When Marijuana is Legalized in Georgia, how will That Impact the Workplace?

Categories: Articles

It’s only a matter of time. Although Georgia law continues to prohibit the use, sale, possession, growth or distribution of marijuana as of March 2019, it is only a matter of time before it becomes legalized in the state of Georgia.  As with the end of alcohol prohibition in 1933, statewide temperance laws were continued after the 18th amendment repeal in some states and Mississippi remained “dry” until 1966: it just depends on the state and how conservative its laws are. But as we get closer to legalization, will the use of marijuana still be prohibited at work, and especially outside of working hours?

In recent news, an issue regarding not hiring people who want to be become Atlanta police officers who have used marijuana in the past and could not be hired because of this is up for debate. Rules are being considered for change to hire those who have used marijuana in the past, but once hired, are subjected to zero tolerance, on and off the job. This is, rightfully so, causing problems for those who have been turned down in the past due to marijuana use at any time in their lives. The same rule applies to many employers, in the private and public sectors, so it’s probably going to get dicey before the smoke finally clears.

It’s no longer a matter of if … it’s a matter of when. The big question is how legalization of marijuana will affect the workplace. For many employers, implementing new-hire drug testing serves to help save money by offering large discounts on Workers’ Compensation insurance premiums.  But in some rural areas or specialized fields it is sometimes difficult to find qualified workers who can pass a drug test.; this is where a well-written employee handbook put together by your HR department or Human Resource company is worth its weight in gold.

But what about an employee who has been prescribed medicinal marijuana or THC oil by a qualified doctor? In general, Georgia employers may have and maintain a zero-tolerance policy on the use of marijuana in any form. As of now, Georgia courts have not ruled on whether or not such a ban discriminates against disabled employees who have been prescribed the use of marijuana by a doctor. Other states have ruled, some for the employee, some for the employer. For now, it appears that, until a court rules otherwise, not hiring a THC user or terminating one is permissible. Having a clear and unambiguous statement in the employee handbook is a good idea.

It all comes down to employers keeping the workplace safe, keeping employees happy, and working within the law. Common sense also plays a big part in all of this. Alcohol, although not illegal, is not permitted for use during work hours. Just as an employer will not tolerate an employee coming to work snockered, they will not tolerate an employee coming to work stoned. All of this should be clearly and completely covered in your employee handbook. Legalization of marijuana does not mean it would be legal to partake during work hours, just as alcohol is not permitted, unless otherwise stated in your employee handbook.

Zero tolerance is the language used in most employee handbooks, and those two words make it crystal clear about your company’s stance on drugs and alcohol. If you have not addressed this issue in your handbook or if you need to update it with the pending legalization of marijuana, a good Human Resource company like Stellaris Group in Marietta, Georgia can sit down with you and draft an unambiguous book of company policies that leave no question about where your company stands regarding drug and alcohol use in the workplace.

Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co

Fax Service+ HIPAA Compliance

Categories: Articles

Despite its dated roots, and the myriad complaints, fax machines can be HIPAA-compliant as long as appropriate security safeguards are followed. In short, HIPAA regulations do not prevent covered entities (health providers, plans and clearinghouses that transmit health information electronically) from faxing.

It’s the covered entity’s responsibility to ensure their fax practices comply with HIPAA privacy rules. These include the “minimum necessary” rule, which limits information in the fax to the minimum amount necessary in certain instances, as well as the implementation of administrative, technical, and physical security policies to protect PHI.[1]

Unfortunately, these rules are not always followed. Academic physician Sachin H. Jain, M.D. commented that most fax machines sit open and accessible to a wide range of individuals in most healthcare settings–suspending any expectation of privacy and security.[2]

For obvious reasons, fax machines must be located in secure, non-public areas to prevent unauthorized personnel from viewing faxes. Office staff should always verify the recipient’s fax number and use a cover sheet that does not include patient information.

Most Common Fax Related Violations

Sending a fax to the wrong number is one of the most common errors, as evidenced by a number of reported breaches. Last year, Oakland, Calif.-based West Coast Children’s Clinic had to notify patients of a HIPAA breach after it faxed a patient’s PHI to an incorrect fax number. The data included the patient’s name, date of birth, developmental and psychological treatment history, family history, educational history, testing results and prescribed treatment.

What are the lessons to be learned? Make sure security safeguards are in place when using the fax machine to transmit PHI, and confirm your staff is properly trained to whenever handling and transmitting patient information.

Internet fax replaces paper with digital transmissions and emerged as a popular alternative to the traditional fax. Internet fax is typically provided as a hosted service, whereby health providers can subscribe to a third-party entity that converts emails and other content to faxes.

Typically no human interaction occurs, thereby eliminating human error. This change in workflow reduces risk and offers added convenience and efficiency over traditional fax machines. For healthcare providers that aren’t ready to eliminate fax altogether, moving to secure Internet fax can be a valuable step toward mitigating the inefficiencies and security risks posed by traditional fax machines.

 

Article submitted by Paul Mancini, National Sales with Clear Choice Telephones.

Questions? Contact Paul at 678-387-3200 or paul@clearchoiceinc.com

 

Paul Mancini

678-387-3200 desk

678-464-4701 cell

Spotlight: Jennifer Autian

Categories: Team Member Spotlight

Family – married? Children? Pets? Married – 20 years coming up this year. Son in High School – typical teenager who starts driving this summer. We also have 2 cats – 20 lbs and 6 lbs.

Where did you grow up? Interests as a child? What did you want to be “when you grew up”? North of Chicago, in a small town. Came south to warm up – Nashville first, then Atlanta. Played tons of sports growing up – usually on the boys’ teams. What did I want to be? Physical Therapist.

What college did you attend? What did you study? Best memories of those years? Undergraduate at Vanderbilt, MBA from GA State. Double major in math and Spanish, double minor in psychology and German. Change of scene was the best part.

Where in Atlanta do you live? What brought you here? Roswell. 75S (kidding). Next big city south of Nashville was Atlanta – wanted to be here before ’96 Olympics.

Hobbies? Any charity or philanthropy? Crafty when not analytical. Home renovations are of great interest along with my son’s activities. Enjoy hiking too. I spend a lot of time at “Fur Kids”, which is an animal shelter. I’m there at least once a week. And church.

If money were no issue, what would you do with your time? Beach. Love waves and reading

Favorite food? Worst food? Mexican food. Sushi.

Cook or clean dishes? Cook. Usually end up doing both anyways though. I clean as I go though.

Favorite sports team(s)? Favorite book? Favorite movie? Chicago Bears. Football in general. Field of Dreams.

Furthest you’ve ever traveled? Best trip of life? Europe for Spanish studies. Best: honeymoon in Hawaii.

Speak any other languages? Supposedly Spanish and German. Still some Spanish in there but not much German.

Mountains, beach, or staycation? Mountains & beach. I like to hike. I like beach walks. Certainly not a homebody.

Role model in your life? Step-father is likely the most influential. He started a business on own and grew to three locations. Always took care of his employees. “Don’t pay for something you haven’t earned yet.”

What is one tidbit of information about you we wouldn’t expect? Rowed crew in college for three years.

What’s Your Peace-Of-Mind Worth?

Categories: Articles - Tags: ,

You’ve been responsible for the office operations for years. But lately, in the age of technology, it seems that things have gotten more complicated and more stressful, rather than simpler.

The administrative, human resource and regulatory compliance related tasks of your business are increasing, and you end each day knowing that there’s much more left to do.

A client data breach, and the business reputation fall-out that follows, is the last thing your business needs right now.

Did you know that a data breach is most often caused by human error; either by an employee or by a vendor that services your office?

Yet, many businesses of all sizes still don’t have information destruction policies or procedures. Some still use office shredders to save on operating expense. Relying on your staff to shred what they think is important is both risky and expensive; when you consider the labor involved. And there’s no record that it was destroyed, in case you may need that later.

In the long-term, outsourcing your information destruction needs to a professional On-Site shredding service, better protects your business and saves you money. It’s low cost reputation insurance that gives you Peace-of-Mind.

Make sure you select a shredding service that does more than just shred or recycle your office paper and provide a receipt. A trustworthy shredding company should be able to:

  • Offer On-Site shredding service, as it reduces your risk by shortening the chain-of-custody that your information passes through prior to destruction. It’s destroyed before they leave.
  • Provide a Certificate of Destruction after each service call and keep them on file permanently, should you ever need copies in the
  • Offer shredding of digital devices (hard- drives, cell phones, tablets, flash drives, CDs, etc.) which often contain much more information than your documents
  • Demonstrate their operating and hiring practices are externally audited and certified by NAID (National Association of Information Destruction) and ISO (International Standards Organization)
  • Regularly train their employees (and yours, if necessary) on secure handling and destruction procedures
  • Maintain an excellent customer satisfaction reputation; verifiable with independent unsolicited reviews on Google, Yelp, Angie’s List, etc.
  • Document the recycling of your shredded paper and metal through vendors that specialize in industrial re- use of recycled
  • Share evolving Information Security best practices with you and help you implement information destruction policies and procedures for your business.

For more information, contact Greg Gálvez at greg.galvez@proshred.com or 678-580-1155

Human Error in Cyber Security: 5 Mistakes to Watch Out For

Categories: Articles - Tags: , , ,

Human Error in Cyber Security: 5 Mistakes to Watch Out For

Accidents happen. Mistakes occur. Human error is just a part of, well, being human. However, that doesn’t mean that you can’t go the extra mile to ensure that you minimize the likelihood of a human error, especially when it comes to cybersecurity. When a data hack or other security attack happens, the root cause is often an avoidable accident.

While you should take steps to try and eliminate these human errors from your operations, you should also make sure you have a thorough, well organized, and secure IT support system in place to combat any would-be hackers and data thieves. At Medicus IT, we offer the following cybersecurity services: managed cybersecurity, phishing/security awareness solutions, vulnerability scanning, and encryption and management. Learn more about these services here to see how we can help keep your organization secure.

To help ensure that your operations are hacker-proof, look out for these human errors in cybersecurity.

Poor Passwords

Yes, your password should be easy to remember. No, it should not be simple enough that others can guess it. And yes, it should be difficult enough where it would take hackers a long time to figure out (check out this helpful tool to see how long it would take someone to figure out your password).

A poor password is one of the easiest mistakes someone can make when it comes to cybersecurity. We are all capable of remembering passwords that are too tricky to guess or hack. However, we tend to stick with easy, simple to remember passwords for our own convenience. Don’t do this. Choose a password that contains letters, numbers, special characters and is at least ten characters long. Avoid writing down your password as well. But if you absolutely must, then keep it hidden somewhere safe and once your memorize your password, throw it out.

Misdelivery

Misdelivery is a common mistake that has more to do with being careless more than anything else. Whenever you are sending an email, always double, triple, and quadruple check to make sure that you are sending the information to the right person. Even if you aren’t sending any confidential information, get in the habit of always checking. This type of human error is more common than you might think. According to the 2018 Verizon Data Breach Report, misdelivery was the fourth most frequent action that caused data breaches.

Falling for Phishing Scams

That same Verizon report also found that email was the most common medium in which cybersecurity attacks originated from, with 96% of all attacks sourced from email. Everyone in your practice should be familiar with phishing emails, where someone will pretend to be an outside, trustworthy entity (like a bank) for example and try and get passwords or other sensitive information.

The key to avoiding phishing scams taking place in your office is to instill a culture that is aware of the dangers of being careless with emails. One of the most effective ways to do this is to incorporate phishing/security awareness solutions into your operations regularly. At Medicus IT, we work with clients to run phishing scam simulations that can determine how many employees fell for our faux scam and who exactly clicked on the email. Therefore, you can understand the scope of the problem and which employees need the training to determine how to spot scams. We also offer secure email solutions and SPAM filtering products to further protect your practice.

Inadequate Software Security

While you could argue that failure on your software security’s end to stop a hacker is not human error, we would argue the opposite. Deciding not to go with top-notch, high-quality, and highly-rated security software is, in fact, a human error. Sure, you could try and save money by going with a cheaper option. But the smarter and safer option is to pay for the security that you know will get the job done.

Don’t settle for anything less. Trust in Medicus IT to make sure that your information and data is in safe hands.

Low Security Awareness

There are other ways in which your information can become at risk due to negligence or lack of awareness of potential security threats. This can include leaving company laptops out in the open where they can easily be stolen, plugging in un-secure devices like USB drives that potential hackers planted, and downloading unsafe software online.

Take the time to educate all your employees on best practices for making sure that they don’t fall prey to a security scam or other threats.

Spotlight: Dawn Stastny

Categories: Team Member Spotlight

Family – married? Children? Pets? Married, two only children. Son is 30, daughter is 14. We are dog people–2 currently as just lost one.

Where did you grow up? Interests as a child? What did you want to be “when you grew up”? Grew up in Texas, suburb of Dallas. Always wanted to be a lawyer. Got married straight out of school, then I the joined military instead. I didn’t go to school until later in life – 25.

What college did you attend? What did you study? Best memories of those years? Texas Women’s University. Studied organization development. Played golf in college – haven’t really played since.

Where in Atlanta do you live? What brought you here? Town Lake, Cherokee. 9/11 brought me here – made me realize that long-distance relationships should be more serious as I tried to reenlist into military as medic. I decided to stay instead.

Hobbies? Any charity or philanthropy? My daughter’s activities consume much of our time. We love to cook–he cooks French, I cook traditional/bake. Travel (St. Martin). My husband owes me a trip to Nice –upcoming anniversary gift. We take an annual trip to St. George

If money were no issue, what would you do with your time? Child advocacy – PTA involvement, etc. Help to improve education/childhood development. I believe every kid should have the chance to learn.

Favorite food? Worst food? Toast – it’s the most underrated food on planet. With butter (real).Liver – ate it when I was pregnant for nutritional values, but can’t do it again.

Cook or clean dishes? Cook, but I don’t mind the washing dishes. Husband and I trade off cooking. I’m particular about how the dish washer is loaded, so I’m the only one that loads it (or it gets reloaded).

Favorite sports team(s)? Favorite book? Favorite movie? Hockey – was heartbroken when the Thrashers left. Gone with the Wind – the actual book. Favorite movie too. I love Scarlett O’Hara.

Furthest you’ve ever traveled? Best trip of life? Ireland. Or Kuwait (Desert Storm). Best: St. Martin when we took Kat (our daughter) with us.

Speak any other languages? Nope. Does sarcasm count?

Mountains, beach, or staycation? Beach. Sand & Sun!

Role model in your life? I idolize Ruth Bader Ginsburg.

What is one tidbit of information about you we wouldn’t expect? I came from such a conservative/strict/secret service family. I never saw my mother drive a car. Attended church 4 times/week. Loved it as I was in a bubble – some feeling of missing out. Never had a slumber party. Now – I’m so outspoken/sarcastic/career driven.

 

2019-It’s Time to Purge Those Records-Or is it

Categories: Articles

A new year always brings about change, and when it comes to which records you keep or toss at the office can sometimes be a challenge.

Federal records and The Uniform Preservation of Private Business Records Act (UPPBRA) states that records should generally be kept for a period of three years. But sometimes you cannot find a clear-cut answer for how long you should keep certain records.

Things can get a bit opaque if you don’t have any information available to you and you don’t want to purge your old records without being certain; you also don’t want to keep records longer than needed “just because,” so what do you do?

If you can’t find an answer it could mean that the records in question should be kept permanently, but to be safe, do your research. Document all resources used during your research whether you fall back on permanently keeping the records or you lean more toward the three-year time period for records purging. This will ensure you will likely avoid any penalties should an audit or court case crop up.

You can also check with your attorney or CPA because laws differ from state-to-state. Another great resource would be reaching out to a local Human Resource company such as Stellaris Group in Marietta, Georgia and have them review (or help you create) a Records Retention Schedule and time frame for record keeping or purging since they are always current on new and changing federal and state laws.

 As of 2019, the following information offers a basic guideline of what to keep and what to toss after a certain amount of time. But again, to be sure, check with a local HR company, your attorney, or your CPA.

A three-year time frame applies to most, with the exception of the following:

HEALTH AND BENEFITS RECORDS:

USERRA Leave Records                                           Permanent

Toxic and Bloodborne Pathogens Records                 30 Years

Job Related Injuries and Illnesses Records                 5 Years

*PRE-EMPLOYMENT AND EMPLOYMENT DOCUMENTS:

Intellectual Property Ownership/Nondisclosure            5 Years

Separation Agreement                                               5 Years

Unemployment Claims Records                                 4 Years

Note: If applicant is not hired, keep records for three (3) years.

RETIREMENT:

401 (k) Allocation Records                                         4 Years

Pension Eligibility Records                                         50 Years

Request for Calculation                                              4   Years

Retirement Beneficiary Form                                      50 Years

PAYROLL AND TAX:

Paychecks/Stubs, W-2s-W-4; Earnings Register;

Employee Withholding                                               4 Years

Federal and State Payroll Tax Forms                         4 Years

Federal Forms 1099                                                  4 Years

Time Sheets and Cards                                             4 Years

Computer Loan Agreement                                        5 Years

Direct Deposit Records                                              4 Years

Garnishment Records                                                4 Years

Final Payroll Deduction Checklist                               4 Years

HR POLICIES AND REPORTS:  

EEO-1 Reports                                                         Permanent

HR Policies (current)                                                 3 Years

Affirmative Action Plans and Records                         5 Years

Form 5500                                                                6 Years

OSHA 300/300A                                                        5 Years

VETS- 4212 Reports                                                 5 Years

The above serves as a general guideline, but to recap: When in doubt, always check with someone who stays current with federal and state laws because they can and do change. Stellaris Group in Marietta has a team of HR professionals who can help guide you in the right direction when it comes to all facets of day-to-day office management and they will always lead you in the right direction. 

Article by : Dawn Stastny

Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co

GSG Compliance brings you easy-to-read breach notification rules and more…

Categories: Articles

As always, GSG here to help answer any questions and of course help you with a Security Risk Assessments, Information Security Policies, BA Agreements, and more.

This article from xtelligentmedia contains a lot of great information regarding data breaches. It does a great job in laying out the steps to follow in a variety of circumstances.

GSG Compliance often is asked about the “how, when, and why” regarding breaches of PHI. While there are many circumstances that have led to a breach of some kind, this article makes an easy read of what to do to prevent them and what to do should one occur. There is no one thing to do to protect your data, but there are some basic and common tasks that will put a covered entity in a much better defendable position.

“How To Comply with the HIPAA Breach Notification Rule”

  • Steps to take when a breach happens or suspect of a breach
  • Cyber incidence response
  • Significance of Encryption

ARTICLE

Bill Steuer
GSG COMPLIANCE
877-270-8306  ext. 133
877-828-8809 (fax)

HST Holiday Pics

Categories: Articles

The Healthcare Services Team gather for the 2018 Holiday to celebrate success!

OSHA Postings are due the First day of February

Categories: Articles

Employers have to post OSHA Form 300A for 2018 by the first day of February and leave it up through April 30. This form displays illnesses and injuries that occurred during the previous year and serves as a log of work-related injuries and illnesses recorded. The form must be posted in an area where it is visible to all employees. Records must be kept at the worksite for a minimum of five years and available to not only current employees, but to former employees (or their representatives if need be) as well.

The United States Department of Labor requires employers with 10 or more employees to keep records of work-related illnesses and injuries that are considered serious (if an injury only required first-aid, it need not be recorded). Severe injuries regarding loss of an eye, amputation or hospitalization must be reported within 24 hours; any fatality must be reported within 8 hours. Businesses that employ 10 or less employees who work in low-hazard conditions are considered exempt from the above requirements.

Note: OSHA Form 300A (Summary of Work-Related Injuries and Illnesses) is the only form needed for electronic submission for establishments in excess of 250 employees as of July 30, 2018 due to issuance of a Notice of Proposed Rulemaking (NPRM). In addition to form 300A, OSHA also requires the employers submit their (EIN) Employer Identification Number.

Ensure Your Workers Are Safe:

Employers are responsible for providing a safe work environment and by law are required to provide training and information to employees in a manner of communication that the employee/s understands. They must be made aware of certain hazards in the workplace and instructed on how to avoid them or prevent them from happening according to OSHA standards. This can include labeling hazardous materials or chemicals and providing Fact Sheets; posting signs, color-coding; safety training and written instructions clearly defined in an Employee Manual and the implementation of OSHA’s Illness and Injury Prevention Program at your place of business.

Fines Are Steep for Violations:

Congress enacted legislation that required federal agencies adjust civil penalties to account for inflation as of November 2015. OSHA’s maximum penalties have not been adjusted since 1990 and are going to increase by 78 percent. Moving forward, this will adjust each year for inflation based on the Consumer Price Index beginning after August 1, 2016 when they went into effect.

  • Serious or Other-than-Serious Violations are currently $7000 per violation and the new penalty will be $12,471 per violation.
  • Failure to Abate is currently $7,000 per day beyond the abatement date and the new penalty will rise to $12,471 per day beyond the abatement date.
  • A Willful or Repeated violation is currently $70,000 per violation and the new rate will become $124,709 per violation.

In the course of a citation being issued, it must remain posted and visible until it has been corrected, or for a length of three days, whichever comes first. Smaller businesses may see a reduction in OSHA penalties based on deciding factors and number of employees/sizes of business. OSHA’s Field Operations Manual has been revised and is now available to field staff to address recent changes.

This may all sound a bit complicated, but it doesn’t need to be. If your business does not have a designated HR department, try reaching out to a local HR agency such as Stellaris Group in Marietta, Georgia.  Stellaris Group offers OSHA and Safety Programs, Government Compliance, Internal Investigations and everything you need for complete Human Resource Management for your business.

Article by: Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co

© Copyright - Healthcare Services