OSHA Compliance

OSHA and HIPAA Compliance

In healthcare, OSHA and HIPAA compliance are both essential. There are separate standards that must be adhered to for compliance, but there are broad similarities in terms of reporting, recordkeeping, and enforcement.

The Occupational Safety and Health Act (OSH Act)

The Occupational Safety and Health Act (OSH Act) was signed into law more than 50 years ago and remains as relevant today as it was when President Nixon added his signature to the bill on December 29, 1970. The OSH Act covers the private sector and the federal government and requires employers to create and maintain a safe and healthful working environment, and ensure employees are protected from hazards in the workplace.

The OSH Act created the Occupational Safety and Health Administration (OHSA) within the Department of Labor, which is responsible for outreach, education, assistance, and is also the enforcer of compliance with the OSH Act. OHSA sets health and safety standards against which employers are measured. Those standards are published in Title 29 of the Code of Federal Regulations (29 U.S.C. §§ 651 to 678), and there are standards that apply to different industry sectors. The construction, maritime, and agriculture sectors each have their own set of standards due to the unique hazards and risks in those sectors, with separate standards set for general industry, which includes medical and dental offices.

OSHA standards have been set for a variety of health and safety areas, including fire safety, electrical safety, blood-borne pathogens, ionization radiation, hazardous materials, medical and first aid, personal protective equipment, emergency preparedness, and the general working environment.

OHSA conducts inspections of workplaces to ensure compliance and has the authority to impose financial penalties and sanctions. There is a tiered penalty structure of minimum and maximum penalties, although State Plans exist where states have control of OSHA regulations and can implement their own penalty structures.

The Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act (HIPAA) has been in effect for half the time of the OSH Act, with HIPAA signed into law by President Clinton on August 21, 1996. HIPAA set standards for the healthcare industry that must be followed by HIPAA-covered entities (healthcare providers, health plans, and healthcare clearinghouses) that conduct transactions involving protected health information electronically. HIPAA also applies to business associates of HIPAA-covered entities that are required to interact with protected health information.

When HIPAA was signed into law, the main aims of the legislation were to ensure individuals could retain health insurance coverage when between jobs, to introduce standards to reduce wastage in healthcare, and to help prevent healthcare fraud. Updates to the legislation over the years have seen HIPAA expanded to include standards covering the privacy and security of healthcare data and to give individuals rights over their healthcare data.

The Department of Health and Human Services is responsible for outreach, providing training materials and guidance, and enforcing HIPAA compliance, with the administrative standards regulated by the HHS’ Centers for Medicare and Medicaid Services (CMS) and the HIPAA Privacy, Security and Breach Notification Rules Regulated by the HHS’ Office for Civil Rights. State Attorneys General also play a role in HIPAA enforcement.

Each of those regulators can impose financial penalties and sanctions for non-compliance, in accordance with a tiered penalty structure based on the level of culpability.

OSHA and HIPAA Compliance

OSHA and HIPAA compliance is policed by different federal agencies and each set of regulations has different requirements for covered organizations, but there are some similarities between OSHA and HIPAA compliance.

OSHA and HIPAA compliance programs require all compliance efforts to be documented. Documentation may be requested during investigations and audits as proof of compliance. OSHA requires deaths, serious injuries, time off work due to injury or illness, medical treatment beyond first aid, restricted work and transfers to other jobs, loss of consciousness, and other issues to be recorded, and for all OHSA compliance documentation to be maintained. Employers must also update and maintain medical records for their employees. HIPAA requires all compliance efforts such as policies, procedures, and training to be recorded, along with records of any identified HIPAA violations and data breaches. HIPAA does not cover employee medical records but does cover the medical records of patients. There are minimum retention periods for documentation, although OHSA and HHS retention periods differ.

Both sets of legislation have strict reporting requirements. OHSA requires deaths and serious workplace injuries to be reported, while HIPAA requires breaches of protected health information to be reported. There are strict time frames for reporting in both the OSHA and HIPAA standards.

Ongoing OSHA and HIPAA compliance programs must be established that ensure working practices remain compliant. The failure of covered entities to ensure OSHA and HIPAA compliance can both result in substantial financial penalties. If there is an apparent violation of the HIPAA Rules or OSHA standards, individuals are permitted to file a complaint with regulators, but since there is no private cause of action in HIPAA or the OSH Act, it is not possible for individuals to sue for violations.

Federal and state regulators are responsible for investigating complaints, determining if there has been non-compliance, and deciding if financial penalties or sanctions are appropriate.

The post OSHA and HIPAA Compliance appeared first on HIPAA Journal.

OSHA Compliance Checklist

This article includes a summary of the Occupational Safety and Health Act of 1970, compliance with which is enforced by the Occupational Safety and Health Administration (OSHA). At the end of the article, there is a guide for creating an OSHA compliance checklist. An OSHA compliance checklist is a checkbox list of all OHSA requirements that can be used by employers when conducting self-assessments of health and safety policies, procedures, and practices in the workplace.

What is the Occupational Safety and Health Act?

The Occupational Safety and Health Act, commonly known as the OSH Act or OSHA (29 U.S.C. §§ 651 to 678) was signed into law on December 29, 1970, by President Nixon with the aim of improving health and safety in the workplace in the private sector and federal government.

For decades, American workers had to endure dangerous working conditions, which often resulted in workplace accidents, injuries, illnesses, and deaths. Prior to the passing of the OSH Act, few health and safety inspections of workplaces were conducted.

The OSH Act is a comprehensive federal law that regulates health and safety in the workplace. The OSH Act requires employers to provide a working environment that is free from recognized hazards. If hazards cannot be eliminated from the workplace, measures must be implemented to protect employees. The OSH Act requires employers to protect employees from exposure to harmful substances, excessive noise levels, dangerous equipment, heat and cold stress, and to provide a safe and sanitary workplace.

The OSH Act called for the creation of the Occupational Safety and Health Administration (OSHA) and the National Institute for Occupational Safety and Health (NIOSH). OSHA is the regulator of compliance and is responsible for issuing health and safety guidance, and NIOSH is the federal agency responsible for conducting research and making recommendations for preventing work-related injury and illness.

Requirements of the Occupational Safety and Health Act

OSHA has created standards that describe the steps that must be taken by employers to protect workers and make the workplace safe. The OSH Act covers all industries, and there is considerable variation in the hazards and risks to employees across different industry sectors. Consequently, standards have been set for different industries, namely agriculture, construction, maritime, and general industry. In the agriculture, construction, and maritime sectors, there is a high risk of injury in the workplace, and each sector has its unique hazards and risks. Those industries have their own sets of regulations, with the general industry category covering the majority of businesses in the United States, including medical and dental offices. This article is concerned with OSHA compliance in the general industry category, and medical and dental offices in particular.

The OSH Act requires employers to:

  • Identify health and safety hazards and reduce risk to a low and acceptable level
  • Inform employees about health and safety risks in the workplace
  • Notify employees, via the “OSHA Job Safety and Health – It’s the Law Poster”, of OSHA citations, injury, and illness data
  • Provide training to employees to allow them to work safely and avoid hazards
  • Provide personal protective equipment to workers at no cost
  • Maintain records of accidents, work-related injuries, and deaths
  • Notify OSHA of any workplace fatality within 8 hours, and any hospitalization and serious workplace injury within 24 hours.
  • Ensure employees do not face retaliation or discrimination for exercising their rights under the OSH Act.
  • Follow all standards set by the OSHA

In the healthcare industry, compliance is required with several standards that include:

  • The Hazard Communication Standard – Informing employees about hazardous substances and how to protect against exposure
  • The Bloodborne Pathogens Standard – Minimizing the risk of exposure to blood-borne pathogens
  • The Personal Protective Equipment Standard – Ensuring appropriate personal protective equipment is available to employees to protect against workplace hazards
  • The Fire Prevention Plan Standard – Implementing a fire safety plan and fire response procedures
  • The Ionization Radiation Standard – Ensuring the risks from radiation exposure are reduced and controlled
  • The General Duty Clause – Ensure measures are implemented to protect against hazards for which no specific standard applies

In addition to reducing hazards in the workplace, correcting health and safety issues, providing personal protective equipment, educating the workforce about health and safety threats, creating a safe working environment, and implementing work practice controls, employers are required to provide hearing examinations and other medical tests, when called for by OSHA standards.

OSHA requires employers to implement an OSHA manual to improve safety in the workplace and improve safety for their employees, which includes providing training for all employees to teach health and safety best practices, make employees aware of hazards in the workplace, and show them how to work safely.

Who Must Comply with the OSH Act?

OSHA is a federal law, so applies in all 50 U.S. states and U.S. territories, either directly or through a State Plan. State Plans are workplace safety and health programs that have been approved by OHSA. There are currently 22 State Plans that cover the private sector, state, and local government workers, and 6 State Plans that only cover state/local government workers. The remaining states and territories are covered by the Federal OSHA.

State Plans are continuously monitored by the OHSA to ensure they are effective at protecting against work-related injuries, illnesses, and deaths.

How OSHA Applies States
State Plan Covering Private, State, Local Government Alaska, Arizona, California, Hawaii, Indiana, Iowa, Kentucky, Nevada, Maryland, Michigan, Minnesota, New Mexico, North Carolina, Oregon, Puerto Rico, South Carolina, Tennessee, Utah, Vermont, Virginia, Washington, and Wyoming,
State Plan Covering State/Local Government Only Connecticut, Illinois, Maine, New Jersey, New York, and the U.S. Virgin Islands
Federal OSHA States Alabama, American Samoa, Arkansas, Colorado, Delaware, District of Columbia, Florida, Georgia, Guam, Idaho, Kansas, Louisiana, Massachusetts, Mississippi, Montana, Nebraska, New Hampshire, Northern Mariana Islands, North Dakota, Ohio, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Texas, West Virginia, and Wisconsin

Employee Rights Under the OSH Act

The OSH Act gave employees certain rights, which they must be allowed to exercise without retaliation or discrimination.

Employees have the right to:

  • Receive information from their employer about hazards in the workplace, be provided with appropriate personal protective equipment, be trained how to work safely, and be provided with health and safety information and training in language that is easy to understand.
  • Work in a safe and healthful workplace
  • Observe testing to find hazards in the workplace and obtain a copy of any test results
  • Obtain a copy of their medical records held by their employer
  • File a complaint/request that OSHA conduct a workplace inspection

Enforcement of OSHA Compliance

The OSH Act is regulated by OSHA, which is a division of the United States Department of Labor (DOL). OHSA has the authority to impose financial penalties for non-compliance with any of its standards.

OSHA Fines and Penalties

Minimum and maximum penalties have been set, with the penalty amounts dictated by the gravity of the violation across 5 penalty tiers. The minimum and maximum OSHA civil penalties are increased annually in line with inflation. The table below is correct as of January 15, 2021.

Type of Violation Penalty Minimum Penalty Maximum
Serious $975 per violation $13,653 per violation
Other-Than-Serious $0 per violation $13,653 per violation
Willful or Repeated $9,753* per violation $136,532 per violation
Posting Requirements $0 per violation $13,653 per violation
Failure to Abate N/A $13,653 per day unabated beyond the abatement date, generally limited to 30 days maximum.

* For a repeated other-than-serious violation that otherwise would have no initial penalty, a penalty of $390 will be proposed for the first repeated violation, $975 for the second repeated violation, and $1,950 for a third repetition.

While OSHA can impose fines and penalties for noncompliance, U.S. states and territories where State Plans are in place can set their own penalty structures and minimum and maximum penalty levels. Those penalties must be at least as effective as those of the federal OSHA.

OSHA Compliance and COVID-19

OSHA is concerned with health and safety in the workplace, and throughout the COVID-19 pandemic, the SARS-CoV-2 virus has been the biggest health and safety threat. Consequently, the enforcement strategy has been updated with prevention and control of exposure to the SARS-CoV-2 virus prioritized.

An enforcement initiative was launched by OHSA which targets employers that have not made a good faith effort to protect employees from exposure to the SARS-CoV-2 virus in the workplace, with COVID-19-related inspections prioritized over other health and safety inspections, with the emphasis on healthcare sites. Inspections are largely concerned with ensuring appropriate control measures have been implemented to reduce the risk of infection and transmission. OHSA has issued guidelines on handling COVID-19 complaints, severe illness reports, and inspection priorities.

OSHA Compliance Checklist

The OSHA compliance checklist below contains a summary of the requirements for employers in the general industry category, including medical and dental offices, and is an overview of the requirements. Comprehensive information on creating an OSHA compliance checklist can be obtained from OSHA.

All employers should create an OSHA compliance checklist to help them determine whether they are fully compliant. An OSHA compliance checklist should consist of a series of yes or no questions, which can be used to determine the state of compliance with all requirements of the OSH Act.

If you are looking to create your own self-inspection OSHA compliance checklist, you should ensure it includes all of the areas listed in our OSHA compliance checklist below. The OSHA has published several guides, including a template for a self-inspection OSHA compliance checklist, and various compliance and training tools.

When developing an OSHA compliance checklist, ensure it covers all of the standards and areas listed below. You should also ensure it includes a brief description of each standard, the training requirements, what training must include, who is responsible for providing the training, the recordkeeping requirements, medical record maintenance requirements, sources of hazards, and the controls, work practices, and PPE required.

Administrative, Recordkeeping, Posting, and Reporting Requirements

There are many administrative, posting, and reporting requirements. These include displaying the OSHA Job Safety and Health Protection Poster, Work-Related Injuries and Illnesses (OSHA Form 300A), and emergency telephone numbers in a prominent area. The staff needs to be provided with Material Safety Data Sheets (MSDSs), and clear signage must be displayed advising employees about biohazards, exposure to x-ray, microwave, or other harmful radiation, dangerous substances, floor loading, room capacities, and exit routes.

Employee medical records, records of employee exposure to hazardous substances, and employee training records, must be kept up to date and employee training records must be accessible for review by employees. Employers must also ensure all records are kept for at least the minimum retention period.

There are strict requirements for reporting workplace fatalities and employee hospitalizations to the nearest OSHA office, with workplace fatalities required to be reported within 8 hours and serious injuries within 24 hours.

All paperwork must be kept up to date and in order. OSHA is permitted to conduct inspections at any facility unannounced, and ransom visits to healthcare facilities are common.

Safety and Health Program

Employers need to implement a safety and health program and assign the responsibility of maintaining that program to an individual. A safety committee or group should also be established that includes management and employee representatives that meet regularly and report on their activities.

Policies and procedures should be implemented that allow employees to report potential safety issues. Those complaints must be dealt with promptly and the complaint and actions taken to reduce risk should be recorded and made available to employees.

The Hazard Communication Standard

This standard was developed for hazardous chemicals in the workplace and is concerned with informing employees about the risks. All hazardous materials should be labeled, information should be provided in the form of Safety Data Sheets (SDS), and employees must be told about all hazards and how they should be handled. A list must be maintained on all hazardous materials in the workplace that must be updated when new potentially hazardous materials are introduced. This standard also applies to structural dangers to chemicals and exposure to contaminated equipment and material.

The Bloodborne Pathogens Standard

Employers who have work environments where there is a risk of exposure to blood-borne pathogens must implement a control plan to limit the potential for exposure, provide appropriate PPE and safety devices, and ensure PPE and safety devices are maintained. It is also necessary to develop and implement waste disposal methods and procedures and post-exposure protocols. Training must be provided to the workforce on policies and procedures for handling potentially contaminated material and the procedures to follow in the event of exposure. Employees in medical environments are required to receive refresher training on bloodborne pathogen protocols annually, at no cost to themselves.

The Personal Protective Equipment Standard

Employers must ensure work practices are developed that ensure the health and safety of the workforce and, to further reduce risk, appropriate personal protective equipment such as face masks, eyewear, visors, gowns, aprons, and protective gloves must be available that is suitable given the level of risk. The PPE must be reliable, clean, fit each worker correctly, and safe methods of disposal of potentially contaminated PPE must be provided. Employees need to be trained on how to use, maintain, and dispose of PPE correctly and be told about its limitations.

The Fire Prevention Plan and Exit Routes Standards

Fire prevention measures must be implemented in the workplace, and policies and procedures developed to ensure employees are protected in the event of a fire. The local fire department should be familiar with the location and the hazards in the facility, a fire alarm system must be in place, fire doors must be clearly marked, exit routes should be safe and clearly marked with exit diagrams posted, those exit routes must be unobstructed at all times with exit doors opening in the direction of escape. An adequate number of the correct portable fire extinguishers for each hazard must be provided in readily accessible locations.

All fire safety systems must be regularly tested, and employees should be instructed in the use of fire extinguishers and fire protection procedures. Fire safety drills should be regularly conducted. An emergency action plan should be in place that describes the actions employees should take in the event of a fire or other emergency situation.

The Ionization Radiation Standard

Protocols must be developed for areas containing x-ray and diagnostic imaging equipment. Any area that contains such equipment must be subject to strict controls to reduce health risks. Employees must be told when such equipment is present in a work area, policies and procedures must be developed for working safely in those areas, and there are requirements for labeling all machinery and equipment that emits ionizing radiation.

Walking/Working Surfaces Standards

Measures must be implemented to prevent slips, trips, and falls, including from a height and on the same level. These are among the leading causes of workplace accidents. The OSHA provided clarification on the requirements for protecting workers from walking/working surface hazards in 2017 and has released additional training materials and guidelines for inspections.

Medical and First Aid Standards

There should always be at least one qualified member of staff in the workplace available to provide first aid. First aid kits must be fully stocked and be easily accessible, eye-wash stations or sink should be available for quick drenching or flushing, medical personnel should be readily available for consultations about employee health, and for immediate post-exposure medical evaluations and follow-ups.

Electrical Standards

Electrical standards apply to all electrical equipment and wiring, and there are also standards for medical facilities where flammable gases are used. Standards have been developed covering the design of electrical systems and safety-related working practices. All electrical hazards must be controlled, and measures implemented to reduce the risk of electric shocks. Electrical hazards are among OSHA’s most frequently cited hazards.

COVID-19 Emergency Standard

The OSHA has created an emergency temporary standard covering COVID-19 in healthcare worksites and has issued guidelines for making the workplace safe and limiting the potential for transmission of the SARS-CoV-2 virus. An OSHA compliance checklist for COVID-19 is available from the OSHA website that covers preparations to make the workplace safe, physical distancing, ventilation, cleaning/disinfection, PPE, and procedures if exposure is suspected or if a COVID-19 infection is confirmed.

The General Working Environment

The general working environment must be clean and sanitary, toilets and washing facilities must be provided and kept in a sanitary state, hazardous materials must be cleaned up immediately, and all waste must be removed promptly and in accordance with federal, state, and local laws.

Adequate illumination should be provided in working areas, employees should be protected from excessive noise, there should be adequate ventilation, protection from heat and cold stress, and ergonomic workstations should be provided.

The post OSHA Compliance Checklist appeared first on HIPAA Journal.