Regulatory Changes that Every Practice Needs to Know
Episode #297 with Linda Harvey
A lot has happened in dentistry during the pandemic, including regulatory changes. And if you’re wondering about the potential changes and how to prepare for them, today’s expert can help! Kirk Behrendt and Linda Harvey talk about some of the policies, procedures, and protocols that were updated and what to be aware of. Know and understand the laws, and don't be resistant to change! For more advice on how to protect yourself and your practice, listen to Episode 297 of The Best Practices Show!
Main Takeaways:
Don't assume you're in compliance. Know and understand what's required.
Don't be resistant to change.
Every dentist needs to have adequate cyber risk insurance coverage.
Know what your cyber risk insurance covers.
You can't afford not to have a breach expert.
Stay current on changes so you can have protocols in place.
Take caution with PPE supply chain shortages.
Quotes:
“We learned quite a bit about COVID-19 . . . We learned how we had to protect ourselves. We learned that OSHA put dentistry at the top of the list when it came to high-risk categories for contracting airborne diseases in dental settings. So, we realized that there were actually laws that were already in place, such as OSHA’s Respiratory Protection Standard, that now applied to us in dentistry.” (08:08—08:39)
“There were a lot of folks that were capitalizing on the COVID-19 crisis, selling products that weren't fit to be used in a healthcare setting and masks that were counterfeit. So, we had to really step up a notch as far as our understanding and not just buy something because, ‘Oh, this looks like it’s good. This looks like it’s legitimate.’ We couldn't trust that last year. And even earlier this year, we saw the same thing happening.” (10:07—10:32)
“I happen to have an acquaintance who helped to author [OSHA’s] Bloodborne Pathogens Standard. He was on that committee many years ago, and he feels like it’s being picked back up. So, I feel like we’re in that train. And if OSHA takes it a step further and starts an initiative called a Special Emphasis Program, that means that they may take time to go actually investigate offices and do random inspections. Whether they will target dentistry, or healthcare, or what area they will target, that's to be seen.” (12:38—13:07)
“The likelihood is that you're more likely to get inspected if there's a complaint filed against the practice. Right now, OSHA does not have the manpower to go target dental offices. We know that they did in Tennessee probably five, maybe six years ago. But Tennessee is one of the 20-something states that has their own OSHA-approved plans, so they have some more restrictive and more stringent requirements than the federal law in some areas.” (14:07—14:31)
“I think, oftentimes, we assume we’re in compliance. And sometimes, when I start speaking about, let's just say the Bloodborne Pathogen Standard, and I take one little section that I want to really drill into, almost everybody in the room goes, ‘I had no idea we weren't doing that right.’” (14:47—14:59)
“I was one of those individuals that lived through no gloves, masks, and glasses. I was cleaning teeth with no gloves, if you can just imagine how gross that is now. Right? But nevertheless, we had to make that change. And I was one of the last ones to change, quite honestly. I didn't want to wear damn gloves. I've known these patients for years. Why was I fearful of them? But then, I finally got it. You know, we had young children. So, this is the same way that we are now. We’re making changes in our PPE, and we can't be resistant to that change. And we have to be open-minded about, ‘Well, maybe OSHA’s going to say that we’re going to have to continue wearing respirator masks, and that could be what's required.’ We just don't know yet.” (15:13—15:50)
“It’s more than just having your Notice of Privacy Practices posted on your website or in your office. It’s a whole lot more than that. So, being mindful of what do these regulations require and understanding that you have to have information in place . . . So many offices probably don't have customized policies and procedures. They probably think their IT company is doing a security risk analysis for them. But they shouldn't, because it’s a conflict of interest, and they really don't know how to do one, in most cases.” (16:58—17:33)
“I know offices as of even last month, as current as that, that have had a breach because their IT company wasn't watching the henhouse as thoroughly as they thought they were, or they hadn't signed up for the level of monitoring services that they really needed in their practice. So, that's the first change that we’re going to see.” (18:34—18:51)
“Oftentimes, even some of the medium-sized IT companies, or even regional ones, they're not experts at handling a breach. They probably have handled very little. They may have restored practices — and that's their expertise, to make the computers work and make everything in sync. And, of course, the crisis is, ‘Let's get the doctor back up and running as fast as we can.’ That may be the worst thing that you can do.” (20:42—21:04)
“Not having the right protocols in place, and doing the wrong thing, and not having enough insurance is really going to put you in a tailspin for a worse outcome. So, start by calling your malpractice carrier, finding out what your cyber risk coverage is, what are the exclusions, what are the deductibles, what are you covered for. You must be covered for forensics, because that could cost you as much as $50,000 at the drop of a hat.” (22:15—22:42)
“Almost every state has some kind of privacy law. And the privacy laws in the states are not the same laws as federal HIPPA laws. But these laws at the state level can be more restrictive and stringent, and they include all businesses like retail and other types of industries. So, if you're in a state that says you must notify your consumers or your customers within 45 days, then you have to meet a more stringent standard than the federal law. So, this is why you cannot afford not to have a breach expert.” (23:45—24:14)
“Attorneys are not breach experts, in most cases, and they don't know how to lead an incident response team. So, you need someone that can lead the team. And now, the FBI is saying don't pay the ransom, because that's extortion. You're paying an extortionist.” (25:19—25:33)
“There will be changes as far as release of information. Right now, the federal law says you must give the patient a copy of their records within 30 days, and they allow you to have a 30-day extension . . . That date is getting ready to drop to 15 days. That's one of the proposed changes. Nothing has gone into effect — I want to make sure the audience is really keyed on that. This has not gone into effect at all yet. It has to go through the rule-making process at the federal level. But to be prepared, we want to be thinking about some of these things.” (26:53—27:37)
“Oftentimes, when a patient is trying to get their records from one group, one practice, wherever it is, there are roadblocks. And some of the roadblocks are, ‘Well, you didn't pay for those free X-rays, so we don't have anything to give you.’ And that couldn't be further from the truth. Just because you have a new special running and the patient came in with some discounted ad or free X-rays and exam or something, they have a right to that information. We can't charge them $75 or $100 on the way out the door with a copy of them because they didn't pay upfront, trying to make up your loss. That is your loss.” (28:00—28:34)
“If the patient has a balance, you cannot charge the patient a fee for the X-rays. And I'm using X-rays because that's mostly what patients want for their next dentist. But they cannot charge a fee equal to that balance. The patient is entitled to that information. And if you're going to send it electronically in a PDF format, then there's virtually no cost involved. So, why are you trying to charge the patient $75 for something that's virtually no cost?” (28:36—29:02)
Snippets:
Linda’s background. (04:07—04:38)
What’s happened in dentistry during the pandemic. (05:02—07:03)
Changes to be aware of for the future. (07:26—09:03)
Reevaluating safety practices and suppliers. (09:25—11:25)
What to prepare for in the future. (11:45—13:25)
Will your practice be inspected? (14:01—15:50)
Regulatory changes in civil rights. (16:21—18:53)
Have cyber risk insurance coverage. (19:44—22:42)
What cyber risk insurance covers. (22:58—26:03)
Other civil rights components you need to know. (26:28—30:41)
Supply chain shortages to be aware of. (30:52—32:14)
What Linda’s company does. (32:45—33:49)
Don't be married to old ideas. (34:14—36:30)
Reach Out to Linda:
Linda’s company website: www.lindaharvey.net
Linda’s Facebook page: https://www.facebook.com/The-Linda-Harvey-Group-Inc-137726219636193/
Further Reading:
Debi Carr, Security and HIPAA Compliance Consultant: https://dkcarr.com/
Linda Harvey, RDH, MS Bio:
As president and founder of The Linda Harvey Group, Linda M. Harvey, RDH, MS, LHRM, DFASHRM leverages her unique credentials and expertise to help you and your staff significantly reduce risk and legal liability in your practice. Linda’s services complement practice management consultants whose clients need a specialist in risk management. Along with that, she teaches dentists and physicians how to protect their million-dollar practices through effective risk management and patient safety. Linda’s practical guidance effectively integrates regulatory statutes into your practice to close deficiency gaps in your policies, procedures, and workflow.
Some of her other distinguished achievements include:
Licensure in healthcare risk management and dental hygiene
Distinguished Fellow, American Society of Healthcare Risk Management
Ten-year history of providing custom remediation courses to fulfill disciplinary sanctions
Approved Academy of General Dentistry PACE Program Provider
Graduate OSHA 30-hr Course
Accreditation experience with Accreditation Association of Ambulatory Health Care
Linda brings more than 30 years of experience in providing quality/safety perspectives for healthcare professionals as well as state licensing boards.
Linda is a featured writer in trade journals, publications, and newsletters such as Contact, RDH, and Resource Connections. Her training products have been featured in Medical Economics, RDH, and Dental Materials and Equipment.
As an active member of the National Speakers Association, she presents content-rich courses sprinkled with real-life stories of medical errors and many practical, easy-to-implement solutions.
Linda authored Helping Hands for Dental Hygienists: 101 Timeless Treasures for a Successful Career, plus four risk management and patient safety professional development courses.
Clients internationally utilize her risk prevention training systems so they can focus on what they do best—providing exceptional patient care and services.
She works with licensees in multiple states who have been sanctioned by the licensing board and assists in their compliance. As a result, she understands the quality/safety perspectives of both healthcare professionals as well as state licensing boards. Many clients frequently express how they wish they had called her before the subpoena had arrived.
Linda presents, writes, and consults in the areas of risk management, patient safety, health literacy, and regulatory compliance, including HIPAA and employment law. Her company was the first private company approved by the Florida Board of Dentistry to provide risk management, record keeping, and ethics courses in disciplinary cases.