Client Resources

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to protect the privacy of patient information. HIPAA has two rules:
 The Privacy Rule -General guidelines related to Protected Health Information (PHI) and
 The Security Rule -Much shorter rule that applies specifically to electronic PHI (ePHI or EPHI)

Who does HIPAA apply to?

Both Covered Entities (CEs) and their Business Associates (BAs) must comply.

What is a Covered Entity?

A Covered Entity is any individual or entity who provides treatment, payment or operations in healthcare. More specifically, Covered Entities are: (1) health plans, (2) health care clearinghouses, and (3) health care providers. A Health Care Provider is, of course, a provider of medical or health services. A Health Plan is an entity that pays the cost of medical care, such as insurance plans, HMOs, and Medicare. Health Care Clearinghouses take in information from a
healthcare entity, process the data into a standard format, and then output the information to another healthcare entity.

What is a Business Associate?

A Business Associate is any individual or entity that creates, receives, maintains or transmits Protected Health Information (PHI) to perform certain functions or activities on behalf of a Covered Entity – regardless of whether the services are related to health care services or whether the Business Associate will actually view the PHI. For example, companies that transmit or store PHI, such as cloud storage providers and Internet service providers, are
Business Associates. As further examples, business associates also include: individuals and entities that provide patient safety activities; health information exchanges, e-prescribing gateways, and other individuals or entities providing data transmission services to a Covered
Entity regarding PHI; and individuals or entities that offer personal health records to individuals on behalf of a Covered Entity.

What is a Business Associate Agreement?

A Business Associate Agreement is a contract between a Covered Entity and a Business Associate, or between a Business Associate and a Subcontractor Business Associate, that sets forth each party’s responsibilities with respect to compliance with the Health Insurance Portability and Accountability Act (HIPAA). Not having a BAA does not mean the parties don’thave to comply with HIPAA; to the contrary, failure to have a required BAA is itself a violation of HIPAA.

Who needs a Business Associate Agreement?

Covered Entities must have a Business Associate (BAA) in place with each of their Business Associates. Business Associates, in turn, must have a BAA in place with each of their subcontractors who create, receive, maintain or transmit PHI on their behalf.

What is a Subcontractor Business Associate?

A Subcontractor Business Associate is any person to whom a Business Associate delegates a function, activity or service, other than as a member of the Business Associate’s workforce, and who will create, receive, maintain or transmit PHI on the Business Associate’s behalf.

Does a student trainee for a healthcare provider need to sign a Business Associate Agreement
with the provider?

No. Often students in a medical, nursing, or other health program will work for a healthcare provider as part of a work-study requirement for their program. If the healthcare provider treats such students as “trainees”, then the students are considered to be part of the provider’s
workforce and they do not have to sign a BAA with the provider. The provider must train the students in HIPAA compliance and the students must agree to follow the provider’s privacy, security and confidentiality policies. This allows the students to receive PHI in connection with their work for the provider. However, the student’s school and supervisors must not receive any access to PHI.

Who enforces HIPAA?

U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcement and imposing civil monetary penalties, however, appropriate cases involving the knowing disclosure of or obtaining of PHI are referred to the Department of Justice who is responsible for prosecuting criminal violations of HIPAA.

What is OCRs enforcement process?

OCR enforces the HIPAA Rules by investigating written complaints filed with OCR, either on paper, by e-mail, or through its complaint portal. OCR also conducts compliance reviews of circumstances brought to its attention, to determine if covered entities or business associates are in compliance with the Rules. In addition, OCR’s compliance activities include conducting audits and providing education and outreach to foster compliance with the Rules’
requirements, which are discussed later in the report. When necessary, OCR has authority to issue subpoenas to compel cooperation with an investigation.

https://www.hhs.gov/sites/default/files/compliance-report-to-congress-2015-2016-2017.pdf

What are the civil penalties for HIPAA violations?

The HITECH Act established four categories of HIPAA violations: (1) the person did not know and, with reasonable diligence, would not have known that they violated HIPAA; (2) the person knew of the violation but it was not due to willful neglect; (3) the violation was due to willful neglect but it was timely corrected; and (4) the violation was due to willful neglect and it was not timely corrected. In 2013, HHS adopted a rule that the maximum penalty per year for all violations of the same HIPAA provision would be $1.5 million, regardless of which category the violation fell into. HHS has now decided that the 2013 rule was not the best reading of the statute. Using their enforcement discretion, they will now observe the following penalty caps
for each category of violation: (1) $25,000 per year; (2) $100,000 per year; (3) $250,000 per year; (4) $1,500,000 per year.

What are the criminal penalties for HIPAA violations?

The statute prescribes a tiered penalty scheme ranging from misdemeanors punishable by a fine of not more than $50,000 and/or imprisonment for not more than one year to the highest penalties of a fine of not more than $250,000 and/or imprisonment of not more than ten years—for those offenses committed; “with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm.”§
1320d-6(b)(3).

What are examples of unintentional violations?

 Improper disposal of old computers and backup tapes
 Inadequate physical protection of computers or network containing ePHI
 Leaving detailed PHI in a voicemail message
 Sending unencrypted ePHI in an email
 Blogging/Facebooking/Tweeting about a patient situation -even if done anonymously
 Careless handling of user names and passwords
 Inadequate network firewall
 Exposing EMR systems to malicious code / malware when connecting to the internet
 Failing to maintain compliance BAAs
 Allowing clients or visitors to be near unattended and unlocked computers

What are examples of intentional violations?

 Accessing or using ePHI without having a legitimate need to do so
 Allowing another employee to utilize any systems via your password
 Disclosure of PHI to an unauthorized individual
 Sale of PHI to any source
 Storing or accessing ePHI on an insecure website or cloud-based EMR
 Connecting unapproved devices to the network
 Downloading PHI on to personal devices

 Failing to encrypt ePHI before transport (physical or electronic)

 Misuse of confidential patient information for personal use

 Deliberately compromising EMR security measures

 Stealing PHI

Does the HIPAA Privacy Rule allow parents the right to see their children’s medical records?

Yes, the Privacy Rule generally allows a parent to have access to the medical records about his or her child, as his or her minor child’s personal representative when such access is not inconsistent with State or other law. There are three situations when the parent would not be the minor’s personal representative under the Privacy Rule. These exceptions are:
1. When the minor is the one who consents to care and the consent of the parent is not required under State or other applicable law;
2. When the minor obtains care at the direction of a court or a person appointed by the court; and
3. When, and to the extent that, the parent agrees that the minor and the health care provider may have a confidential relationship.
However, even in these exceptional situations, the parent may have access to the medical records of the minor related to this treatment when State or other applicable law requires or permits such parental access. Parental access would be denied when State or other law prohibits such access. If State or other applicable law is silent on a parent’s right of access in these cases, the licensed health care provider may exercise his or her professional judgment to the extent allowed by law to grant or deny parental access to the minor’s medical information. Finally, as is the case with respect to all personal representatives under the Privacy Rule, a provider may choose not to treat a parent as a personal representative when the provider
reasonably believes, in his or her professional judgment, that the child has been or may be subjected to domestic violence, abuse or neglect, or that treating the parent as the child’s personal representative could endanger the child.
https://www.hhs.gov/hipaa/for-professionals/faq/227/can-i-access-medical-record-if-i-have-power-of-attorney/index.html

When an individual reaches the age of majority or becomes emancipated, who controls the
protected health information concerning health care services rendered while the individual
was an unemancipated minor?

The individual who is the subject of the protected health information can exercise all rights granted by the HIPAA Privacy Rule with respect to all protected health information about him or her, including information obtained while the individual was an unemancipated minor consistent with State or other law. Generally, the parent would no longer be the personal representative of his or her child once the child reaches the age of majority or becomes
emancipated, and therefore, would no longer control the health information about his or her child. Of course, any individual can have a personal representative – which may include a parent – who can exercise rights on his or her behalf.
https://www.hhs.gov/hipaa/for-professionals/faq/230/is-parent-rep-once-child-reaches-age-maturity/index.html

May a covered entity that is not a party to a legal proceeding disclose protected health
information in response to a subpoena, discovery request, or other lawful process that is not
accompanied by a court order?

Yes, if certain conditions are met. A covered entity that is not a party to litigation, such as where the covered entity is neither a plaintiff nor a defendant, may disclose protected health information in response to a subpoena, discovery request, or other lawful process, that is not accompanied by a court order, provided that the covered entity:
Receives a written statement and accompanying documentation from the party seeking the information that reasonable efforts have been made either (1) to ensure that the individual(s) who are the subject of the information have been notified of the request, or (2) to secure a qualified protective order for the information; or Itself makes reasonable efforts either (1) to provide notice to the individual(s) that meets the
same requirements as set forth below for sufficient notice by the party making the request, or (2) to seek a qualified protective order as defined below. See 45 CFR 164.512(e). The covered entity must make reasonable efforts to limit the protected health information
used or disclosed to the minimum necessary to respond to the request. See 45 CFR 164.502(b) and 164.514(d). The requirement to provide sufficient notice to the individual(s) is met when a party provides a written statement and accompanying documentation that demonstrates:
A good faith attempt was made to notify the individual (or if the individual’s location is unknown, to mail a notice to the individual’s last known address);
The notice included sufficient detail to permit the individual to raise an objection with the court or administrative tribunal; and The time for the individual to raise objections under the rules of the court or tribunal has lapsed and no objections were filed or all objections filed by the individual have been resolved by the court and the disclosures being sought are consistent with the resolution.

A qualified protective order is an order of a court or administrative tribunal or a stipulation by the parties that prohibits the parties from using or disclosing the protected health information for any purpose other than the litigation or proceeding for which such information was requested; and requires the return to the covered entity or destruction of the protected health information (including any copies) at the end of the litigation or proceeding. The party requesting the information must provide a written statement and accompanying documentation that demonstrates:
 The parties to the dispute have agreed to a qualified protective order and have presented it to the court or administrative tribunal; or
 The party seeking the protected health information has requested a qualified protective order from the court or administrative tribunal.
https://www.hhs.gov/hipaa/for-professionals/faq/711/may-a-covered-entity-not-party-to-legal-proceedings-disclose-information-by-courtorder/index.html

What “satisfactory assurances” must a covered entity that is not a party to the litigation
receive before it may respond to a subpoena without a court order?

Under 45 CFR 164.512(e)(1)(ii) of the Privacy Rule, a covered entity that is not a party to the litigation may disclose protected health information in response to a subpoena, discovery request, or other lawful process if the covered entity receives certain satisfactory assurances from the party seeking the information. Specifically, the covered entity must receive a written statement and accompanying documentation that the requestor has made reasonable efforts either (1) to ensure that the individual(s) who are the subject of the information have been
given sufficient notice of the request, or (2) to secure a qualified protective order. (Alternatively, the covered entity may make such disclosures if it itself makes reasonable efforts to notify the individual(s) or seek a qualified protective order.) If the conditions above have been met, a court order is not required to make the disclosure. For notice to the individual(s), the written statement and accompanying documentation must demonstrate that the requestor has made a good faith attempt to provide written notice to the individual; and that the notice included sufficient information about the litigation to permit the individual to raise an objection with the court, the time for the individual to raise an objection has elapsed, and no objections were filed or all objections filed were resolved and the request is consistent with the resolution. Such statements and documentation may include, for
example, a copy of the notice mailed to the individual that includes instructions for raising an objection with the court and the deadline for doing so, and a written statement or other documentation demonstrating that no objections were raised or all objections raised were resolved and the request is consistent with the resolution. To the extent that the subpoena or other request itself demonstrates the above elements, no additional documentation is
required. For a qualified protective order, the written statement and accompanying documentation must demonstrate that the parties to the dispute have agreed to a qualified protective order and have presented it to the court or administrative tribunal; or the party seeking the protected health information has requested a qualified protective order from the court or administrative tribunal. See the definition of “qualified protective order” at 45 CFR 164.512(e)(1)(v). Such statements and documentation may include, for example, a copy of the qualified protective order that the parties have agreed to and documentation or a statement that the order was presented to the court, or a copy of the motion to the court requesting a qualified protective
order. https://www.hhs.gov/hipaa/for-professionals/faq/706/what-satisfactory-assurances-must-a-covered-entity-receive-before-it-responds-to-a-subpoena/index.html

Does HIPAA have a breach notification requirement?

Yes. HIPAA has a very broad Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information

What is a definition of a breach?

A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:
1. The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
2. The unauthorized person who used the protected health information or to whom the disclosure was made;
3. Whether the protected health information was actually acquired or viewed; and
4. The extent to which the risk to the protected health information has been mitigated.
Covered entities and business associates, where applicable, have discretion to provide the required breach notifications following an impermissible use or disclosure without performing a risk assessment to determine the probability that the protected health information has been compromised.
https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

Are there exceptions to the definition of “breach”?

Yes, there are three exceptions to the definition of “breach.” The first exception applies to the unintentional acquisition, access, or use of protected health information by a workforce member or person acting under the authority of a covered entity or business associate, if such acquisition, access, or use was made in good faith and within the scope of authority. The second exception applies to the inadvertent disclosure of protected health information by a
person authorized to access protected health information at a covered entity or business associate to another person authorized to access protected health information at the covered entity or business associate, or organized health care arrangement in which the covered entity participates. In both cases, the information cannot be further used or disclosed in a manner not permitted by the Privacy Rule. The final exception applies if the covered entity or business associate has a good faith belief that the unauthorized person to whom the impermissible disclosure was made, would not have been able to retain the information. https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html

Who does 42 C.F.R. Part 2 apply to?

A Part 2 Program is a federally assisted programs that holds itself out as providing, and provides, substance use disorder diagnosis, treatment, or referral. This includes an identified unit or medical personnel or other staff within a general medical facility, but does not include the entire facility.

What is a Substance Use Disorder (SUD) under 42 C.F.R. Part 2?

A SUD is a cluster of cognitive, behavioral, and physiological symptoms indicating that the individual continues using the substance despite significant substance-related problems such as impaired, control, social impairment, risky use, and pharmacological tolerance and withdrawal which specifically excludes caffeine or tobacco.

Do I have to reserve my company’s name before I start my business?

No. It is a common misconception that registering or reserving a company name is necessary. A name reservation “holds” a name for you, before you create the business entity, so no one else can register a business with that name.  A name reservation is only good for a set period of time, after which time the name could be used by someone else, if you still haven’t registered the business. However, a name reservation is not necessary in most cases. The only reason to file a name reservation is if you’ve chosen the name but you aren’t ready to register the business yet –and you have reason to believe that someone else might take your name in the meantime.

Reserving a name is done by making a simple filing with the Secretary of State in the state where you plan to eventually form the company. However, this does not bring your company into official corporate existence, and you should not start doing business until you organize the company formally. In fact, formally organizing the company is the most effective way to “hold on” to a name, because once a company is organized, the Secretary of State will not allow another company of the same type to register under the same name in that state.

How do I form a new company?

The first step to create a new business entity is to register the company (also referred as “incorporating” or “organizing” the company) with the Secretary of State. (In a few states, the Department of Revenue handles company registrations instead of the Secretary of State.) Usually, you will do this in the state in which you will be doing business, but you can register your business in any state. Depending on what kind of corporate entity you choose (a corporation, a limited liability company, etc.), registration will involve filing a document called Articles of Incorporation or Articles of Organization
or a similar name.  Once the Secretary of State accepts and files your document, your company officially exists.
 
In some states, a lawyer has to sign the documents necessary to register the company. You should speak with an attorney before you start the process of forming your company, to make sure you comply with your state’s requirement.

What is a fictitious name registration?

Fictitious name registrations are also known as trade name or “d/b/a” (doing business as) registrations.  These registrations are a matter of local law; they are done at the city or county level, and the rules for them vary widely.  A fictitious name registration is appropriate if you create a corporate entity under one name but intend to operate your business under a different name.  For example, if Ann organizes a company called Ann’s Restaurants, LLC, but she calls her first restaurant “Souper Salads,” then Ann would need to file a fictitious name registration for “Souper Salads,” as this is her “d/b/a” name.  On the other hand, if Ann had organized her company with the name Souper Salads, LLC, then a fictitious name registration would not be necessary.

Do I need an EIN?

Usually, yes. While a federal tax Employer Identification Number is technically only required by the IRS when you plan to hire employees, it has become common practice for an EIN to be used as a business identifier for many other purposes. For instance, banks generally require an EIN to open an account for a new business. You can obtain an EIN online through the IRS website.

What else do I need to do after I register my
company?

In addition to organizing your company at the state level, you will likely need to obtain a business license from the city or county where you’re located.
 
You will need to obtain a federal tax ID number (also called an Employer Identification Number), even if you don’t plan to hire employees.
 
Depending on the nature of your business, you may need to register with the SC Department of Revenue (for example, for the collection of sales tax).
 
Before you hire employees, you will need to register as a “withholding agent” with the IRS and the SC Department of Revenue. SC also requires all employers to report newly hired employees within twenty days after the employee’s first day of work.
 
You should consider what kinds of liability insurance would best protect your business.
 
Finally, you should speak with your attorney about other internal documents and policies that you should have in writing. For example, a corporation should adopt Bylaws; a limited liability company should have an Operating Agreement. If you are a healthcare provider, you will need written policies and procedures addressing HIPAA. If you plan to hire employees, you should have a written Employee Handbook. Your attorney can help you determine what is necessary and appropriate for your business.

Are electronic signatures as effective as physical
signatures?

Yes, if done properly. A program such as HelloSign or DocuSign, which authenticate the identity of the person “signing” the document, should be used. Using an electronic signatures program also eliminates the need to keep large numbers of original documents.

What are “countersigned” and “counterpart”
documents?

A countersigned document is one where all of the parties to the document have signed on the same signature page. A counterpart document, by contrast, is one where each party to the document has signed on a separate signature page. The signature pages together constitute one complete, fully-executed document. Signing a contract in counterparts is faster and easier, as the parties don’t have to be in the same room when they sign or send the signature page back and forth in order to complete the execution.

What are representations and warranties?

Representations and warranties are statements of fact made by a party to a contract, usually about their qualifications or the state of their business. The other party is entitled to rely on these representations and warranties in making its decision to enter into the contract. If it is later determined that any of the representations or warranties weren’t true at the time the contract was signed, the party who made those untrue statements will be liable for breach of contract and possibly other damages; in some cases, the other party may have the right to terminate the contract. In a business acquisition, the
selling party will generally be required to make extension representations and warranties about its business. If you are the selling party, it is important to review the representations and warranties carefully and to disclose any information that would make them less than 100% accurate.

What is “due diligence”?

Due diligence is the process of learning about a person or entity with whom you plan to do business. It is an important part of any acquisition or merger between two or more companies. In an acquisition, the potential buyer will be granted access to the seller’s financial and other business records, so the buyer can determine if it wants to proceed with the acquisition. In a merger, both parties will examine the other party’s records so
they can mutually decide whether to merge. Lenders also conduct due diligence when deciding whether to loan money to a company. In all cases, the party receiving information must first agree to keep all the information confidential and not to use it for any purpose other than evaluating the proposed transaction. In addition to the business representatives, the due diligence process may involve lawyers, accountants, financial consultants, and other specialists.
 
If you are requested to provide information about your company for a proposed transaction, it is important that the information you provide is complete and correct. Concealing information can expose you to liability.

What is an LOI?

An LOI –short for “Letter of Intent” –is generally a non-binding document signed by two or more parties to memorialize their intentions regarding a proposed transaction. It will usually include only key business terms and will expressly contemplate that the parties will later negotiate a binding agreement, containing many more terms, to complete the transaction. It will often contain a clause that says the parties are not obligated to sign a
binding agreement or consummate the transaction, but they do have an obligation to negotiate the binding agreement in good faith, and it is understood that they will not try to change the terms set forth in the LOI, barring unforeseen circumstances.
 
An LOI can be binding if it expressly says it is. Often it will state that only specified paragraphs of the LOI, such as its confidentiality obligations, are binding even if the transaction isn’t consummated.
 
Executing an LOI is a way to ensure that the parties are on the same page with respect to the key terms of the transaction before their lawyers start the work of drafting the binding agreement.

What is an MOU?

An MOU –short for “Memorandum of Understanding” –is another name for an agreement between two or more parties. Unless it expressly says otherwise, it is a binding contract among the parties. Often government agencies prefer to call their contracts a “Memorandum of Understanding.” Sometimes people mistakenly believe that MOUs are not binding; for that reason, unless a government agency request it, it is generally preferable to use the unambiguous term “agreement”.

What is a “501(c)(3)” organization?

A 501(c)(3) organization is a nonprofit organization that has been recognized by the IRS as a tax-exempt public charity under Section 501(c)(3) of the Internal Revenue Code. There are other types of tax-exempt organizations recognized by the IRS, but 501(c)(3)
organizations are the most common. All 501(c)(3) organizations are nonprofits, but not all nonprofits are 501(c)(3)s!

Can a 501(c)(3) organization engage in lobbying?

To a limited extent, yes. A 501(c)(3) public charity may engage in “insubstantial” amounts of lobbying, unless the organization’s primary objective can only be achieved by adopting (or defeating) legislation, in which case even insubstantial amounts of lobbying are not permitted.

Lobbying means contacting, or urging the public to contact, members of a legislative body for the purpose of proposing, supporting, or opposing legislation; or advocating for the adoption or rejection of legislation. Lobbying can be done through direct communications with legislators or indirectly through the public (“grass roots” lobbying). “Legislation,” in turn, essentially means anything that gets voted on by a federal, state,
or local governing body.  It includes international laws (i.e., treaties) and public referendums.  It does not, however, include actions by executive, judicial, or
administrative bodies. Communicating with an official about proposed regulations, for example, is not lobbying.  Legislation also does not have to be currently pending for the lobbying rules to apply; as long as it is an appropriate subject for potential legislation, then attempts to influence it are considered lobbying.

Some specific activities are excluded from the definition of lobbying. Nonpartisan analysis or research may be considered educational, rather than a form of lobbying, if it is done independently and objectively, allows the public to form an independent conclusion from it, and is not distributed solely to individuals on one side of the issue. It’s not lobbying to testify in front of a committee, if you were officially invited by the committee to do so. It’s also not lobbying to provide technical advice to a governmental body, if you were officially requested to provide it, and as long as you share the advice with the entire body.

In determining whether lobbying activities are “substantial”, the IRS looks at several factors, including the overall nature of the lobbying activities and the amount of volunteer time devoted to it. If the IRS finds that an organization has engaged in “substantial” lobbying, its tax-exempt status will be revoked and it may be subject to a 5% excise tax on its lobbying expenditures.

To avoid the uncertainty around the definition of “substantial,” an organization can make a Section 501(h) election and subject its lobbying activities to a strict expenditure test. This 501(h) safe harbor allows most (but not all) 501(c)(3) organizations to spend specified dollar amounts on lobbying. The specific amount allowed depends on the size of the organization but cannot, in any event, be more than $1 million. If the organization spends more than the allowed amount, it will be subject to a 25% excise tax on the excess expenditures, and if the organization really goes overboard with its lobbying, it
can lose its tax-exempt status.

Can a nonprofit invest in stocks?

Yes. Nonprofits are allowed to invest in stocks, bonds, funds, and other typical investments. In addition, they’re allowed to accept in-kind donations of stock and other securities. However, there are a few special considerations:

• Nonprofits should have only a small holding in each company it invests in; specifically, they should avoid acquiring a controlling interest in any company.
• A nonprofit’s investment income should not constitute more than one-third of all of its income.
• The nonprofit should make sure it is complying with any restrictions placed on the use of funds by a donor or grantor.

Finally, nonprofits need to be prudent in their investments, sticking to low-risk, long-term, diverse investments, while still making sure they have access to cash for immediate needs. Adopting an investment policy is recommended.

Do I have to include any special provisions in my organizing documents to become a 501(c)(3)?

Yes. The IRS requires that your organizing document(i.e., your Articles of Incorporation) state your exempt purpose(s), such as charitable, religious, educational, and/or scientific purposes. The organizing document must also state that upon dissolution of your organization, your remaining assets must be used exclusively for exempt purposes. If you did not include these statements in your organizing document, you will need to amend it before you can apply for 501(c)(3) status. South Carolina provides a one-page form that meets these requirements, which you should fill out and attach to your organization’s Articles of Incorporation at the time you incorporate the organization.

How long will it take to get my 501(c)(3) application approve?

If you filed Form 1023EZ and the IRS does not require any additional information, you should receive a response within 4 weeks. If you filed Form 1023 and the IRS does not require any additional information, the standard turnaround time is 6 months.

What do I need to do before I apply for 501(c)(3) tax-exempt status?

In most situations, you will first incorporate your organization as a nonprofit corporation in the state where you plan to be based. (An organization does not have to be a corporation to apply for 501(c)(3) status, but most are.) You will need to obtain a federal tax identification number (EIN), just as any other business would. You should also appoint your directors and officers. It is recommended that you adopt Bylaws and a Conflict of Interest policy, as the IRS will ask about these items on the 501(c)(3) application. Finally, you should prepare a fairly robust business plan for your organization, including how you’re going to raise money and what kinds of activities you’re going to engage in. This information will be important for your 501(c)(3) application.

Can a 501(c)(3) organization engage in political activities?

No. 501(c)(3) organizations cannot participate in political activities at all.  More precisely, they cannot “participate in, or intervene in (including the publishing or distributing of statements), any political campaign on behalf of (or in opposition to) any candidate for public office.” The amount of participation is irrelevant; even $1 is prohibited.

Can I accept donations while my 501(c)(3) status is pending?

Yes. However, you cannot tell your donors that their donations will be tax-deductible during this period. Once you receive your tax-exempt status, it will be retroactive to the date you filed your application, so donations received after the filing date may be tax-deductible.

Does my organization have to file a federal tax return?

No. However, although your organization does not have to pay taxes, most tax-exempt organizations still have to file an annual report, called Form 990, with the IRS. (Smaller organizations may be able to file a simplified form, called 990-EZ or 990-N.) This form asks for basic information about your revenues and activities during the past year. If you fail to file the report for three consecutive years, you will automatically lose your tax- exempt status.

How does my nonprofit organization become tax-exempt?

You must apply to the IRS to be recognized as tax-exempt at the federal level. Once you receive your IRS tax-exemption, in most states you can send your tax-exemption letter to your state’s tax authority and you will be automatically recognized as tax-exempt at the state level as well.

Once I have my 501(c)(3) tax-exempt status, how do I keep it?

The IRS can revoke your tax-exempt status if you fail to comply with any of the following rules:
1. Annual reports: Most tax-exempt organizations must file an annual report, called Form 990, with the IRS. (Smaller organizations may be able to file a simplified form, called 990-EZ or 990-N.)
2. Public documents: You must make the following documents available for inspection by members of the public (posting them on your website is acceptable): Form 1023 (or 1023EZ), any correspondence with the IRS regarding your application, the letter from the IRS granting your tax-exempt status, and all annual reports.
3. Private Benefit and Inurement: Your organization must not engage in inurement or substantial private benefit.
4. Lobbying: Your organization must not engage in more than an “insubstantial” amount of lobbying.
5. Political Activity: Your organization must not engage in any political activity.
6. Unrelated Business Income:Your organization must file Form 990-T and pay taxes on any unrelated business income. Your organization also should not engage in a substantial amount of unrelated business activities.
7. Exempt Purpose: Your organization should continue to pursue its exempt purpose and to engage in the activities you told the IRS it was going to pursue. If its purpose or primary activities materially change, you should inform the IRS.

What information do I need to apply for 501(c)(3) tax-exempt status?

If you are able to apply using Form 1023EZ, you will only need to supply basic information about your organization and answer a series of Yes/No questions regarding the types of activities you intend to engage in and how you intend to finance your organization. If you have to apply using the full-length Form 1023, you will need to provide detailed descriptions of the activities you intend to engage in and how they further your exempt purpose, how you will raise and spend money (including a proposed Statement of Revenue and Expenses and a proposed Balance Sheet, for up to three years), and how you will compensate your officers and directors, among other items.

Can I apply for 501(c)(3) status after my organization has been operating for a while?
Yes. There is no time limit on when you can apply for tax-exempt status. However, if you have been operating for more than 27 months, you will need to provide information about the reason for your delay in applying.

What is unrelated business income?

“Unrelated business income” is income generated from activities that are unrelated to the exempt purpose of the organization. In other words, the activity itself does not contribute to accomplishing the organization’s exempt purpose, other than by generating income. Some examples of unrelated business activities include selling advertising space, leasing out real property owned by the organization, and selling merchandise.
 
If the income comes from a trade or business that is regularly carried on and that is not substantially related to the organization’s exempt purpose, then the organization will need to file Form 990-T and pay taxes on that income.
 
If your organization’s unrelated business activities are substantial in relation to your exempt purpose activities, you could lose your tax-exempt status.

Who can apply for 501(c)(3) tax-exempt status using Form 1023EZ?

Certain organizations can apply for tax-exempt status using a simplified form, called Form 1023EZ.  Unless your organization falls into a special excluded category, your organization will be able to apply using Form 1023EZ if your organization’s annual gross receipts in the last 3 years have not exceeded $50,000 and they are not expected to exceed $50,000 in the next 3 years, and if your organization does not have assets worth more than $250,000.

What is private benefit and inurement?

Tax-exempt organizations are supposed to serve the public interest. Therefore, a 501(c)(3) organization’s activities cannot serve the private interest, or “private benefit”, of any individual or entity more than insubstantially. The concept of “inurement” (another word for “benefit”) is similar. An organization’s earning may not benefit an individual who, because of the person’s relationship to the organization, has an opportunity to control or influence its activities(i.e., an “insider”). If a 501(c)(3) organization engages in inurement or substantial private benefit, it can lose its exemption. And insiders guilty of
inurement may be subject to an excise tax.

What kind of organizations are eligible to become 501(c)(3)s?

Organizations that are organized and operated exclusively for religious, charitable, scientific, educational, testing for public safety, or literary purposes, or to foster national or international amateur sports competition, or for the prevention of cruelty to children or animals are eligible to apply for 501(c)(3) tax-exempt status.

Are there forms we should use for FMLA leave?

Yes, you should use the forms provided by the US Department of Labor.
 
The first form you’ll use, after an employee requests FMLA leave, is “Notice of Eligibility and Rights and Responsibilities” (WH-381).
 
Then you can request that the employee provide a certification of their need for leave, using one of the “Certification” forms (the form they will use depends on the reason for the leave) (WH-380-E, WH-380-F, WH-384, WH-385, or WH-385V).
 
Finally, you’ll give them a “Designation Notice “indicating whether the leave was approved and the terms of the leave, such as whether they have to apply their paid leave (WH-382).
 
All of the forms can be downloaded here: HTTPs://www.dol.gov/whd/forms/index.htm

Can I require employees to use up their paid leave before they use FMLA leave?

Yes. Employers can handle this situation in two ways:
 
(1) You can require employees to use up their paid leave first, and then go on FMLA leave. In this case, they could take more than 12 weeks of leave at one time (the 12 weeks required by FMLA plus however much paid leave they’ve accrued).
 
(2) You can alternatively require employees to use their paid leave concurrently with their FMLA leave. In this case, they would be paid for the first portion of their leave (for however much paid leave they’ve accrued), but those paid days would count against the FMLA’s 12 weeks. So in total, they wouldn’t be absent more than 12 weeks at a time.
 
Your employee handbook should clearly state your policy on this.

What rights does the FMLA give to employees?

The Family and Medical Leave Act allows employees to take unpaid leave from work in the event of serious illness or other qualifying events. Prior to the law’s adoption in 1993, many employees were at risk of losing their jobs or their health benefits if they or a family member became seriously ill.

Employees are entitled to 12 weeks of unpaid leave in a 12-month period (or 26 weeks in a 12-month period for military caregiver leave). During FMLA leave, the employer must  maintain the employee’s coverage under its group health plan. After returning from FMLA leave, an employee must be returned to the same position or an equivalent position with equivalent benefits, pay and other terms of employment.
 
An employer cannot ask an employee to waive their rights under FMLA.

Which employers are required to comply with FMLA?
In the private sector, employers who employ 50 or more employees in 20 or more workweeks in the current or previous year are subject to FMLA.

Can I require an employee to take their FMLA all at once?

No. FMLA leave can be taken intermittently, if the health care provider certifying the need for leave indicates that intermittent leave is needed. It can be taken in the smallest increment of time in which the employer measures leave; for example, if paid time off can be taken in half-hour increments, then FMLA leave can be taken in half-hour increments as well.

What are the circumstances under which an employee can take FMLA leave?

An employee can take FMLA leave due to:
 
The birth of a child and to bond with the newborn child within one year of birth;
The placement with the employee of a child for adoption or foster care and to bond with the newly-placed child within one year of placement;
A serious health condition that makes the employee unable to perform the functions of his or her job, including incapacity due to pregnancy and for prenatal medical care;
To care for the employee’s spouse, child, or parent who has a serious health condition, including incapacity due to pregnancy and for prenatal medical care; or 
A qualifying exigency arising out of the fact that the employee’s spouse, child, or parent is a military member on covered active duty or called to covered active duty.
 
A “serious health condition” is an illness, injury, impairment, or physical or mental condition that involves inpatient care or continuing treatment by a health care provider. For all conditions, “incapacity” means inability to work, including being unable to perform any one of the essential functions of the employee’s position, or inability to attend school, or perform other regular daily activities due to the condition, treatment of the condition, or recovery from the condition.

Which employees are eligible for FMLA leave?

To be eligible for FMLA leave, an employee must:
Work for a FMLA-covered employer;
Have worked for the employer for at least 12 months (which need not be consecutive);
Have worked at least 1,250 hours during the 12-month period immediately preceding the commencement of the leave; and
Have worked at a location where at least 50 employees are employed by the employer within 75 miles of the site.

Who pays the employee’s health premiums during FMLA leave?

The employer and employee must each continue to pay their portion of the premiums as if the employee were not on leave. If the employee fails to pay their portion of the premium for more than 30 days, the employer can terminate their coverage. If the
employee fails to return to work after their FMLA leave, for any reason that is not covered by FMLA, the employer can demand that the employee repay those portions of the premiums that the employer paid during their leave. (For example, if the employee does not return to work after 12 weeks because they continue to be seriously ill, the employer cannot be reimbursed for any insurance premiums.)

What is a “non-compete”?

“Non-compete” is shorthand for a non-competition clause in a contract, often an employment agreement. A company’s employees have access to valuable proprietary related to the company’s customers and business operations, and this information could be used to compete against the company. A non-compete clause therefore prohibits an individual from competing against their former employer for a period of time after their employment ends. The scope of the non-compete can vary by geographic distance, length of time, and type of activities that are prohibited. The purpose of a non-compete is not to prevent the individual from making a living, but rather to prevent the individual from unfairly using a company’s proprietary information to compete against it.

What can I do to prevent my employees from violating their non-competes?

When an employee leaves your employment, you should remind them, in writing, of their non-competition obligations. If you later believe that the former employee is violating the non-compete, talk to an attorney. The first course of action will usually be a letter from the attorney to the individual, demanding that they stop engaging in activities that violate the non-compete. If this doesn’t change their behavior, a lawsuit may be appropriate.
 
It is important to be consistent in your enforcement of your non-competes. If you believe a former employee is breaching their non-compete obligations, you should take action promptly; failure to do so may affect your ability to enforce the non-compete later and will also send a signal to your other employees that you don’t take the non-compete seriously. By contrast, being vigilant in enforcing your non-competes will deter other employees (current and former)from breaking their non-competition obligations to you.

What is the difference between a non-compete and a non-solicitation clause?

A non-solicitation clause prohibits an individual from “soliciting” a company’s customers, suppliers, or other business contacts for a period of time after the individual’s employment with the company ends. “Soliciting” in this context means seeking to obtain business from those contacts, usually with the objective of taking business away from the former employer. A non-solicitation clause can also apply to a company’s employees; in that case, an individual would be prohibited from trying to hire employees away from the company. Similar to a non-compete, the goal of a non-solicitation clause is to prevent an individual from unfairly using a company’s proprietary information for the individual’s or another person’s benefit.
 
A non-compete is a broader restriction than a non-solicitation clause. For instance, a non-compete could prohibit an individual from operating a medical practice within 5 miles of their former employer; a non-solicitation clause wouldn’t prohibit the individual from operating a medical practice, but it could prohibit the individual from contacting the former employer’s patients to get them to switch to the individual’s new practice.

What makes a non-compete clause enforceable?

Whether a non-compete is enforceable is highly dependent on the facts of the situation.
 
First, for a non-compete to be enforceable, the company has to offer the individual something of real value –in legal-speak, “consideration.” If anon-compete is included in the individual’s original employment agreement, as a part of their employment offer, the employment offer itself is generally sufficient consideration; however, it may be appropriate to include an additional “signing bonus” as explicit consideration for the non-compete. Once an employee is working for a company, additional consideration (such as a one-time cash bonus, additional paid days off, or an increased salary) will have to
be provided to impose a new non-compete. 
 
Whether a non-compete is enforceable also depends on its scope. It is against public policy to unduly restrict an individual’s ability to make a living. Therefore, a non-compete’s restrictions as to geographic area, length of time, and prohibited activities must be reasonable. For example, if a company does business only in Charleston, it would be unreasonable to prohibit its former employees from competing in all of South Carolina. If a company engages in a specific niche medical practice, it would likely be unreasonable to prohibit its former employees from engaging in all types of medical
practices. Two years is generally an enforceable length of time for a non-compete; anything above five years would likely be found unenforceable.
 
The determination of whether a non-compete is enforceable will be made by a court, usually after a company brings a lawsuit to stop its former employee from violating the non-compete. If the court finds that the non-compete is enforceable and the former employee is in violation of it, the court can require the former employee to cease the prohibited activities.

What is arbitration?

Arbitration is a dispute resolution process that may be used as an alternative to litigation. Instead of filing a lawsuit when a dispute arises, the parties will submit the dispute to a neutral third party, called an arbitrator, to resolve the dispute. The arbitrator will collect evidence and hear arguments from both sides and will issue a binding decision that may include monetary damages. Arbitration is generally a faster dispute resolution process than litigation, but it may not necessarily be cheaper; the parties must pay arbitration fees and preparing for arbitration requires significant lawyer-hours.

What is an arbitration clause?

An arbitration clause is a section in a contract stating that the parties will resolve all disputes related to the contract by arbitration, instead of litigation. The agreement to use arbitration will only apply to disputes arising from or related to that contract. When a dispute arises, the parties will submit the dispute to a neutral third party, called an arbitrator, to resolve it. Both parties to a dispute must agree to use arbitration as an alternative to litigation; the arbitration clause in a contract reflects this agreement.
 
Under South Carolina law, for an arbitration clause in a contract to be enforceable, there must be a prominent notice at the top of the first page of the contract stating that the contract contains an arbitration clause. This is intended to ensure that both parties have knowledge of, and agree to, the arbitration clause. This requirement does not apply if the contract expressly states that the SC Uniform Arbitration Act does not apply to the contract.

Can employers discuss wages, salaries and benefits with other companies in the same industry?

No. It is unlawful for competitors to explicitly or implicitly agree not to compete with each other on the terms of employment they offer (i.e., wages, salaries, and benefits). For example, competitors agreeing among themselves that they won’t offer gym memberships as an employee benefit is prohibited. Competitors also cannot agree that certain types of employees will be paid a fixed amount across the industry (so-called
“wage-fixing” agreements). This kind of conduct is considered anti-competitive, as it is likely to decrease wages and benefits and it creates a less competitive workforce.
 
Even if competitors don’t expressly agree not to compete with each other, exchanging sensitive information about wages and benefits could be an anti-trust violation, because it is also likely to have the same anti-competitive effect. However, under certain conditions, a neutral third party can conduct a survey of wages and benefits and distribute a report of aggregated, de-identified data.
 
Similarly, it is unlawful for employers to agree not to hire each other’s employees (so- called “no poaching” agreements).
 
The federal antitrust agencies have brought enforcement actions against companies who have violated these rules. The consequences can include criminal charges.

Can I designate my entire workforce as independent contractors?

In most cases, probably not. Hiring someone as an independent contractor is obviously more cost effective for the employer, who avoids the costs of benefits and overhead and is also spared from payroll taxes for Social Security, Medicare, and unemployment. However, independent contractors must be treated somewhat independently. They should not be subject to as much oversight or management as regular employees, and they should not be represented to outsiders as if they have authority to bind the company. Often independent contractors have flexibility in scheduling their hours of work and are responsible for providing their own equipment. If you treat your workers as employers (for example, expecting them to work in the office at set hours) but designate them as “independent contractors” for tax purposes, you may run into trouble with the IRS. If the IRS determines that you improperly classified your workers as independent contractors, it can require you to pay back taxes and a fine.

How is an independent contractor different from an employee?

Unlike employees, independent contractors don’t receive benefits, taxes aren’t deducted from their compensation, they usually have to supply their own equipment necessary to do their work (such as a laptop), and they aren’t entitled to the statutory rights and protections granted to employees (such as minimum wage, overtime pay, and FMLA leave).
 
An independent contractor has to be, to a certain degree, independent. While a company can establish parameters for an independent contractor’s work and can require them to comply with company policies, independent contractors must generally be free to perform their services as they see fit. They are not subject to as much oversight as employees and should not be micro-managed by the company. They should not be given company business cards or otherwise represented to outsiders as if they are employees or have authority to bind the company in any way.

Can employers prohibit their employees from discussing their wages and benefits with each other?

No. An employer cannot forbid their employees from discussing salaries and benefits among themselves. Federal law protects employees’ rights to discuss the conditions of their employment (their wages, salaries, benefits, etc.). A number of states also have laws prohibiting so-called “pay secrecy” policies.
 
However, an employer can prohibit employees from discussing other employees’ salaries and benefits. That information is considered confidential. For example, an HR employee who has access to other employees’ salaries should not share that information with others.
 
A better approach to avoid the problems that may arise from employees comparing their salaries is to (1) pay your employees fairly, (2) provide clear guidelines for when and how employees will be eligible for promotions, and (3) create a positive work environment where employees feel comfortable bringing their questions about salary and benefits directly to management.

Do I have to buy those workplace posters I keep getting letters about?

No, you do not need to buy any workplace posters. But you do have to hang certain posters, which give notice to your employees about their workplace rights. For example, if you have more than 50 employees and are therefore subject to the Family and Medical Leave Act (FMLA), then you have to display a poster prepared by the Department of Labor summarizing the major provisions of FMLA and telling employees how to file a complaint.
 
In SC, all employers must display an employment poster from the South Carolina Department of Labor, Licensing and Regulation in a place or places where employees can see them. This poster includes occupational safety and health, labor law, and right-to-work notices.
 
Most of the required posters can be downloaded online for free. The FMLA poster can be found here: https://www.dol.gov/whd/regs/compliance/posters/fmla.htm

The SC LLRWorkplace Poster can be downloaded from this page, which also includes links to other federal posters: https://www.llr.sc.gov/aboutus/index.asp?file=posters.htm

Does the FTCA apply to the independent contractors of FQHCs?

If a health center qualifies to be protected by the FTCA, its employees are deemed to be federal employees immune  from  personal  liability  for  medical  malpractice claims which  arise within the scope of their employment at the health center. If a health center or an employee of a health center is sued in state court, the matter will be removed to U.S. District Court and the United States will be substituted as the named defendant.
 
On the FTCA applicability to the independent contractors of FQHCs, if services are provided by an individually contracted clinician (rather than an employee), FTCA coverage will depend on the provider’s specialty and hours  of  work. With respect to covered individuals, only acts and omissions within the scope of their employment (or contract for services) are covered-assuming those acts or omissions are related to the grant supported activity of the entity. 42 CFR Part6§6.6(c). In the case of non-covered individuals, the covered entity remains covered by protections of the FTCA while the individual is not.
 
Licensed or certified individual health care provider contractors working full-time (on average at least 32.5 hours per week for the health center for the period of the contract) are covered under FSHCAA and the FTCA. These time requirements do not apply to individual contractor providers in the fields of family practice, general internal medicine, general pediatrics, obstetrics and gynecology, who therefore are covered under FSHCAA and the FTCA  even  if they  provide services to the covered  entity on  a  part-time  basis. HRSA/BPHC utilizes IRS definitions to differentiate contractors and employees. Typically, a covered entity will issue a Form 1099 to an individual who is a contractor. To ensure FTCA coverage for contract providers, there should be a
documented contractual relationship (i.e., a written contract for the provision of health services) between the covered entity and the individual provider. In addition, compensation that arises from this contract, such as contracted wages, should be paid by  the  covered  entity  directly  to  the individual contract provider. A contract between a covered entity and a provider’s corporation does not confer FTCA coverage on the provider.  Services provided strictly pursuant to a contract between a covered entity and any corporation, including eponymous professional corporations (defined as a
professional corporation to which one has given one’s name, e.g., John Doe, LLC, and consisting of only one health care provider), are not covered under FSHCAA and the FTCA.

Do I have to allow emotional support (or “comfort”) animals in my healthcare facility?

Generally, no.
 
Section 504 of the federal Rehabilitation Act prohibits discrimination against people with disabilities in programs that receive federal funding. If you receive any federal grants or other funds, then you are subject to this law and will have to follow the rules of the federal agency  issuing you the funds; most likely, this will be the US Department of Health and Human Services(HHS).

HHS prohibits discrimination against persons with disabilities who are otherwise qualified to receive or participate in your services. (A “disabled person” is any person who has a physical or mental impairment that substantially limits one or more major life activities.)
 
The HHS rules state that you must not, on the basis of disability:

• Exclude a person with a disability from a program or activity;
• Deny a person with a disability the benefits of a program or activity;
• Afford a person with a disability an opportunity to participate in or benefit from a benefit or service that is not equal to what is afforded others;
• Provide a benefit or service to a person with a disability that is not as effective as what is provided others;
• Provide different or separate benefits or services to a person with a disability unless necessary to provide benefits or services that are as effective as what is provided others; or
• Apply eligibility criteria that tend to screen out persons with disabilities unless necessary for the provision of the service, program or activity.
   
  Further, you must:
• Provide services and programs in the most integrated setting appropriate to the needs of the qualified individual with a disability;
• Ensure that programs, services, activities, and facilities are accessible;
• Make reasonable modifications in their policies, practices, and procedures to avoid discrimination on the basis of disability, unless it would result in a fundamental alteration of the program;
• Provide auxiliary aids to persons with disabilities, at no additional cost, where necessary to afford an equal opportunity to participate in or benefit from a program or activity;
• Designate a responsible employee to coordinate their efforts to comply with Section 504 and the ADA;
• Adopt grievance procedures to handle complaints of disability discrimination in their programs and activities; and

Provide notice that indicates:
     o That you do not discriminate on the basis of disability;
     o How to contact the employee who coordinates your efforts to comply with the law; and
     o Information about grievance procedures.
 
Other agencies –such as HUD –have interpreted the Rehabilitation Act to require accommodations for “assistance animals”. “Assistance animal” is more broadly defined than the ADA’s “service animal” and it can include emotion support animals. However, HHS has not reached the same conclusion and does not require an accommodation for any animals other than those that fit the strict “service animal” definition under the ADA. Therefore, for as long as there is no express requirement that you allow emotional support animals, you can establish a general policy to prohibit them. Nevertheless, a situation could arise where you need to consider allowing an emotional support animal in order to avoid discriminating against a disabled individual.
 
Your written statements about emotional support animals should make clear that you do not discriminate on the basis of disability and that you allow individuals an opportunity to request an accommodation in order to access your services. It is reasonable to require them to make their request in advance of their appointment at your facility.
 
If you do not receive any federal funds, then you do not have to comply with the Rehabilitation Act and must only allow service animals in accordance with the ADA.

Do I have to allow service animals in my healthcare facility?

Yes. Under the American with Disabilities Act, service animals must be allowed in places of public accommodation, including healthcare facilities. A “service animal” may be a dog or a miniature horse and must be specifically trained to perform a task related
to a disability. Seeing-eye dogs are the most obvious example, but there are other kinds of service dogs –for example, a dog that assists someone with PTSD. If it’s not obvious that the dog is a service animal, you may ask the individual:
 
     Is the animal needed because of a disability?
     What work or task is the animal trained to perform?
 
These are the only things you can ask; you can’t ask them to show you the animal performing the task, for example.
 
You can ask an individual to remove the service animal if the animal is out of control or threatens the health and safety of other people. The handler is also responsible for any damage the animal causes.
 
In addition, the CDC provides the following guidelines for service animals in healthcare settings:
1. Avoid providing facility access to nonhuman primates and reptiles as service animals.
2. Allow service animals access to the facility in accordance with the Americans with Disabilities Act,  unless the presence of the animal creates a direct threat to other persons or a fundamental alteration in the nature of services.
3. When a decision must be made regarding a service animal’s access to any particular area of the healthcare facility, evaluate the service animal, patient, and healthcare situation on a case-by-case basis to determine whether significant risk of harm exists and whether reasonable modifications in policies and procedures will mitigate this risk.
4. If a patient must be separated from his or her service animal while in the healthcare facility: (1) ascertain from the person what arrangements have been made for supervision or care of the animal during this period of separation; and (2) make appropriate arrangements to address the patient’s needs in the absence of the service animal.