It’s Your Call – September 2022


OSHA: If we have an employee less than a year, are we obligated to keep their medical records? No, the medical record can be given to the worker upon termination if they were employed less than a year. Medical records would include medical and employment questionnaires, laboratory tests, pre-employment exams, first aid records, treatment descriptions […]

It’s Your Call August 2022

dont feed the phish

OSHA: How should our office prepare for persons who have been exposed to monkeypox? First and foremost, train your employees. They should be able to recognize the signs and symptoms of monkeypox. Wear the appropriate personal protective equipment (PPE) to prevent potential exposures and know how to treat. Symptoms are typically flu-like with a rash […]

TMC Security Scout on Phishing

security scout doctor compliance

Of all the known cyberattacks that cause a data breach, phishing is the most expensive to remedy. A successful phishing attack most commonly reveals usernames and passwords, which paves the way to the data breach resulting in an average cost of $4.9m for victim organizations worldwide. The costs remain the highest in the healthcare industry […]

ALERT – Phishing Campaign

evernote phish 2

These phishing emails are targeting healthcare providers. The email has a subject of “(Victim Organization) (Date) Business Review” and utilizes a Secure Message theme. Inside of the email is a malicious link that takes the recipient to an Evernote site that looks like it belongs to the Victim Organization. On that site is an HTML […]

OCR’s COVID-19 Enforcement Discretions

OCR logo

Throughout the COVID-19 public health emergency that began in January of 2020, the Office for Civil Rights has issued several notifications of enforcement discretion for certain aspects of the HIPAA rules. This means that, for the topics covered, the OCR will not impose penalties for noncompliance with the HIPAA rules as long as the covered […]

It’s Your Call July 2022

Password Save

OSHA: Our office provides laser treatment. What OSHA specific regulation(s) address laser plume (smoke)? Currently, OSHA has no specific standards for laser/electrosurgery plume hazards but note that smoke byproduct could produce upper respiratory irritation, cause potential in-vitro mutagenesis, and generate infectious viral fragments. Thus, OSHA could cite under these two regulations: 134(a)(1)-Inadequate Personal Protective Equipment […]

Navigating Social Media, Online Reviews, & HIPAA

social media

No one likes a bad review. It is much more common for an unsatisfied customer to post a negative review than it is for a happy customer to post a positive review. Most business advice sites recommend responding to both good and bad reviews because it helps resolve issues and actually wins back customers. However, […]

It’s Your Call June 2022

monkey pox

HIPAA: TRUE OR FALSE: It is a good idea to respond to a patient who posts an issue or a negative review online so everyone can see that your practice is helpful and caring. A: FALSE! Even though it is the patient who posts information about their visit or health condition, if your practice’s reply […]

Your Patients’ Right of Access

healthcare HIPAA enforcement update

The HIPAA Privacy Rule grants patients the right to access their health information in a way that is easy and affordable for them. Providers are required to give patients access to their health information. There are some exceptions, of course, so getting the process right can be as confusing as being in a house of […]

Beware of Malware Lurking in PDF Email Attachments

Beware of Malware Lurking in PDF Email Attachments

Most malware that is delivered as an email attachment is usually a Word (.docx) or Excel (.xlsx) file. Cybersecurity threat analysts have recently discovered that PDF attachments are now becoming more popular to distribute malware. Since many people have been trained to be suspicious of opening Word and Excel files, they are not as cautious […]