Healthcare security and regulatory agency oversight are certainly not strangers to one another, but there is one agency that continues to confuse and even surprise those responsible for security and safety with their wide-ranging and often subjective interpretations of their procedures (regardless of industry). That is the Occupational Safety and Health Administration, more commonly known as OSHA.
While OSHA’s mission, “To assure safe and healthful working conditions for working men and women by setting and enforcing standards and by providing training, outreach, education and assistance” is certainly commendable, it is also far reaching and extremely broad in its scope, particularly when viewed through the finite keyhole that is healthcare security. As is the case with many large agencies, it is difficult to view the entirety of OSHA standards and their meanings simultaneously, so we are often relegated to focusing on just those certain facets that affect us the most and are germane to our personal day-to-day activities and issues. In doing this, however, we can easily lose sight of the intended significance of certain guidelines as we seek to meet their letter and not embrace the spirit of their intent.
In this article we will examine just a few of the more common OSHA standards that healthcare security practitioners routinely encounter and ways in which we might be able to satisfy both the rule and the intent of these important principles.
What the General Duty Clause Means
Let’s begin with one of the more puzzling “catch all” rules: OSHA 29 U.S.C. § 654, 5(a)(1), known commonly as the General Duty Clause. This states, in part, that “Each employer shall furnish to each of his employees employment and a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees; 5(a)(2), Each employer shall comply with occupational safety and health standards promulgated under this act; and 5(b), Each employee shall comply with occupational safety and health standards and all rules, regulations, and orders issued pursuant to this Act which are applicable to his own actions and conduct.”
This phrase, “free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees” has caused much consternation among many industries and organizations, not just healthcare security and safety professionals. What exactly is a recognized hazard? If an incident has not occurred previously or the circumstances of the event were such that few, if any, could have predicted it, does it fall within this ruling? This is a very important distinction because in healthcare security, unpredictability is itself the norm and not the exception.
As certain hospitals in the United States have experienced active shooter events, for example, does that mean that this qualifies as a “recognized hazard”? Would this apply to a facility that has never suffered such an emergency and is not adequately prepared? What about lesser events, such as workplace violence not resulting in death?
The answer is both yes and no. As security professionals we are expected to be familiar with all current trends and risks that might affect our facilities, and the growing number of workplace violence incidents in the healthcare industry should be common knowledge to all in our profession at this point. That is why individually we must weigh the risks and potential threats of such incidents and then attempt to mitigate them with appropriate measures based upon availability of resources and industry best practices.
Routine risk assessments are vital, as are table-top drills and operational exercises. We cannot predict the future, but we can, to a lesser degree, learn from our own and others’ mistakes and attempt to prevent and adequately respond to security incidents when they occur. It is in this due diligence that we can best seek to meet the spirit of the General Duty Clause and keep our work environments safe for all of our teammates as well as patients, visitors and others who we are charged with protecting.
Guidelines Aren’t Mandatory, but…
Initially released in 1996 and updated in 2004, OSHA publication 3148-01R Guidelines for Preventing Workplace Violence for Health Care & Social Service Workers (available for download at osha.gov/Publications/osha3148.pdf) was a seminal work in providing advice and best practices when it comes to protecting those in the healthcare industry from threats and acts of violence. Among its many non-mandatory guidelines are detailed statistics providing a clear scope of the immediacy concerning workplace violence and its relevance in the healthcare and social service industries. It also contains common risk factors and elements of a successful workplace violence prevention program for organizations to adopt in furtherance of their duty to protect their employees.
In regards to this guideline and the General Duty Clause, OSHA clearly states that “OSHA will rely on Section 5(a)(1) of the OSH Act, the ‘General Duty Clause,’ for enforcement authority. Failure to implement these guidelines is not in itself a violation of the General Duty Clause. However, employers can be cited for violating the General Duty Clause if there is a recognized hazard of workplace violence in their establishments and they do nothing to prevent or abate it.”
In other words, OSHA cannot make you follow guideline 3148, but they can certainly make you wish that you had should a workplace violence event occur and you are not adequately prepared.
