It’s Your Call May 2017

OSHA: Hazard Assessment

The first step in developing a PPE program is to determine the type of hazards in your workplace and determine which PPE is necessary for protection. Has your office done a hazard assessment in your facility?

types of PPE








Chemical hazards pose a wide range of health and physical hazards. Agents with any of the following characteristics are considered hazardous: carcinogens, corrosives, toxic or highly toxic chemicals, irritants, sensitizers, or target organ effectors. Corrosive chemicals in your practice could cause permanent and severe damage to the skin and eyes if you are not wearing the appropriate PPE. When chemicals are onsite, you must consider protections for your eyes, face, hand, body, and respiratory precautions. Start by listing the chemical hazards in your office and be sure to review the SDS with the new and updated chemicals. It is better to be safe than sorry.

HIPAA: Patient Access Request versus Authorization Form

In this second phase of audits, the Office of Civil Rights will ask about patient access requests. When should you use an authorization form versus a patient access request?

When the patient is requesting a copy of their own records, you would use a patient access request. The request must be in writing, signed by the individual, and clearly identify the designated person and where to send the PHI using reasonable safeguards. Covered Entities (CE) are required to disclose the PHI and act within 30 days of receiving the patient access request. Exceptions to disclosure would include the release of psychotherapy notes or any information compiled with the anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.  CEs may impose a reasonable, cost-based fee for supplies (i.e. ePHI copied to a thumb drive), labor, postage, and preparation of an explanation or summary of the PHI, if agreed to by the individual. The fee may not include costs associated with verification; documentation; searching for and retrieving the PHI; maintaining systems; recouping capital for data access, storage, or infrastructure; or other costs not listed above even if such costs are authorized by state law.

Authorizations are utilized when the practice is asking permission to release the patient’s information. It differs from an access request in that the request for release of information is not initiated by the patient. The authorization does require certain elements like an expiration date, signature of the individual authorizing the disclosure, individuals right to revoke the authorization, a description of the purpose, and other items. There is no timeliness requirement for disclosing the PHI, and reasonable safeguards should be used to send PHI securely.  There is no limitation on fees.