Ann McCullough (email@example.com) is a Shareholder in the Denver office of Polsinelli, Tracey L. Klein (firstname.lastname@example.org) is a Shareholder in the Chicago office of Polsinelli, and Kathleen Snow Sutton (email@example.com) is an Associate in the Denver office of Polsinelli.
On November 19, 2018, four people were killed in a shooting at Mercy Hospital in Chicago. On May 13, 2017, a patient obtained a handgun, held four nurses hostage, and sexually assaulted one of them. Unfortunately, these horrific situations are not unique. Healthcare is particularly vulnerable to violence in the workplace. According to the Bureau of Labor Statistics, 70% of the victims of workplace violence were healthcare or social service workers. The Joint Commission (TJC) reported that, in 2017, “criminal events,” such as shootings, homicide, physical assault, and sexual assault was the seventh most common sentinel event, up from number nine in 2016.
Compliance professionals have a role in developing policies and processes to prevent and respond to workplace violence. Federal law requires healthcare organizations to provide a safe working environment for employees and to manage safety and security risks. , The Occupational Safety and Health Administration (OSHA) and TJC have issued guidance on steps that healthcare organizations can take to prepare for, prevent, and respond to workplace violence. Both OSHA and TJC recommend that healthcare organizations develop and implement policies and training to address violence; analyze the worksite to determine risks, including tracking reports of violence or threats of violence; develop processes to prevent and control incidents; provide support for victims; and evaluate the program and policies to reduce incidents and root causes. These resources, however, do not provide direct guidance for compliance professionals in addressing policies and processes regarding active shooters.
Legal standards and guidance
The Occupational Safety and Health Act (OSH Act) imposes on all employers a general duty to furnish a place of employment that is “free from recognized hazards that are causing or likely to cause death or serious physical harm to its employees.” This general duty, however, does not specifically prescribe how employers are to eliminate or reduce employees’ exposure to workplace violence. Last year, OSHA issued a request for information (RFI) regarding workplace violence in the healthcare and social services settings. The goal of the RFI was to implement a standard for organizations to follow to prevent, prepare for, and respond to violence, including active shooter situations. The comment period closed on April 6, 2017, but as of the date of this article, OSHA has not yet issued a formal standard.
In the meantime, OSHA has issued guidelines to help healthcare organizations address the threat of workplace violence. These voluntary guidelines recommend a comprehensive violence prevention program, and include detailed, research-based information on specific controls and strategies for various healthcare and social assistance settings to help employers and employees prevent violence. OSHA’s guidelines consist of five core elements or “building blocks”: (1) Management commitment and employee participation, (2) worksite analysis, (3) hazard prevention and control, (4) safety and health training, and (5) recordkeeping and program evaluation.
In addition to the general duties under the OSH Act, hospitals must meet the health and safety Medicare Conditions of Participation (CoPs) in order to participate in Medicare. , The CoPs—and for TJC accredited hospitals, the corresponding TJC standards—do not directly address workplace violence or active shooter situations, but they do require hospitals to provide a safe environment of care and to have processes in place to manage emergencies. ,  TJC has nonetheless recognized that workplace violence implicates many of the accreditation standards (particularly those focused on the environment of care and emergency management) and recommends that organizations take action to address workplace violence, such as: (1) developing and implementing policies to address violence, (2) tracking and trending reports of workplace violence, (3) providing appropriate medical and psychological support for victims and witnesses of violence, (4) reviewing and analyzing each reported incident to determine contributing factors, and (5) developing quality improvement plans to reduce incidents.
Hospitals should also be cognizant of state laws that may affect their plans and response to workplace violence. For example, several states have enacted laws that require employers of healthcare and/or social assistance workers to establish a plan or program to protect those workers from workplace violence (e.g., California, Connecticut, Illinois, Maine, Maryland, New Jersey, New York, Oregon, and Washington). In Illinois, the Health Care Violence Prevention Act, which became effective January 1, 2019, seeks to address the risks of workplace violence, requires healthcare providers to comply with workplace safety requirements, and necessitates a workplace violence protection program. Other state laws that may affect a hospital’s response to threats of violence may include privacy protections, protections for victims of domestic abuse, laws relating to firearms, and any laws that require reporting of injuries to patients or employees. As healthcare employees continue to face violence in the workplace, they are working with state legislators to create or strengthen protections for healthcare workers and increase the penalties for assault on healthcare workers. ,
Additionally, while not binding, healthcare organizations can look to guidance and recommendations from OSHA, , TJC, the Centers for Disease Control and Prevention (CDC), and security management organizations, such as ASIS International. These resources may provide guidance on developing workplace violence prevention and response programs. ASIS International has issued comprehensive guidance on prevention and intervention for workplace violence (ASIS Standard). The ASIS Standard is not a legal authority and is not binding, but it provides comprehensive guidance on developing and implementing a workplace violence prevention and intervention program.