Could terminating an employee trigger an OCR investigation?

Employee Termination

When it is time to terminate an employee, it is never easy. Whether they are a short- or long-term employee, it can be difficult. Sadly, if you make a mistake you can end up with a complaint filed against you. These types of complaints can range from the wage and labor board, discrimination, or simply wrongful termination. This does not typically involve the Office for Civil Rights. However, if a disgruntled employee contacts the OCR to complain about ANOTHER issue, this could open the door for an OCR investigation. Best practice is to make sure you have proper HR policies in place alongside your HIPAA policies and procedures. Having an Employee Confidentiality Agreement is a good start to ensure your employees understand the requirements under HIPAA (which is included in our HIPAA Keeper™).

Now let’s talk about your employee manual. This is a must have for all organizations, small and large. This manual should have clear and concise guidelines so that employees understand the conditions of their employment and benefits they are entitled to. This should also include the hiring process and the termination of employment.

Here are some key areas that should be included in your employee manual:

  • Work eligibility – OIG exclusion requirements – Background checks (Random)
  • Employee classification- fulltime/ part time
  • Exempt and non-exempt definition
  • Hours of work including flextime
  • Lunch and rest breaks
  • Overtime
  • Vacation – Sick – General paid time off (bereavement, jury duty, military, etc.)
  • Payday – Payroll deductions- Wage garnishments
  • Expense reimbursements
  • Advances
  • Employee benefits – Health Insurance – Workers’ Compensation – Etc.
  • Employee conduct – Attendance – Punctuality – Personal grooming
  • Employee sanctions – Insubordination – Termination
  • Personnel records
  • Use of company property – Internet use – Email – Etc.
  • Patient and employee privacy
  • Drug and alcohol use testing

There are other areas that should be included. These are just what comes to mind at first. If you do not have a complete employee handbook, contact us and we may be able to recommend a company that can help you.

As with HIPAA, employee documentation is VERY important!

If you are using our HIPAA Keeper™ 7-step system, you are well ahead of many other practices with HIPAA documentation. If you are not using our system, Click here to find out more how our online HIPAA Keeper™ can help your organization with HIPAA Compliance.

Or to schedule a demo click the contact us tab and scroll down.

“Simplifying HIPAA through Automation, Education, and Support”

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

OCR announces the formation of a new Enforcement Division

April 3, 2023

Business Associate fined for a data breach UNDER 500 patient records

June 30, 2023
©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC