Jill Obrochta

No one likes undue scrutiny. Still, you’d best keep these crucial pointers in mind for when auditors come calling.

CONSIDER YOURSELF FORGIVEN—even by me—if OSHA and HIPAA compliance are the last thing on your mind. But the importance of adhering to the rules is undeniable. OSHA fines for noncompliance this year run to $13,260 per violation. Failure to correct the infraction, or “willful or repeated” transgressions, will increase the fine tenfold. HIPAA fines are even worse, starting around $10,000 and escalating to an eye-watering $1.5 million.

Let’s tame this beast, then. Here are the five leading violations that OSHA and HIPAA auditors will scrutinize when they come knocking.

1. Requirement: Federal annual OSHA Employee Training Certification
Common Errors: Failure to train all employees; failure to update all employee documents; no current OSHA manual; failure to implement OSHA protocols.
What’s Needed: Train all employees annually; update employee vaccination records; update employee medical history; have an OSHA manual written to Global Harmonization System and CDC infection-prevention standards); implement OSHA facility protocols to current standards.

2. Requirement: CDC infection-prevention standards for the dental office
Common Errors: Some teams aren’t aware that implementation of these standards has been required of all U.S. dental offices since 2016.
What’s Needed: Review updates in standard precautions, hand hygiene, PPE, respiratory hygiene, sharps safety, safe injections, sterilization, dental-chair water quality and handpiece sterilization.

3. Requirement: International OSHA/GHS Global Harmonization System
Common Errors: Many teams are unaware of the requirement to certify all employees in this chemical-safety program.
What’s Needed: Train and certify all employees in GHS; update OSHA manual to GHS standards; implement requirement for product labeling, with understanding of pictograms; create customized International SDS libraries to GHS standard.

4. Requirement: HIPAA Omnibus Rules
Common Errors: Some doctors don’t know HIPAA updated in 2013 for stricter privacy and security of patient information.
What’s Needed: Train all employees annually; update seven HIPAA forms for office use; get signed Business Associates Agreements from vendors who handle patient information; HIPAA manual written to Omnibus Rule standards; implement 25-plus HIPAA standards to include email, text, fax, copies, computer and internet protocols; complete HIPAA Risk Assessment Report annually.

5. Requirement: HIPAA Risk Assessment
Common Errors: Not knowing that the law requires this be filed at least annually.
What’s Needed: Complete it (at least) annually. Include employee names, BAAs, PHI device serial numbers, password and office-entry adherence; plus email, text and fax security measures; update all job descriptions to current HIPAA standards.

Yes, it’s tedious. But it’s required. You’ve been trained in breakdown mitigation since day one of dental school. If that hasn’t extended to your OSHA and HIPAA compliance, it’s time to step it up.

JILL OBROCHTA is the Florida-based foun­der of Dental Enhancements, an OSHA and HIPAA solutions company. She offers no-obligation consultations; reach her at 941-587-2864 or jill@dentalenhancements.com.