is provided to employees at no cost when there is potential occupational exposure. This includes such items as patient care and utility gloves, gowns, laboratory coats, face shields, masks, eye protection, resuscitation bags or any other necessary equipment. All employees are required to use proper PPE, unless extraordinary circumstances exist which must be documented. Each practice should have a completed Hazard Assessment document in their OSHA manual. This form can be located by clients at www.totalmedicalcompliance.com by logging in and clicking on the OSHA Forms heading. The Hazard Assessment outlines tasks performed in the practice, associated risks of exposure, and required PPE. Each employee should review this form during their new employee orientation process and annually thereafter. Associated with the review of the Hazard Assessment, employees should review the appropriate way to Don, DUFF, and dispose of PPE.

Donning begins at the bottom and works its way up ending with gloves.Gown c Mask c Goggles c Gloves

Duffing occurs in alphabetical order beginning with gloves.Gloves – Care must be taken not to touch the outside of the glove with non-gloved hand

Goggles – Handle the ear pieces as the outside of the goggles are contaminated

Gown – Front and sleeves are most contaminated

Mask – Handle by the ties, grasping the bottom then top tie or elastic. Masks should be removed between patients and when they become wet or visibly soiled. Masks should not be worn around the neck as this leads to the possibility of cross contamination of loupes and the potential for worker exposure to blood or body fluids.

A poster from the CDC providing instruction on donning and duffing is available for download at www.cdc.gov/HAI/pdfs/ppe/ppeposter1322.pdf

DisposalPPE should be removed in the area of use and discarded. Gloves can remain on when transport of specimens or instruments occurs. In dental practices, lab jackets/gowns should be removed when entering the employee lounge/break room and when going to the restroom. It is important to remember that appropriate hand hygiene should

be performed after removal of PPE. For reusable PPE such as lab coats or cover gowns, it is the employer’s responsibility to launder the garments. Employees under no circumstances should take items home to launder.

A few more reminders about appropriate PPE use:

• Wear appropriate gloves when it can be reasonably anticipated that there may be hand contact with blood or other potentially infectious material, and when handling or touching contaminated items or surfaces. Heavy duty utility gloves should be worn when handling contaminated sharp items during the cleaning process.

• Replace gloves if torn, punctured, contaminated or if their ability to function as a barrier is otherwise compromised.

• Never wash or decontaminate disposable gloves for reuse.

• Utility gloves may be decontaminated for reuse if their integrity is not compromised. Discard utility gloves if they show signs of cracking, peeling, tearing, puncturing or deterioration.

Employees are protected when PPE is used appropriately, however, the correct process for use, removal and disposal must be followed. Take a few minutes to download and review the poster from the CDC and remind your employees of 3D PPE!

P4

1. ______________________________________________________2. _____________________________________________________3. _____________________________________________________4. _____________________________________________________5. _____________________________________________________6. _____________________________________________________7. _____________________________________________________8. _____________________________________________________9. _____________________________________________________10. _____________________________________________________11. _____________________________________________________12. _____________________________________________________13. _____________________________________________________14. _____________________________________________________15. _____________________________________________________16. _____________________________________________________17. _____________________________________________________18. _____________________________________________________19. _____________________________________________________20. _____________________________________________________21. _____________________________________________________22. _____________________________________________________23. _____________________________________________________24. _____________________________________________________25. _____________________________________________________26. _____________________________________________________27. _____________________________________________________28. _____________________________________________________29. _____________________________________________________30. _____________________________________________________

NOV 2011

FIRST ANNUAL REPORT TO CONGRESS ON BREACHESPAGE 1 & 2

NEW HOURS FOR TMCPAGE 2

IS GLUTARALDEHYDE UTILIZED IN YOUR OFFICE?PAGE 2

HIPAA AUDITS TO COMEPAGE 3

GO GREEN! - WITH TMC’S EMAIL NEWSLETTERPAGE 3

IS INFECTION CONTROL A PRIORTY?PAGE 3

AGAPE DENTAL MINISTRYPAGE 3

WORKPLACE VIOLENCE...ARE YOU SAFE? PAGE 4

3D PPE – DONNING, DUFFING, AND DISPOSAL PAGE 4

IN THIS ISSUE