GrandRounds Candra Ray, APRN, Joins Renal Specialists of NWA FAYETTEVILLE - Candra Ray, APRN, recently joined Washington Regional and Renal Specialists of Northwest Arkansas where she is part of the physician team. Her primary responsibility is caring for dialysis patients. Ray earned both a Master of Science and Candra Ray Bachelor of Science in Nursing from UAMS and an Associate of Applied Science in Nursing from Northwest Arkansas Community College. She is a certified Family Nurse Practitioner.
UAMS Orthopaedics Dedicates One-Stop Clinic for Upper Extremity Amputees LITTLE ROCK - Patients with amputations to their fingers, hands and arms can receive care from a specialized physician, occupational therapist and prosthetist all under one roof at the University of
PUBLISHER Pamela Z. Haskins firstname.lastname@example.org EDITOR Pepper Jeter email@example.com ADVERTISING SALES 501.247.9189 firstname.lastname@example.org CREATIVE DIRECTOR Susan Graham email@example.com GRAPHIC DESIGNERS Susan Graham, Katy Barrett-Alley CONTRIBUTING WRITERS Becky Gillette
All editorial submissions and press releases should be sent to firstname.lastname@example.org Subscription requests can be mailed to the address below or emailed to email@example.com.
Arkansas Medical News is now privately owned by Ziggy Productions, LLC. P O Box 1842 Memphis, TN 38101- 1842 President: Pamela Z. Haskins Vice President: Patrick Rains Reproduction in whole or in part without written permission is prohibited. Arkansas Medical News will assume no responsibility for unsolicited materials. All letters sent to Arkansas Medical News will be considered the newspaper’s property and unconditionally assigned to Arkansas Medical News for publication and copyright purposes.
Arkansas for Medical Sciences (UAMS) Autumn Road Orthopaedics Clinic. Once a month, this multidisciplinary team will focus on upper extremity amputations so patients can be seen by a doctor, have their needs assessed by an occupational therapist, and be fitted for a wide range of the latest available prosthetics, streamlining their need to make multiple trips. Fellowship-trained upper extremity surgeons Mark Tait, M.D., and John W. Bracey, M.D., are part of the team, along with occupational therapist Angela Green and an upper extremity prosthetist who will fly in from out of state. Together, they will provide a level of upper extremity care unique in Arkansas. The clinic is for anyone with an upper limb amputation, including: multiple fingers, partial hand, full hand, below the elbow, above the elbow and into the shoulder. The amputation could be recent or several years or decades in the past. The occupational therapist will assess the patient’s needs and provide referrals for any necessary follow-up therapy close to the patient’s hometown. The prosthetist will provide information on a range of options that might be best suited for the patient’s goals. These include myoelectric-controlled prostheses, which allow the wearer to control the prosthetic device by using muscle contractions in the residual arm, and body-powered prostheses, which function by using movements elsewhere in the body to allow the patient to extend the arm or grasp an object, for example.
Kindred Healthcare, Mercy Fort Smith Announce Plans for Inpatient Rehabilitation Hospital FORT SMITH - Rehabilitation services in the Fort Smith region are about to get a major upgrade. Kindred Healthcare, LLC and Mercy announced that they have signed a definitive agreement and created a joint venture to construct and operate a 40bed inpatient rehabilitation hospital. Groundbreaking is expected in the fall, subject to regulatory and other approvals, with construction expected to take 12 to 13 months. A location is being determined for the facility projected to be 49,000 square feet and cost $23 million. Kindred will manage day-to-day operations of Mercy Rehabilitation Hospital Fort Smith. The new hospital will care for adults recovering from conditions such as stroke, neurological disease, injury to the brain or spinal cord and other debilitating illnesses or injuries. Kindred and Mercy are also partners for rehab hospitals in Oklahoma City, St. Louis and Springfield, Missouri. Currently, Mercy operates an inpatient rehab facility within Mercy Hospital Fort Smith. Mercy also offers a full complement of outpatient rehab services.
OFFICE FOR CIVIL RIGHTS OFFERS CLARIFICATION OF DIRECT LIABILITY FOR BUSINESS ASSOCIATES UNDER HIPAA On May 24, 2019, the Department of Health and Human Services (HHS)’s Office for Civil Rights (OCR) issued clarification on all instances through which a business associate can be held directly liable for compliance with certain requirements of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (“HIPAA Rules”). The HIPAA Privacy Rule and Business Associates A business associate is a person or organization, other than a member of a covered entity’s workforce that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involves the use or disclosure of protected health information (PHI). Business associate services to a covered entity are limited to legal, actuarial, accounting, consulting, data aggregation, manageThe Authors: ment, administrative, accreditation, or financial services. However, persons or organizations are not considered business associates if their functions or services do not involve the use or disclosure of protected health information, and where any access to protected health information by such persons would be incidental, if at all. When a covered entity engages with a business associate, the Privacy Rule requires that the covered entity include certain protections for the information in a business associate agreement. In the business associate agreement, a covered entity must impose specified written safeguards on the individually identifiable health information used or disclosed by its business associates.
Lynda M. Johnson, Partner
Direct Business Associate Liability Under HIPAA Rules Congress enacted the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009, making business associates of covered entities directly liable for compliance with certain requirements of the HIPAA Rules. As directed in HITECH, OCR issued a final rule in 2013 to modify the HIPAA Rules to add provisions that apply directly to business associates. This new factsheet is a clarification of these provisions. As set forth in the HITECH Act and OCR’s 2013 Final Rule, OCR has authority to take enforcement action against business associates only for those requirements and prohibitions of the HIPAA Rules as set forth below.
Timothy C. Ezell, Partner
1. Failure to provide the Secretary with records and compliance reports; cooperate with complaint investigations and compliance reviews; and permit access by the Secretary to information, including PHI, pertinent to determining compliance. 2. Taking any retaliatory action against any individual or other person for filing a HIPAA complaint, participating in an investigation or other enforcement process, or opposing an act or practice that is unlawful under the HIPAA Rules.
Amie K. Alexander, Associate
3. Failure to comply with the requirements of the Security Rule. 4. Failure to provide breach notification to a covered entity or another business associate. 5. Impermissible uses and disclosures of PHI. 6. Failure to disclose a copy of electronic PHI to either the covered entity, the individual, or the individual’s designee (whichever is specified in the business associate agreement) to satisfy a covered entity’s obligations regarding the form and format, and the time and manner of access under HIPAA Rules. 7. Failure to make reasonable efforts to limit PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. 8. Failure, in certain circumstances, to provide an accounting of disclosures. 9. Failure to enter into business associate agreements with subcontractors that create or receive PHI on their behalf, and failure to comply with the implementation specifications for such agreements. 10. Failure to take reasonable steps to address a material breach or violation of the subcontractor’s business associate agreement. Enforcement actions against business associates by OCR has been on the rise. Since direct liability for business associates was established and extended in the 2013 Final Rule, there was little clarity as to whether OCR would pursue actions against the business associate, covered entity, or both for violations, and if so, the types of violations OCR would enforce against business associates. This guidance from OCR serves as an important tool to business associates to avoid potential liability under the HIPAA Rules by complying with and documenting the requirements outlined above.
Arkansas Medical News July-August 2019