Healthcare compliances training and discussion blog

The Occupational Safety and Health Administration has cited and fined two Colorado companies for a dozen serious violations in the wake of a construction worker’s death at Village at the Peaks in August.

Tereso Zamarippa-Hernandez, 39, died after falling 15 feet through a hole in a roof and landing on concrete. Zamarippa-Hernandez was pronounced dead at the scene on Aug 31.

Erie-based Ramos Roofing, Zamarippa-Hernandez’ employer, was fined $11,460 for not having a safety program in place to check for the presence of holes and protecting employees from falling or tripping, according to OSHA.

Ramos was also cited for not properly training employees on safe ladder and stairway usage.

Colorado Springs-based Colorado Structures Incorporated was fined $12,775 for not initiating and maintaining a safety program to provide frequent and regular inspections of jobsites, materials and equipment, exposing workers to fall hazards. Ramos Roofing was also cited, OSHA an representative said.

OSHA cited both companies for not properly illuminating job sites and not properly securing and marking covers and making sure they were substantial enough to support employees.

Longmont police said at the time of the incident that Zamarippa-Hernandez fell through the hole in the roof before the sun had risen, and investigators didn’t find any flashlights on site.

OSHA determined the 12 violations between the two companies to be “serious,” documents show.

Ramos Roofing owner Alfredo Ramos said that he is working to reinforce safety policies but added that his company already had safety procedures in place at the time of the accident.

“We have a safety policy that encompasses everything currently,” Ramos said. “But we are going to reinforce and strengthen them. We are working with a safety consulting firm that is going to be a second set of eyes.”

Ramos declined to comment further but added that $30,000 was raised to help family members of Zamarippa-Hernandez in the immediate aftermath of the accident.

Attempts to reach CSI president Gabe Godwin via phone and email on Wednesday weren’t successful. A receptionist at the company said he was out of the office on Wednesday.

Newmark Merrill Mountain States, the property developer, had not responded to a request for comment as of Wednesday afternoon.

Herb Gibson, area director for the OSHA Denver Area Office, said both companies are working with OSHA to resolve the issues, and the companies have abated the hazards OSHA identified during its investigation.

He urged employers to visit to get information on fall protection. He said fall protection is the number one priority in Colorado, and a local program has been in place for about 10 years.

“There’s an amazing amount of information on the website,” he said. “We would like employers to have a comprehensive (fall protection) program in place to ensure employees are protected.”

John Bear: 303-684-5212, or

On November 30, 2015 the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced the settlement of potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”) by TRIPLE-S Management Corporation (“TRIPLE-S”).  TRIPLE-S agreed to pay $3.5 million to resolve the allegations and will adopt a robust corrective action plan to correct its past deficiencies. (Click here to view the Resolution Agreement and Corrective Action Plan.)

“OCR remains committed to strong enforcement of the HIPAA Rules,” said OCR Director Jocelyn Samuels. “This case sends an important message for HIPAA Covered Entities not only about compliance with the requirements of the Security Rule, including risk analysis, but compliance with the requirements of the Privacy Rule, including those addressing business associate agreements and the minimum necessary use of protected health information.”

TRIPLE-S, an insurance holding company based in Puerto Rico, provides a wide range of insurance products and services to residents through its multiple subsidiaries.  Beginning in November 2010 and concluding in August 2015, TRIPLE-S reported the first of five breaches impacting 500 or more individuals and two breaches impacting less than 500 individuals.  TRIPLE-S fully cooperated in the investigations conducted by HHS-OCR.

OCR’s investigations indicated widespread non-compliance that resulted in unsecured protected health information (PHI) breaches including:

  • Failure to implement appropriate administrative, physical, and technical safeguards to protect PHI;
  • Impermissible disclosure of PHI to an outside vendor with which it did not have an appropriate Business Associate Agreement (“BAA”);
  • Use or disclosure of more PHI than necessary to conduct its business;
  • Failure to conduct an accurate and through risk assessment that incorporates all IT equipment, applications, and data systems utilizing PHI; and
  • Failure to implement security measures sufficient to reduce the risk to its ePHI to a reasonable and appropriate level.

Facts behind the breaches:

  • Two former TRIPLE-S employees were able to access restricted areas of the company’s database containing PHI because their access rights were not terminated upon leaving employment.
  • Twice an outside vendor disclosed PHI on a pamphlet that was mailed to beneficiaries.  TRIPLE-S did not have a BAA with the vendor.
  • A former employee copied PHI onto a CD and subsequently downloaded the protected information onto a computer at his new employer.
  • Staff placed the incorrect member ID card in mailing envelopes, resulting in beneficiaries receiving the member ID card of another individual.
  • Health Plan Identification numbers were placed on labels used in a mailing to beneficiaries.
  • A preventative mailing was sent to beneficiaries that included PHI for another member on the back of the letter.

The settlement requires TRIPLE-S to establish a comprehensive compliance program that includes:

  • A risk analysis and risk management plan;
  • A process to evaluate and address any environmental or operational changes that affect the security of the ePHI it holds;
  • Policies and procedures to facilitate compliance with requirements of the HIPAA Rules; and
  • A training program covering the requirements of the Privacy, Security, and Breach Notification Rules, intended to be used for all employees and business associates providing services on TRIPLE-S premises.

Terms of the settlement require the company to be monitored by OCR for three-year period and following that term, TRIPLE-S will be obligated to provide OCR all documents and records related to compliance with the settlement for six years. This settlement illustrates OCR’s heightened scrutiny of Business Associate Agreements and third-party vendor relationships.  A company’s PHI safeguards are only as strong as the safeguards of the vendors with whom the company does business.  Covered entities must exercise due diligence in the selection of third-party vendors, review the vendor’s cyber security and data breach plans, ensure that BAAs are in place and are being followed, review contractual obligations, and require audits of PHI safeguards.  It sounds as if there will be many more enforcements of this nature to follow.


Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan.

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) first received a HIPAA breach notification from Lahey in October 2011 upon Lahey’s discovery of a stolen laptop.  The laptop in question operated a portable CT scanner and produced images for viewing through Lahey’s radiology information system.  Its hard drive contained unencrypted electronic Protected Health Information (ePHI) of 599 individuals.  OCR investigated the breach and found that Lahey failed to: conduct a thorough risk analysis; safeguard the workstation associated with the CT scanner; and maintain certain required policies and procedures, among other deficiencies.

In addition to agreeing to pay $850,000, Lahey entered into a corrective action plan that will remain in place for 2 years.  The corrective action plan requires Lahey to take certain steps to improve HIPAA compliance.  Specifically, Lahey must conduct a risk analysis, develop and revise certain policies and procedures, train its workforce, alert OCR of instances of suspected noncompliance, and issue annual reports to OCR regarding HIPAA compliance.  Regarding Lahey’s settlement, OCR Director Jocelyn Samuels commented that “it is essential that covered entities apply appropriate protections to workstations associated with medical devices such as diagnostic or laboratory equipment.  Because these workstations often contain ePHI and are highly portable, such ePHI must be considered during an entity’s risk analysis, and entities must ensure that necessary safeguards that conform to HIPAA’s standards are in place.”


Learning in a laptop classroom depends on how instructors provide their students with the most effective learning environment.

Following is a list of 10 strategies to help teachers manage a class when kids and laptops are combined. These tips will help you improve students’ attentiveness, engagement, and learning when using a laptop.

10 Tips to help you manage your laptop classroom

  1. Arrange the desks so you can see their screens by just walking around
  2. Predefine specific times when laptops are permitted, and others when they’re not
  3. Walk around frequently
  4. Announce shifts, to allow students to save their work
  5. Make sure students turn off the laptop sound off at the beginning of class.
  6. Give a five minute warning prior to the end of class
  7. Use timers that tick loudly
  8. Establish consequences for inappropriate laptop use
  9. Create a class tech team
  10. Have students sign out the laptops each time they use one

LMS Buying Tips (Infographic)

With more and more organisations using technology-enabled learning for their L&D initiatives, the Learning Management System is no longer a good-to-have tool, but rather a ‘must-have’ for providing training, information and performance support to learners.

However, making the right choice while selecting and buying an LMS is quite challenging; it calls for detailed understanding of the business requirement and careful planning, amongst other considerations. The large number of LMSs available in the market today further add to this challenge. Here are a few tips that will help you in buying the right LMS for your organisation.

Do share your thoughts and comments on this infographic.

1With the temperature waning to as low as minus 23 degrees or shrink beyond 25 degrees below the average temperatures, it is time to cuddle your children and spend some good quality time with them. In Oklahoma, the schools were closed and even some of the businesses closed their offices considering the safety of their employees. While you survive one of the coldest winters, something that has not been experienced over past 10 years, would it be advisable to drive your children to the activity centers or the nearby learning centers?

If you feel that your child’s future is your top most concern, well, here is a God sent opportunity that you can actually convert into a once in a lifetime experience. Wondering how would you do that?

Why go out and risk your lives when PracTutor brings a real awesome adaptive learning platform to you.

All you need to do is just enroll and prepare your children to get ahead.

Here are a few key facts about learning math and how learning math online is more practical than the traditional classroom math education:

  • The present day global standardized test scores prove that American students are not ready to compete on the global platform and one of the main reasons for the same is the lack of math skills.
  • There is a fundamental lack of math teachers all across the nation.
  • The adults competing for their careers find lack of math skills as a top most hindrance factor.
  • Math education is facing absolute crisis on multiple levels in teaching as well as learning segments.
  • Basic math fundamentals cannot and will not change, however, the traditional methods to teach math must change if we have to provide better understanding and skills to our students.
  • The universities that implement math learning online attract more students who are adults and struggling for brighter career opportunities.
  • Almost all technology critics agree that online learning is shaping the future of teaching and learning for good.
  • With experiments conducted using traditional learning and online learning, conclusions are that online learning imparts better perspective and gives deeper and clear understanding of the concepts.
  • As online math involves real time dynamic examples, (change of shapes, figures, variables, angles, etc) students find it to be fun while they actually learn. The little challenges that adaptive learning platforms bring in between the tutorials, challenge the students’ minds for deeper contemplation.
  • Another experiment was conducted to observe if learning math online did improve the skill set of the students. It was concluded that the students from traditional learning class and online learners both groups did equally well with easy math problems. However, when the students were given more complex and tough problems, the group of online math learners performed extensively better than the students who were taught in a traditional classroom.
  • The visual evidence that provides more scope to find how concepts work is practically impossible in a traditional classroom.
  • A few more advantages that interactive learning has over traditional learning are:
    • It is based on student’s individual capability
    • It gives student the authority to pace his learning
    • It does not get frustrated while explaining the same concept over and over till the student feels perfectly conversant with it (is virtually unlimited)
    • It keeps students attentive, curious and interested in math
    • It gives instant and personalized feedbacks and encouragements

Apart from the advantages mentioned above, we are certain that though the traditional methods has been developed after years of hard work and research, they do not match up the present day challenges.

The world has become a global village that has abundance of resources available right at your fingertips.

Can you possibly do justice to your children by depriving them the whole bunch of goodness that adaptive learning provides?

Can you afford to keep your children acquainted to the only traditional coaching when the rest of the world marches ahead towards a glorious tomorrow by embracing the blessings of the modern day technology?

Of course, you must spend some quality time with your children having fun while they learn. Will it not be kind of awesome to cuddle him, hold his hand, and lead him to learn (while you can still smell his hair)?

Yes, with such fabulous advantages of learning Math online, who knows you might just encourage your child to fall in love with Math and be a mathematician, Amen!

About PracTutor

PracTutor is a customized learning and practice environment to help students in Grades 1 to 8 master Math and English. We provide 1-to-1 mentoring for each student. We make the learning fun by introducing gamification and help parents and teachers track progress and get alerts whenever they need help.

For More Visit

A lot of confusion has been raised regarding the compliance of cloud to the HIPAA. On the contrary, the healthcare community itself is not very sure of it and is looking at it as a double edged sword. The cloud presents you a shimmering picture of cost-effective option. It provides you a solution due to which analyzing massive data and the ability to store will become affordable. But the other side seems be bleaker as there are many who are yet to come to terms with this new rule-set of HIPAA, especially those that are now part of the recently published HIPPA omnibus rule. It is better to dig deeper on this to understand instead of merely speculating on the fringes whether to migrate or not to the cloud?

The omnibus rule that was put forth in the last month has further tightened the grip of HIPAA on those who are entrusted with responsibility of protecting the health information.The rule also has increased penalty on the business associates and covered entities, who fail to comply with the HIPAA. At present, there a lot of misconceptions as well as fear regarding use of the cloud. As a result many healthcare organizations and health service providers are shying away from switching over to the cloud. Not taking rescue under the in the latest cloud technology umbrella might result in loss a good deal in terms of both compliance and finances for organizations that wish to play safe.

Can Cloud Computing Really Rescue Health Care And Make It HIPAA Compliant?

Recent times has revealed to the health care sector the various weird and amazing ways in which data breaches can occur and do occur. Many times it occurs due to infrastructure loss, physical theft, or due to sheer negligence (when someone forgets a laptop or forgets to shutdown their PC).

The above scenario of data exploitation and data theft is easily manageable through use of cloud technology. Cloud computing can be more helpful in such cases because herein you can stop the breaches by using services of physical security policies such as the Amazon wherein all the things that can be carried out with the data can be published. Cloud technology is most certainly is far more efficient than what a single group running its infrastructure can accomplish after a lot of personal investment. Of course, reduction in the amount of health data breach is the first benefit of cloud computing.

Deft monitoring of security and the privacy of the infrastructure through automation is the second benefit of cloud. Basically, when the infrastructure program is being written, the infrastructure is coded and thousands of tests are conducted on various levels. Such through levels of tested programs provide a secure base that everything is done in order to automate the expected results and that the infrastructure automatically works the way in which you want it to. Hence, when things start showing changes in the infrastructure code you immediately smell smoke and try to find out the reason for it. Trying to search for the reason for changes in your infrastructure ultimately makes you provide more security to your data.

HIPAA omnibus rule has placed great emphasis on the factors that can risk the health data and the breach notifications. The cloud services developers provide you with the documentations that carry highly detailed processing systems due to which remaining HIPAA compliant as well as cost-efficient does not seem as uphill task. All the instructions that are part of the cloud computing program are written in plain and simple readable English which can be easily defined by anybody in the health business. This gives the HIPAA operators full knowledge about the compliance and non-compliance and related decision. It also helps even the non-technical staff to gain an insight into overall work pertaining to the HIPAA compliance owing to which the overall efficiency of an organization is certain to elevate.

Only six months are left for the covered entities and the partners to become HIPAA compliant and hence it is important that they take steps to understand these benefits of the new cloud computing.

Data breaches in health sector have been damaging the credibility of many health institutions and many times the culprits were left untracked as they were much smarter than the security system of the institutions. Shifting to the cloud is a major decision, which can be taken by the entities only when they thoroughly understand its contribution in lessening the burden of finance as well as maintaining to the strict rules of the HIPAA compliance.

One wonders, what is keeping these people at the fences when one way or the other they are not left with any other alternative than to migrate to the cloud!

About emPower
emPower  is a leading provider of comprehensive Healthcare Compliance Solutions through Learning Management System (LMS). Its mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. empower provides range of courses to manage compliance required by regulatory bodies such as OSHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Its Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing the portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit

Media Contact (emPower)
Jason Gaya

Tag Cloud