Infection Control Compliance for AdministratorsBy
Katherine West, RN, BSN, MSEd, DICO-C, James Cross, JD -
The need for a comprehensive exposure control plan and program has been required since late 1991 when the Occupational Safety and Health Administration (OSHA) issued the Bloodborne Pathogen Standard, 29 CFR 1910.1030.1 These regulations laid out the foundation of what components were needed to establish a program for the protection of employees from contracting an occupationally acquired bloodborne infection. Many employers are not aware that there is a companion document to this standard which gives a more in-depth explanation of the regulations and examples. This document, known as a compliance directive, CPL 02-02.069,2 was published in 1995. Several updates and revisions to this document followed; a major update was published in 2001.
The OSHA Bloodborne Pathogens Standard was updated in 2001 pursuant to the Needlestick Safety and Prevention Act, Public Law 106-430, passed by the United States Congress in 2000,3 which required OSHA to update the Standard to address needle safe device requirements. By this time, it had been well established in many studies that injuries from sharps were the leading cause of employee exposures in the healthcare setting and that the reduction in these injuries could be prevented by requiring the use of needle safe devices.
OSHA also is enforcing Centers for Disease Control and Prevention (CDC) Guidelines for Tuberculosis, using its authority under the general duty clause, Section 5(a), of the Occupational Safety and Health Act of 1970.4 OSHA has been enforcing these guidelines for high-risk workplaces, including fire/EMS, since 1993. The OSHA compliance directive for Tuberculosis is CPL 02-02-078, which was issued in 2005.5,6 Many departments (and even medical facilities) have missed the fact that OSHA has been enforcing CDC Guidelines and Recommendations for many years via the general duty clause. Administrators and human resource managers often state incorrectly that CDC publishes guidelines and recommendations, which are not laws or requirements, so we do not need to follow them. This statement is far from accurate to say the least. OSHA can issue citations and fines for non-compliance with CDC guidelines and recommendations. Yes, the CDC documents say guidelines/recommendations, but the fact that OSHA is enforcing them essentially makes them OSHA regulations.6
There is also not a clear understanding that fire/EMS personnel are clearly defined as “healthcare personnel” by OSHA and the CDC. The definition states all paid and unpaid persons, so volunteers are clearly addressed. Because of this, many departments are not in compliance with CDC guidelines which are OSHA-enforced – such as requirements for immunizations/vaccinations, work restrictions when employees are ill, and several others.7
In addition to OSHA regulations and enforcement, the Ryan White CARE Act, Public Law 101-381, was passed in 1990. This law requires that every emergency response employer in the country have a “designated officer” to act as a liaison between an exposed employee and medical facilities to which source patients are transported. The position of the designated infection control officer (DICO) in departments became common following enactment of the Ryan White Act. This act creates significant rights and responsibilities for emergency response employers and medical facilities. After employees report an exposure to blood or other potentially infectious material to the DICO, the DICO is responsible for verifying that there was in fact in exposure. After such confirmation, the DICO is responsible for contacting the appropriate personnel at the medical facility to which the source patient was transported and to request the disease status of the patient. Disclosure of a patient’s HIV status is governed by state law, so knowledge of the legal requirements for consent in the state in which business is being conducted is needed. For airborne and droplet transmitted diseases, medical facilities are required by the law to notify the DICO of the transporting department when the facility determines the department had transported a patient suspected of or diagnosed with a disease that was on the list developed by the CDC.8,9,10
The existence of the Ryan White Act, and similar requirements under OSHA regulations and enforcement, has created the need for a trained DICO in each department to ensure employees are receiving appropriate post-exposure medical follow-up and that the department is complying fully with its legal requirements. Meeting these responsibilities requires not only a trained DICO but also support from department administration when problems arise.
In addition to the laws mentioned thus far, there is a need for all departments to have confidentiality policies in place. There is potential legal liability for the inappropriate disclosure of confidential information of patients and department employees. Although there is a right to know the disease status of patients following employee exposures, the Health Insurance Portability and Accountability Act (HIPAA) Privacy Regulations must be taken into account as well. Discussion of a patient’s identity and their disease status outside of the context of providing post-exposure medical follow-up is a HIPAA violation and this must be addressed in departmental policy.
It should be clear at this point that there is a need for many key players in the process to have a comprehensive department exposure control program. More is needed than just an exposure control plan. Let us discuss who the key players need to be to develop a comprehensive exposure control program and keep up with needed updates and added responsibilities. Key players are: the department chief and administration; legal representative(s); the DICO; medical facility representative(s); medical examiner(s); risk management specialist(s); and human resources.
Department chiefs needs to be aware of the applicable laws and the policies and procedures that need to be in place for the department to be compliant. The chief also has a vital role in selecting the individual to be the DICO for the department. This person should be interested in serving in this role, self-motivated, and accepted by the members of the department. Training for this role is essential, although the necessary training is not specified in the Ryan White Act or the Bloodborne Pathogens Standard. Administration needs to fully support the role of the DICO and assist with a budget for this position to cover post exposure costs, vaccines, and immunizations.
As this program is designed to ensure that proper post-exposure medical treatment and counseling is given to an exposed employee, careful selection of the physician to deliver post-exposure care and counseling is needed. OSHA is noticeably clear that the department holds the responsibility to ensure that proper care and counseling is afforded an exposed employee. The physician is only acting as an agent on behalf of the department.
A key player in a successful comprehensive exposure control program is the DICO. This individual is the key to ensuring that proper care and counseling is afforded each exposed employee. The DICO is to set up a communication system between the medical facility and the patient that is the source of the exposure. Awareness of the state HIV testing law for their state is especially important. It is also important the DICO assists in the source patient receiving rapid testing when an exposure has occurred. The source patient test results are to be given directly to the DICO, who will then review them with the exposed employee. The Ryan White Act is clear that this is to be the process. The medical facility is not to give the results to the employee.
The DICO makes the first determination as to whether a reported event is or is not an exposure. If not an exposure, no medical follow up is needed or recommended. This process can be an opportunity for a DICO to conduct some one-on-one education as to why an event is not an exposure. The DICO making this determination benefits administration by not generating unneeded costs. This is an example of the balance the DICO performs between being an advocate for the employee as well as for the department. If an event is determined to be an exposure, then the DICO acts to ensure that proper care is given based on the needs for each employee. The needs for care rendered may differ based on the status of the employee regarding past disease history and vaccination status. Complete documentation of each exposure event is essential for recordkeeping. The DICO needs to maintain records in addition to the medical care provider. This is important for risk management and liability reduction. This process also benefits both the exposed employee and the department. The DICO needs also to ensure that department policies and procedures as well and the exposure control plan are updated and reflective of the current evidence-based practice.
Medical facilities also play a key role in having an effective exposure control program. They need to be aware of laws such as the Ryan White Act, which differ from the way medical facilities follow exposures. Medical facilities also need to be aware that OSHA is enforcing CDC guidelines and recommendations and that these are to be followed as laws. This would include contracted departments of a medical facility such as the laboratory and the emergency department. Medical facilities fall under Federal OSHA and need to comply. The key responsibility of the medical facility is to conduct proper testing on the source patient, and this is to be rapid testing as stated in the CDC guidelines. EMS is not to be involved in source patient testing, as stated by the CDC.
Legal and risk-management representatives for the department need to be involved and play a significant role in establishing a program that meets all legal requirements. The human resource department plays a role in processing of worker’s compensation but should not be involved in post exposure determination and/or policies. Exposure records are kept by the DICO as they are a confidential medical record. The DICO will share necessary post-exposure information with the workers’ compensation processor.
In the case of an exposure involving a deceased person, the medical examiner or coroner holds the responsibility for testing the deceased person. This is a clear requirement in the Ryan White Act; however, this is not a well-known responsibility and the DICO will need to make this requirement known to the medical examiner or coroner.
In summary, it is clear that there are many important players in the success of a compliant exposure control program. Compliant programs are cost effect and assist with liability reduction.