OSHA and HIPAA Compliance

Karen M. Beard, CPC, CHCC
Senior Associate

As a new year has started, it is very important that every medical practice be aware of the mandatory compliance measures that must be observed. MMA recommends that practice managers create a yearly compliance monitoring calendar to update and review the various compliance programs required of practices and ambulatory surgery centers. Two very important areas of compliance are OSHA and HIPAA Privacy and Security. Both OSHA and HIPAA compliance are required by federal law. Audits by federal regulators can be triggered by complaints from individuals or employees or through random site reviews by regulators. Failure to comply with OSHA and HIPAA requirements could lead to severe monetary penalties.

• An OSHA Compliance Manual must be prepared for each practice location and should include sections on exposure to blood-borne pathogens, hazardous chemicals and tuberculosis. This manual must be reviewed and updated on an annual basis.
• OSHA training is required for new employees within ten (10) days of hiring and annually for all employees with primary risk of exposure.
• HIPAA requires that each medical practice appoint Privacy and Security officials and create written policies and procedures on how a practice will obtain, use, disclose and secure their patients’ Protected Health Information (PHI).
• HIPAA training must occur for the initial staff of all new practices (including physicians) and within thirty (30) days after hiring a new employee.
• Yearly training for HIPAA has become a required condition of participation with major third-party payers.

If you have questions on OSHA and HIPAA compliance or need to set up a staff training session, contact Karen M. Beard, Senior Associate, at 770-951-8427 or email kmb@medicalmanagement.com.