On August 4, 2017, the Internal Revenue Service (IRS) released its first revocation of a hospital's tax exemption under Internal Revenue Code (IRC) Section 501(c)(3) for failure to comply with Section 501(r) of the Affordable Care Act.
New OSHA Regulations: Does Your Drug Testing Policy Comply?
At the end of last year, OSHA began enforcing new regulatory
rules expanding the requirements for employers reporting and
submitting workplace injury and illness records. The new reporting
requirements also contain new anti-retaliation regulations. These
new provisions include the ability of OSHA compliance officers to
issue citations to hospitals and other employers based upon alleged
retaliation, even in the absence of any employee complaint. A
citation can be issued solely based upon the written requirements
of the employer's safety plan.
With All the Attention on the Travel Ban, What Could a Health System as Employer Be Missing?
Check those Form I-9s! It is a good time for hospitals and
health systems to conduct an internal audit of I-9s because
inspections and fines have not gone away and a new I-9 edition was
published recently. In June 2017, an Administrative Law Judge in
the Office of the Chief Administrative Hearing Officer fined a
staffing company $276,000, reduced from the $367,000 originally
imposed by Immigration and Customs Enforcement (ICE). While this is
less than the highest fine of $605,250 imposed in 2015 on an events
planning company for incomplete I-9s (there were only four missing
I-9s out of 339 employees), the reason for the staffing
company's fine was a failure to produce the I-9s to ICE within
three days of its request. So "Rule No. 1" to be taken
from this latest large ICE fine: have complete I-9s ready and
available for inspection at all times.
Five Takeaways from the OCR Reminder on HIPAA Obligations in Ransomware Incidents
Apparently prompted by the recent wave of high-profile ransomware attacks, the Department of Health and Human Services' Office of Civil Rights (OCR) has reminded hospitals, healthcare systems, and other covered entities and business associates of their cybersecurity obligations. The reminder follows a previous warning that unless the affected covered entity or business associate can establish that there is a low probability that personal health information (PHI) has been compromised, a breach is presumed to have occurred.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.