Hospitals and clinics are bustling, high-stakes environments that rely on layers of intricate processes to protect and heal patients.
Risks are everywhere. Some are easy to spot, but many are invisible – noxious fumes, toxic chemicals, and infectious diseases. As technology becomes more prevalent in the form of medical devices, electronic records, and networked communications, interrelated cyber risks abound. Through it all runs a layer of systems and tasks related to complying with laws and regulations designed to protect patients and their personal data. Thinking about it all at once is enough to make one’s head swim.
And we haven’t even mentioned everything that goes into protecting those who provide care and support services to the patients. Workplace safety is a major challenge for healthcare organizations and entails careful adherence to an additional set of health and safety practices and regulations that must be monitored, documented and reported. Keeping up with directives and reporting requirements from multiple federal agencies (e.g., HHS, CMS, and OSHA), from state and local agencies, and from healthcare accrediting organizations is a significant resource burden. Even when the scope is limited to OSHA, the primary agency for workplace safety, the multifaceted obligations are daunting.
Several OSHA regulations initiated during the Obama administration have recently been canceled or delayed. Of the OSHA-specific items on the DOL’s regulatory agenda at the end of 2016, more than half have since been dropped. While these actions (in addition to OSHA budget cuts) may eventually ease regulatory burdens, the uncertainty they have introduced leaves compliance managers in a tough spot.
Obligations related to reporting are particularly unresolved at this time. OSHA’s deadline for a new electronic injury and illness reporting requirement, originally set for July 2017, has been postponed to December 2017 and is one of the rules that the current administration has stated it will “revisit.”
As the federal government rolls back regulations, we are likely to see some state, local, and industry entities move forward with similar initiatives. This can have the effect of complicating compliance, especially for healthcare organizations that fall under the purview of agencies in multiple locations.
An integrated approach to risk management that addresses workplace safety risk alongside operational, IT, and third-party risk results in a more comprehensive and efficient compliance program that can remain resilient in the face of ongoing regulatory flux. To support this approach, healthcare organizations must develop more integrated processes to identify, assess, document, and remediate workplace hazards, injuries, and illnesses. Manual methods of coordinating workplace safety compliance are insufficient, slow, and costly.
Modern healthcare organizations require centralized systems managing the interdependent activities of governance, risk management, and compliance (GRC). GRC technology solutions can be integrated with an organization’s existing compliance framework: policies can be mapped to controls and procedures and continuously updated through links to regulatory libraries. Implementing such systems helps foster cross-organization communications and workflows, resulting in improved accountability and transparency. Automated processes (e.g., incident tracking, assessments, and reporting) enhance overall efficiency and reduce compliance gaps.
By leveraging the analytics capabilities of comprehensive GRC platforms, health and safety teams can use historical data to gain insight into root causes of incidents. Stakeholders in audit, compliance, incident, risk, and data security have access to health and safety’s findings and reporting, and vice-versa. Dashboards and heat maps help compliance and safety teams produce better internal reports and raise awareness and engagement at the executive level.
With the support of GRC technology, safety and compliance teams can streamline the execution and documentation of facility and site inspections, as well as remediation based on the findings. Submission-ready OSHA forms can be generated automatically from incident data, saving resources and improving accuracy and responsiveness. Dangers identified during inspections and job hazard analyses can be linked to the risk register to inform strategic and tactical priorities. By leveraging these platforms to increase visibility and process control, healthcare organizations can reduce accidents, insurance costs, lawsuits, and days of work missed for illness or disability.
The healthcare system is overtaxed: resources are tight, patient populations are aging, and different public health crises are gaining momentum. The complexity of regulatory obligations should not get in the way of patient care and keeping employees safe. Investing in integrated risk management efforts supported by GRC technology solutions helps ease compliance pressures while putting the focus back where it should be: improving the efficacy of healthcare systems so that patients get the care they need, and those caring for them are properly protected.
Author:
Manolito Jones is Healthcare Solutions Team Leader at LockPath’s healthcare team. With 15 years in the healthcare and pharmaceutical industries, Jones' focus is on helping healthcare organizations realize value through technology.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.