Amy S. Garner, MBA, EJD, CHC (amy.garner@wth.org) is Chief Compliance and Communications Officer at West Tennessee Healthcare in Jackson, TN.
According to the Occupational Safety and Health Administration (OSHA), approximately 75% of nearly 25,000 workplace assaults reported annually occurred in healthcare and social service settings.[1] Workers in healthcare are four times more likely to be victimized than workers in private industry.[2] Although these numbers are staggering, even more frightening is the fact that most incidents of verbal or physical abuse are not reported by healthcare workers.
Healthcare organizations across the county are making the prevention of workplace violence incidents a top priority. Numerous resources are available to aid organizations in their proactive efforts to train staff, make sure policies and procedures are in place, and assess environmental security. For example, the American Society for Health Care Risk Management has published a workplace violence toolkit to aid in assessing the proactive steps to take to prevent patient-to-staff violence as well as visitor/family-to-staff violence and even staff-to-staff violence.[3]
The Joint Commission also published a Sentinel Event Alert in April 2018 dedicated to physical and verbal violence against health care workers.[4] There are numerous resources available from OSHA, the Centers for Disease Control and Prevention (CDC), and the Crisis Prevention Institute.
It is important to be proactive and train staff on the steps of de-escalation, self-defense, and on what to do when someone is wielding a deadly weapon, but what do hospitals do when the unthinkable happens? What do you, as a compliance or privacy officer, need to be prepared for after the initial incident is over? Chances are the compliance and privacy officer will be involved in both internal and external investigations. This article describes a few of the regulatory agency considerations that hospital compliance and privacy officers should be aware of in the course of investigating or managing the activities immediately following incidents of workplace violence.
Conditions of Participation for Hospitals
Hospitals are required to meet certain safety requirements to be eligible to participate in Medicare and Medicaid programs. The following areas should be included in training to prepare for incidents.
Emergency Department violence
In some incidents of workplace violence, patients who are in hospital Emergency Departments (ED), due to mental illness or substance abuse issues, may be the perpetrators of the violence. Hospitals that provide emergency services are required to comply with the Emergency Medical Treatment & Labor Act (EMTALA).[5] They are required to provide a medical screening examination (MSE) by a qualified medical professional (QMP). An MSE includes all tests and treatments necessary to stabilize an emergency medical condition. When an incident of violence takes place in an ED, surveyors may investigate to determine if the patient (and perpetrator of the violent attack) received the proper stabilizing care. It is important to review all medical record documentation to determine if EMTALA policies and procedures have been followed and if the patient was treated appropriately.
Because staff members may judge themselves harshly and with great emotion after an event has occurred, it might be valuable to engage an objective clinician to review documentation and be prepared to speak with investigators. Unfortunately for hospitals, surveyors have the advantage of hindsight in these types of situations in that they know the final outcome was an incident of violence. Because of this hindsight, it is important to have someone review medical records without letting the knowledge of the outcome cloud the reviewer’s judgment.
Patient rights: Restraints
In certain situations, when a patient becomes violent, it may be necessary to restrain the individual. According to the Conditions of Participation (CoPs) for hospitals, all patients have the right to be free from restraint or seclusion, in any form, imposed as a means of coercion, discipline, convenience, or retaliation by staff. Restraint or seclusion may only be imposed to ensure the immediate physical safety of the patient, a staff member, or others.[6] Additionally, the interpretive guidelines found in the CMS State Operations Manual, Appendix A, state that “if a weapon is used by security or law enforcement personnel on a person in a hospital (patient, staff, or visitor) to protect people or hospital property from harm, we would expect the situation to be handled as a criminal activity and the perpetrator be placed in the custody of local law enforcement.”[7] It is important to train staff on the role of external law enforcement officers and internal security staff and in the safe application of restraints.
Policies and procedures need to be clearly defined regarding the use of handcuffs, tasers, or other devices, which are prohibited from use on patients other than by law enforcement. Contracted law enforcement officers may be considered to be contracted hospital security personnel, and may only be allowed to act as internal security personnel in compliance with hospital policies and procedures, so it is important to distinguish between the two types of personnel.
Patient rights: Right to privacy
Under the CoPs, patients have the right to personal privacy. When a violent incident occurs, hospitals face a number of issues with regard to patient privacy.[8] There may be media outlets, law enforcement investigators, healthcare oversight agencies, and others that request information about the patient who was the perpetrator of the attack and the victims. The victims of such an attack may also be patients if the facility has to provide medical treatment due to the injuries.
In addition to the CoPs, both federal and state laws require hospitals to maintain confidentiality of protected health information; however, there are exemptions for law enforcement investigations and investigations conducted by agencies tasked with healthcare oversight. Staff members should be trained on all policies and procedures regarding compliance with privacy standards, and the privacy officer should be involved in assisting with investigations to determine if information can be disclosed without authorization of the patient. Media relations personnel and public information officers should be trained on privacy policies, and they should be the primary contact for requests for information by the media.
Social media and photography
Facilities should have policies and procedures in place regarding the use of social media and the use of cell phones and photography, and staff should be trained on these policies. Unfortunately, almost everyone has a cell phone handy and uses them to take photographs and post photos and videos in real time. In situations where there is a tragic event, the risk to hospitals is that bystanders and employees may photograph or video and post items to social media accounts. Hospitals should be prepared to respond when this occurs, or there may be penalties under federal or state privacy laws.
OSHA requirements
There may be additional reporting requirements to OSHA or the state-equivalent agency when injuries occur in the workplace. There should be a clear point of contact who reports incidents of workplace violence to the appropriate agency within the required time frame. For example, some agencies have limited time to report incidents. A state agency may require that work-related fatalities must be reported within eight hours. All incident-related hospitalizations, amputations, and a loss of an eye must be reported within 24 hours of finding out about the incident in some states.
Accreditation standards
Hospitals may be accredited by agencies, such as The Joint Commission, and may be required to report incidents to the accrediting agency within a limited time frame. Accreditation contacts should be prepared for an investigation by the accrediting agency as well as state survey agencies. In a recent Sentinel Event Alert published by The Joint Commission, all standards related to the issue of workplace violence are listed. Additional Joint Commission resources on this topic are available for facilities that are accredited.
Conclusion
Even though hospitals are prioritizing efforts to prevent incidents of workplace violence against healthcare workers, it is also important to prepare for the aftermath if a tragic event happens. Compliance and privacy officers may believe that it is unthinkable that an intersection exists between the compliance program and incidents of violence, but statistics show that the number of incidents is on the rise. Proactive compliance and privacy officers should prepare for investigations and regulatory agency surveys after such an event occurs. Hospitals should include compliance and privacy officers in their emergency preparedness training events and in post-incident investigations. Hospitals should assign primary contacts for each regulatory agency that requires information related to the incident. It may be unthinkable for these types of events to occur in our hospitals; however, it is time for compliance and privacy officers to think about their roles during the aftermath.
Takeaways
-
Healthcare workers are four times more likely to be involved in a workplace violence incident than workers in other industries.
-
Compliance and privacy officers may not realize the importance of being prepared for incidents of workplace violence.
-
Compliance and privacy officers should prepare for both internal and external investigations immediately following incidents of violence.
-
Hospitals in particular are required to comply with various regulations and standards that may be implicated when a tragic incident occurs.
-
Hospitals should assign primary contacts for each regulatory agency that requires information related to an incident of workplace violence.