With the passage of A.B. 30, California became the first state to require all acute-care hospitals and skilled-nursing facilities to develop and implement comprehensive workplace violence prevention plans. After years of wrangling with California’s Division of Occupational Safety and Health (“Cal OSHA”), the law became effective on April 1, 2018.

This statute was conceived by Cal OSHA, in conjunction with unions such as the California Nurses Association to address the high risk of workplace injuries faced by health care workers daily. Overall, health care workers suffer the greatest number of workplace injuries, with over 650,000 individuals injured each year. Violence in the health care industry, however, is historically underreported; one survey estimated that just 19% of all violent events are reported.

Under the law, affected employers in the health care industry must prepare a workplace violence prevention plan that includes:

  1. Annual personnel education and training regarding workplace violence;
  2. A system for responding to and investigating violent or potentially violent incidents; and
  3. Procedures for annual assessment and evaluation of factors that could help to prevent workplace violence.

Employers must provide annual education and training to all employees at their facility who administer direct patient care, including physicians and temporary employees. This training must include, but not be limited to, information regarding:

  • Identifying potentially harmful and violent situations and appropriate responses thereto;
  • Reporting violent incidents to law enforcement officials; and
  • Resources available to employees coping with the aftermath of a violent incident, such as critical incident stress debriefing and/or employee assistance programs.

Employers’ annual assessment identifying the factors that could possibly minimize the number of incidents of workplace violence should include a review of staffing and staffing patterns; the sufficiency of security systems at the facility; job design, equipment, and facilities; and areas of high security risk including entry and exit points for employees during late-night and early-morning shifts and employee parking lot safety.

Additionally, employers must develop these workplace prevention plans with input from their employees and any applicable collective bargaining agents. Employers are also expressly prohibited from taking punitive or retaliatory action against employees for reporting violent incidents.

Employers, however, should be aware of the dichotomy between interests regulated by Cal OSHA and by the Centers for Medicare and Medicaid Services (CMS). While Cal OSHA creates rules to ensure health care workers have a safe work environment free from harm, CMS creates rules to control aggressive patients in order to protect patients’ rights.  These competing interests often create conflicting obligations for health care facilities.  With Cal OSHA designating health care as a high risk industry for workplace violence and CMS focusing heavily on patient safety and patient rights, health care facilities must carefully navigate these competing obligations to appropriately protect both their employees and their patients.

Employers with affected health care operations in California should consult counsel for assistance with the development of a legally-compliant violence prevention plan and annual training materials in light of this new regulation.

by Pamela D. Tyner

Social media have become de rigueur globally.  Today, millions maintain connections with their friends, relatives and business acquaintances via Facebook, Twitter, LinkedIn, blogs and YouTube.  Recent studies indicate that social media popularity even predicts polling popularity and the stock market.  Translated to the healthcare arena, healthcare facilities and organizations are now trained to promote their business by communicating effectively via social media.  In addition, patients, physicians and employees of healthcare facilities and organizations frequently communicate and discuss patient status via cell phones, Facebook, YouTube and other social media.  However, many people do not realize that use of these media may compromise health information privacy unless certain protections are implemented to safeguard them.

Invasion of Health Information Privacy

Under the confines of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Health Information Technology for Economic and Clinical Health (“HITECH”) and state privacy laws, certain protections of protected health information (commonly known as “PHI”) are mandated.  The increased usage of social media to reference patient whereabouts, ailments and treatment plans continues to leave healthcare employers scrambling to implement new forms of encryption, other IT protection and disciplinary actions.

Examples of Social Media and IT Breaching Confidentiality of PHI

From the trenches, here are some recent examples of social media and IT affecting the privacy of PHI:

  • A day in the life of a patient posted on YouTube, posted without consent of other patients and employees of a hospital system.  The Hospital asked for the individual to immediately remove the content from YouTube.  In addition, the Hospital conducted a thorough investigation and notified the patients affected about the breach of their PHI.
  • A patient updates his/her status via Facebook and later discovers the status update informs her Facebook friends that s/he is in the hospital.  The patient complains to the Hospital’s compliance department about a breach of her PHI.  Afterwards, the Hospital investigates the incident and discovers the patient updating the status inadvertently notified Facebook of the individual’s whereabouts.  The facility is in the process of revising its Patient Handbook to include information about updating an individual’s “location update” status while a patient as potentially identifying the individual’s hospital stay.
  • Doctors, nurses and medical students  revealing patient information on Facebook.  Facilities are implementing social media training to medical staff, employees and allied health professionals about the potential breach of confidentiality and/or disciplinary actions that might result from their Facebook updates about patients.
  • A health care institution realizes that its computer encryption system has a loophole through the usage of USB ports.  The institution must scramble to protect its system information while waiting for the software company to fix the loophole.
  • Articles and blogs inform consumers how to mine PHI about others.

Government Action

The National Relations Board has become very active in addressing social media’s impact on the workplace.   In future, it is anticipated that additional government agencies and the court system will jump on the band-wagon and scrutinize social media as it relates to the healthcare environment and patient confidentiality.

Office of Civil Rights Solicits Comments on Mobile Devices and Confidentiality

In early March 2012, the Office of Civil Rights and the ONC Office of the Chief Privacy Officer (OCPO) invited members of the public to provide input on mobile devices’ uses along with comments on current and emerging privacy and security best practices regarding protecting and securing health information while using mobile devices. Public commentary will help inform the OCR and OCPO for future development of an effective and practical way to bring awareness and understanding to those in the clinical sector regarding protecting and securing health information while using mobile devices.  Popular health information technology remains a hot topic for the OCR; a roundtable discussion on mobile devices and safeguarding health information is planned for mid-March.

Lessons Learned and How Healthcare Employers Should React

Healthcare facilities and organizations must act quickly to assess each usage of social media to gauge whether patient confidentiality may be vulnerable to compromise.  Due to the rapid evolution of social media technology, healthcare facilities and organizations’ social media and employee disciplinary policies must be scrutinized frequently for uniformity within their corporate compliance program.  In addition, these entities must analyze and implement clear guidelines outlining how its physicians and allied health professionals may be constructively redirected and/or advised on the proper usage of social media to facilitate efficient communication concerning patients without compromising PHI confidentiality.



by Pamela D. Tyner

Physicians and healthcare workers devote years to improving the quality of their patients’ lives.  Despite the Hippocratic code and compulsory non-retaliation policies, incidents of disruptive behavior from physicians and healthcare workers, though largely shielded from the general public, continue to frequently surface internally at healthcare environments.  Amidst recent jarring headlines of workplace violence and bullying, news media have discovered this same trend is also on the rise as healthcare facilities across the nation struggle to effectively resolve these alarming concerns.  

Reasons for Under-Reporting of Disruptive Behavior

Most healthcare organizations will not readily admit there are under-reported and unresolved disruptive behavioral problems from its physicians and healthcare workers due to a number of factors.  First, there is an underlying history and culture of tolerance and indifference to intimidating and disruptive behaviors in health care.  Turning the other cheek becomes easier if the verbally abusive physician is one of the facility’s top physicians.    In addition, physicians serving on professional activity or peer review committees fear retribution, ostracization and even liability from their participation in attempting to resolve such incidents.

For example, in a nationally publicized case, Poliner v. Texas Health Systems, a Texas jury awarded Dr. Lawrence Poliner $366 million in damages against a hospital and several physicians for malicious peer review after his privileges were terminated.   In July 2008, the United States Court of Appeals for the Fifth Circuit reversed the ruling and entered judgment in favor of the defendants based on application of immunity for the hospital and three physicians under the Federal Health Care Quality Improvement Act (“HCQIA”).  This legal battle highlights both the fear of retribution for service on a peer review committee and the cost of lengthy litigation.

Joint Commission Redefines “Disruptive Behavior”

In July 2008, the Joint Commission published a sentinel event alert regarding intimidating and disruptive behavior that highlighted the following potential negative outcomes:

  • fosters medical errors;
  • contributes to poor patient satisfaction;
  • causes preventable adverse outcomes;
  • increases the cost of healthcare; and
  • increases rate of turn-over of qualified clinicians, administrators and managers.

As a result, the Joint Commission issued a disruptive behavior standard (LD.03.01.01) to include mandatory policies, training, code of conduct and reporting structures for any inappropriate outbursts.  In its November 9, 2011 newsletter, the Joint Commission revised its definition of “disruptive behavior” to a more refined interpretation of “behavior or behaviors that undermine a culture of safety”  after it received complaints that the term “disruptive behavior” was both ambiguous and not always viewed favorably.  For example, some argued that advocating for patient care  improvement might be incorrectly labeled as “disruptive behavior.”  The revised definition becomes effective in 2012 . 

Lessons Learned – A Balanced Healthcare Environment

From verbal abuse by physicians and healthcare workers causing fear to serve on hospital committees, potential patient safety issues and high turn-over rates, healthcare facilities and organizations must quickly strengthen  existing human resources policies and reporting lines to incorporate the revised definition of “disruptive physician” and to avoid becoming the latest headlines.  Above all, the historical tolerance for disruptive behavior must instead more highly value the promotion of patient safety and respect in the medical workplace.