CastleBranch Training

Storage of Oxygen and Other Flammable Gases You should know whether your workplace contains a bulk oxygen system or other compressed gas cylinders, such as acetylene, hydrogen, or nitrous oxide. While your organization is required by OSHA to meet several standards to ensure safe handling and storage of these gases, it will be helpful for you to understand that:

Bulk oxygen storage systems and other compressed gas cylinders should be in a safe location that can be visually inspected when necessary The storage system should not be exposed to electric power lines, flammable or combustible liquid lines or flammable gas lines The storage location should have permanent signage to indicate the type of gas and associated warnings, such as: "OXYGEN - NO SMOKING - NO OPEN FLAMES" or other similar warnings

Coordinator/Backup Coordinator Responsibilities An emergency response coordinator and backup coordinator should each be assigned within your organization. The Coordinator's responsibilities include:

Determining which emergencies are likely, and ensuring emergency procedures are developed for each Directing all emergency activities, including evacuation of personnel Ensuring that all outside emergency services are notified when necessary Directing the shutdown of the workplace when necessary

HIPAA Practice Medical Technician

XXXXXXXXXXXXXXXX

Why Emergency Action Plans Matter for Healthcare

XXXXXXXXXXXXXXXXXXXXXXXXXXX

Permitted Uses and Disclosures HIPAA privacy standards list five permitted uses and disclosures of protected health information:

1 Requests by the individual (patient or member) 2 Uses and disclosures needed for treatment, payment or health care operations (also known as TPO) 3 Informal uses open for agreement or objection and incidental uses and disclosures 4 Uses and disclosures for the public benefit and interest 5 Limited data set uses and disclosures

Additional Areas for Hazards Additional areas for workplace hazards in a healthcare facility:

1. Slips, trips and falls 2. Sharps and containers 3. Workplace Illumination 4. Workspace environment 5. Facilities environment

OSHA's Bloodborne Pathogens standard requires safeguards to protect employees against the health hazards from exposure to blood and other potentially infectious materials and to reduce the risk from this exposure. This standard includes:

A written exposure plan, updated annually Treating all human blood and other potentially infectious material as if known to be infectious Safe consideration, implementation, and use of engineering controls, such as needles and sharps Use of work practice control methods Personal Protective Equipment (PPE), such as gloves, gowns, eye protection, and masks Offering Hepatitis B vaccines to employees with exposure potential Medical follow-up in the event of exposure Proper use of labels and signage Employee training Proper containment of all regulated waste

Technical safeguards required of covered entities include:

Access Controls Technical policies and procedures so only authorized persons have access to electronic protected health information (e-PHI). Audit Controls Hardware, software, and/or procedural mechanisms that record and examine access and other activity in information systems that contain or use e-PHI. Integrity Controls Implement policies and procedures to ensure that e-PHI is not improperly altered or destroyed. Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed. Transmission Security Implement technical security measures that guard against unauthorized access to e-PHI transmitted over an electronic network.

Disclosure Accounting Individuals also have the right to request an accounting of disclosures of their medical records. This means they have a right to know who has seen their medical records and why under certain situations. Covered entities are only required to provide an accounting for a six-year period prior to the date of the request. The accounting must be provided within 60 days of the individual's request. The first accounting in any 12-month period must be provided without charge. A reasonable cost-based fee may be charged for subsequent accountings in that period.

According to HIPAA, these items must be included in an accounting of disclosures: The date of the disclosure The name of the person or entity who received the protected health information and the address, if known A brief description of the protected health information disclosed A brief statement of the purpose for the disclosure A copy of the written request for disclosure

What are bloodborn pathogens?

According to OSHA, bloodborne pathogens are "pathogenic microorganisms that are present in human blood and can cause disease in humans." Some examples may include but are not limited to: HBV - hepatitis B virus, which causes hepatitis B HIV - human immunodeficiency virus, which causes AIDS HCV - hepatitis C virus, which causes hepatitis C

Workplace Violence Workplace violence in recent years has become a hot topic in America. According to OSHA, approximately 75 percent of nearly 25,000 workplace assaults reported annually occurred in healthcare and social service settings and workers in healthcare settings are four times more likely to be victimized than workers in private industry. Workplace violence is defined as:

Act of threat of physical violence Act or threat of verbal violence Harassment Intimidation Any disruptive behavior

Administrative Safeguards The HIPAA Security standard requires covered entities to determine and provide specific safeguards for the protection of PHI data. These safeguards are categorized as administrative safeguards, physical safeguards, and technical safeguards.

Administrative safeguards expected to be incorporated are: A security management process to analyze and identify potential risks Security official to monitor various safeguards Information access management policies and procedures to ensure the minimum necessary rule is accomplished Workforce training and management Evaluation process by periodically assessing the effectiveness of security measures

Appropriately Labeled Doors OSHA regulates that adequate signage is used throughout a building to ensure a more organized and efficient work environment, as well as to facilitate evacuation during an emergency. As a new employee, appropriate signage helps you orient yourself to your new environment. Signs also make it easier for everyone to know where things are.

All exit should be labeled as an exit, and any door, passage or stairway that is not an exit or exit route, but could be mistaken for such, must be identified with a sign reading "NOT AN EXIT," or a similar sign designating the space specifically, such as "Basement" or "Storeroom," for example.

Disclosure Accounting If the disclosure was made for research purposes, HIPAA guidelines state that the covered entity may provide to the patient a description, in plain language, of the research protocol or other research activity, including the purpose of the research and the criteria for selecting particular records. There are other regulations that impact accounting of disclosures. For example, the Omnibus Rule of January 2013 adds new definitions for family member, genetic information, genetic services, and genetic test when it comes to disclosures.

Also, under HIPAA guidelines, a business associate such as a medical record company is not required to give the patient an accounting of disclosures. However, if the contract between the business associate and the covered entity states that the business associate may provide the accounting because it is the sole keeper of some of the information, then the business associate can give the patient the accounting. HIPAA privacy standards state that when a disclosure, such as that made to a public health authority, is required to be documented in the patient's record, it also needs to be part of the patient's accounting. The disclosure may have occurred in written or oral form if this type of disclosure is not required to be part of an accounting. (See the reference item for this course to learn more about what does not need to be included in an accounting of disclosures)

Evaluating Exposure Incidents OSHA requires that in the event of exposure to a hazardous material, the employee is given a confidential medical evaluation and follow-up and that the exposure is correctly documented. The exposure incident review should note:

Any engineering controls in use at the time Work practices being followed A description of the device being used (including the type and brand of the device) Any protective equipment or clothing that was in use The location of the incident The procedure being performed when the incident occurred The extent of the affected employee's training

HIPAA requires all covered entities using a standard authorization form to include a sentence on the form informing the individual that the potential exists for the recipient of health information to redisclose it and the information would no longer be protected.

Authorization is NOT required when - The information is being used to discuss treatment options Reporting a communicable disease to the local health department Providing medical records to a Workers' Compensation program

Solutions to Workplace Violence There should be a violence prevention program in place as part of your organization's safety and health program. It should be unique to your work environment, and should:

Be made available to all employees Include a zero-tolerance policy for any violence or threat of violence Track the progress in reducing work-related assaults Reduce the severity of injuries sustained by employees Decrease the danger to worker safety Reflect the level and nature of threats faced by employees Include security staffing, equipment, and procedures

Who is Required to Follow HIPAA Standards

Before discussing HIPAA privacy standards, it is important to understand what organizations and individuals are required to abide by them. HIPAA standards apply to any organization in the health care industry that provides care to patients. They also apply to organizations that provide services to individuals or health care organizations. These include health plans and clearinghouses, which are organizations that process nonstandard health plan transactions and convert them into standard transactions that are mandated by HIPAA. All of these are considered covered entities. Business associates must also follow many of the same HIPAA standards. An organization is considered a business associate if it contracts with a covered entity to provide services that involve or use protected health information.

Business Associate Contracts HIPAA requires covered entities and their business associates to enter into a contract that details what PHI the business associate will have access to, as well as the safeguards and measures the entity expects the business associate to make and enact in order to protect the entity's PHI. Contracts should also describe what it considers breaches and how the business associate is expected to respond to any breaches that occur.

Business Associate Contract Breach Occurred If the covered entity discovers breaches by the business associate that are occurring, it is required by HIPAA regulations to take reasonable steps to resolve the breach. Impact of Non-Resolution If the business associate does not resolve the breaches, HIPAA expects the covered entity to end the business relationship with the business associate and report the problem to HHS.

Compliance Audits for Business Associates While some HIPAA standards applications might be determined by the business associate contract, for most business associates that have access to their clients' protected health information compliance is expected to be at the same level as the covered entity. Business associates should be prepared for an audit by the Office for Civil Rights (OCR), which enforces HIPAA regulations. The privacy regulations require that a covered entity's business associates agree to make information available that relates to the use and disclosure of the covered entity's PHI. This is one of the requirements the covered entity must include in its written contract with its business associates. This is required for HHS/OCR to evaluate the covered entity's compliance with the privacy regulations.

Business associates must make information available for the compliance audit as required in their written contracts with the covered entities. Business associates are required to make their internal practices, books, and records available as they relate to the use and disclosure of PHI received or created on behalf of the specific covered entity. Business associates are not immune from the consequences of violating HIPAA standards. Just like the covered entities, they contract with; business associates are charged a penalty for each violation uncovered by a compliance audit

Air Quality It is important to have proper indoor air quality. Poor air quality regulation could potentially develop poor health problems for you in the future. Below are causes of poor air quality, sources of indoor air pollution, common pollutants, and symptoms resulting from poor air quality. Please take a few minutes to read through this list.

Causes of Poor Air Quality - Poorly designed or malfunctioning ventilation systems Air temperature above or below standard comfort level Building dampness Stuffy or stagnant conditions Exposure to chemicals, volatile organic compounds (VOCs), ozone and particles Dry air Sources of Indoor Air Pollution - Building site or location Building design Heating, ventilation, and air conditioning system design (HVAC) Renovation activities Building maintenance Building materials or furnishings Building occupant activities, such as wearing perfume or cologne Symptoms Related to Poor Air Quality - Irritation of eyes, nose and throat Headache and dizziness Rashes Muscle pain and fatigue Three Common Pollutants - Biological - includes mold, dust mites and pollen Chemical - refers to gasses and vapors Particle (non-biological) - means dust and dirt

Workplace Cleanliness Now, let's discuss the importance of workplace cleanliness to minimize the risk of injury or illness. This is an important topic because workplace injuries and illnesses can be costly both physically and financially to you and your employer.

Cleaning Schedule - By making and following a proper cleaning schedule, you can eliminate a great deal of common workplace hazards. Your cleaning schedule should explain the areas and surfaces to be cleaned, what type of contamination is present, and how the area and surfaces will be cleaned. Appropriate Disinfectants - OSHA requires that all equipment and work surfaces be cleaned and decontaminated after contact with blood or other potentially infectious materials. Laundry - OSHA mandates best practices for handling contaminated laundry: Bag laundry at the site and handle contaminated laundry with little agitation Bag contaminated laundry at the location of use Do not sort or rinse laundry at the location where it was used Place wet contaminated laundry in leak-proof, and color-coded or labeled containers, at the location where it was used.

Personal Representatives and Minors HIPAA requires covered entities to treat personal representatives of individuals the same way as the individuals when it comes to disclosure of the individual's PHI. Personal representatives must be able to make health care decisions for the individual or to act for a deceased person or the deceased person's estate. Personal representatives may have power of attorney or be appointed by the court to act on the person's behalf. An executor of a deceased person's estate may receive billing statements to resolve the person's account. They may request an accounting of disclosures, just as the individual can. Covered entities do not have to provide the information to a personal representative if they think that representative is abusing or neglecting the individual or if they feel doing so will endanger the individual. Spouses and other family members are not considered personal representatives of the patient unless the patient has given them power of attorney. Under some circumstances, providers may share information with a patient's family members or friends.

Click here to learn more - According to HIPAA standards, a health care provider or plan can share patient information with family or friends if: They are involved in the patient's health care or payment for his health care The patient tells the provider or plan that it can do so The patient does not object to the plan or provider sharing the information In its professional judgment the provider or plan believes the patient does not object. In cases where the individual is incapacitated, a covered entity may share the individual's information with the family member or other people if the covered entity determines, based on professional judgment, that the disclosure is in the best interest of the individual. A surgeon who did emergency surgery on a patient may tell the patient's spouse about his or her condition, either in person or by phone, while the patient is unconscious. A nurse may not tell family members or friends about a past medical problem that is unrelated to the current condition. Parents are considered the personal representatives of minors. Minors are children under the age of 18. In some situations, parents are not considered the personal representative of their children. Covered entities are advised by HIPAA to follow state laws in these situations, and if state laws do not make any stipulations about health care decisions, covered entities may at their discretion provide access or deny access to parents.

1. Requests by Individuals

Covered entities and their business associates (depending on contract details) are required under the HIPAA standards to provide any patient or member their health or medical record and information when that individual requests it. Individuals have the right to inspect their medical records or obtain a copy of paper and electronic records. They also have the right to request amendments to protected health information (PHI) about themselves. Additionally, the individual has the right to ask the provider or health plan to send the information to a third party.

Covered entities must be vigilant with their technical safeguards to: 1 Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit 2 Identify and protect against possible threats to the security or integrity of the information 3 Protect against possible impermissible uses or disclosures of the information 4 Ensure their employees are informed of the correct way to protect e-PHI and comply with these policies

Covered entities must notify individuals whose records were disclosed and the secretary of HHS of the breach of unsecured health information. Electronic media devices may be re-used. However, covered entities must create and implement methods for safe removal of the ePHI before a new user receives them. The standard also notes that devices may be donated for use by other organizations such as schools after ePHI has been safely removed.

Notice of Privacy Practices HIPAA requires all covered entities to create, share and post its notice of privacy practices (NPP) with all members of the organization as well as all patients and associated individuals. Q/A: HIPAA standards require covered entities with direct relationships with individuals to post their NPP in a public place and to make a good faith effort to get a written, signed acknowledgment from the individual that he or she received or read it.

Creating the NPP Describe and explain the way it uses and discloses PHI Explain the covered entity's responsibilities for protecting PHI Explain individuals' rights to request and view a copy of their record Explain individuals' rights to complain to HHS if they feel their privacy rights have been violated Include the name and contact information of the person the individual can contact if he or she has questions regarding privacy The standard form must be in plain language and easy for patients and individuals to understand. For hybrid organizations, offering more than one kind of service, HIPAA standards say that these organizations may develop separate NPPs to address the different services.

Reporting Breach Incidents Security incidents may result in serious consequences for the health care provider, plan or other covered entity, as well as for their patients. HIPAA security standards provide guidelines for covered entities to follow in the event that a security incident takes place.

Definition of a Breach - HIPAA defines a breach as an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. However, covered entities have the discretion not to report an incident when it is considered an unintentional acquisition, access or use of protected health information by a workforce member or person acting under the authority of a covered entity or business associate in good faith and within the scope of the person's authority. Covered entities and business associates must also provide the required notifications if the breach involved unsecured protected health information. Reports of breaches affecting fewer than 500 individuals are due to the Secretary no later than 60 days after the end of the calendar year in which the breaches are discovered. Covered entities must notify individuals whose records were disclosed and the secretary of HHS of the breach of unsecured health information. When a covered entity experiences a breach affecting 500 individuals or more, it is also required to notify local media outlets.

Importance of a Workplace Safety and Health Program The importance of having and implementing an effective workplace safety and health program cannot be stressed enough. There are so many critical benefits like reduced injuries; loss of life, property damage, and insurance claims; even improved employee morale. Emergencies still occur in spite of our best efforts, but proper planning for emergencies helps minimize the collateral damage. An emergency action plan covers designated actions that you, your coworkers, and your organization must take to ensure employee safety in the event of an emergency. According to Occupational Safety and Health Administration (OSHA), workplaces with more than 10 employees are required to have a written emergency action plan in place.

Emergency Action Plan Cooperation and involvement from all employees is crucial to a successful emergency action plan. Your organization's plan will be unique to your workplace. What Should Your Emergency Action Plan Include? Your organization's plan will be unique to your workplace, but at a minimum, the plan must include the following listed below: A preferred method for reporting emergencies Procedures for employees to perform before evacuating An evacuation policy and procedure Emergency escape procedures and route assignments Floor plans, workplace maps, and safe or refuge areas Procedures to account for employees after evacuation The plan should include a list of names, titles, departments, and telephone numbers of individuals both within and outside the workplace who are responsible for additional duties within the emergency plan. It should also include a description of rescue and medical duties for any employees designated to perform them.

Introduction and Overview In this course, you will be introduced to emergency preparedness. Emergency preparedness is absolutely essential in the healthcare environment. As a healthcare worker, you and your coworkers can ensure measures are taken to safeguard patients and staff, in the event of a disaster in the workplace. Knowing how to respond to emergencies by understanding your workplace's emergency action plan, will help you take the best action to keep patients and staff safe.

Emergency Preparedness Nobody expects an emergency or disaster, yet they can strike at anytime, anywhere, with little to no warning. Your organization must have an effective safety system to prepare you and your coworkers to handle emergencies before they arise.

What is Emergency Preparedness? The term emergency preparedness is defined by the Federal Emergency Management Agency (FEMA), part of the Department of Homeland Security as "a continuous cycle of planning, organizing, training, equipping, exercising, evaluating, and taking corrective action in an effort to ensure effective coordination during incident response."

Emergency preparedness is an ongoing continuous cycle of planning, organizing, training, equipping, exercising, evaluating, and taking corrective action to ensure effective coordination during incident response.

Physical Safeguards Covered entities are expected to develop and execute physical safeguards that will keep all PHI secure. This includes limiting physical access to places where PHI is stored or maintained while also assuring that employees who require access to the PHI do have the appropriate access. Physical safeguards also include the safe disposal of both ePHI and hard copies of records containing PHI. Covered entities need to implement policies and procedures to address the final disposition of electronic protected health information and/or the hardware or electronic media on which it is stored.

Employees should be trained on the covered entity's policy on the disposal of PHI and refer to it when needed. HIPAA does not recommend one particular method of safely disposing of paper records that contain PHI. It allows each covered entity to choose its own methods. However, it does say that shredding, burning, pulping and pulverizing are accepted methods as long as the records are no longer readable. Acceptable Methods of Disposal - The following are acceptable methods of disposing of electronic records: Clearing (using software or hardware products to overwrite media with non-sensitive data) Purging (degaussing or exposing the media to a strong magnetic field in order to disrupt the recorded magnetic domains) Destroying the media (disintegration, pulverization, melting, incinerating or shredding

Fire Safety What if a fire broke out in your building? Would you know how to escape safely? Do you know where all the exits are in your building? Where would you go if the first exit you go to is too crowded or blocked? Fire hazards can come from any number of sources - it's impossible to pinpoint just a few. Find, read, and follow your organization's safety guidelines, so you can avoid risks and safely exit in the case of a fire emergency. An exit route is a continuous and unobstructed path from any point within a workplace to a place of safety.

Exit Routes Required by OSHA Your organization is required to provide exit routes for the safety of you, your patients and your coworkers. The parameters of an exit route are listed below. Adequate in number as well as capacity and width, so they can readily discharge everyone to a safe area Clearly marked with the word "EXIT" Equipped with an OSHA-compliant employee alarm system Always unlocked from the inside Kept free and unobstructed, for access Remain compliant even during repairs or alterations, which may require your organization to provide you with alternative exits or measures ======================================================== If you aren't already familiar with these, ask your supervisor or a coworker to show them to you. Additionally, any door, passage, or stairway that is not an exit route must be identified by a marked sign reading "NOT AN EXIT".

Document Retention Document Retention A health plan employee is cleaning out older versions of its privacy practices policies from its paper records. What policies is the employee required to throw away? Any that are six months old from the date of creation or last effective date Any that are six years old from the date of creation or last effective date Any that are three years old from the date of creation or last effective date Any that are 10 years old from the date of creation or last effective date

Explanation According to the HIPAA privacy rule, part of a covered entity's administrative responsibilities is retaining privacy-related documents such as its privacy notices, written policies, and complaint information for a minimum of 6 years.

Violation of HIPAA Safeguard Standards Violation A medical technician walks away from their desk and leaves their computer on in a public area. Protected health information is visible. What should the office manager do in this situation? It should have the employee report the breach. It should sanction the employee in an appropriate manner. It does not have to do anything if no one saw the PHI. It should have the employee move to a department that does not require access of PHI.

Explanation According to the HIPAA privacy rule, part of a covered entity's administrative responsibilities is retaining privacy-related documents such as its privacy notices, written policies, and complaint information for a minimum of 6 years.

Minimum Necessary General Requirements General Requirments You have been asked to sit on a committee to ensure HIPAA requirements are met. The committee is currently looking at the minimum necessary standard and how to apply it Which of the following should the committee be doing to ensure the requirement is met? Limit computer access privileges to the information employees need to do their jobs Identify individuals or groups of individuals in the workforce who need access to PHI to carry out their duties Establish procedures for handling routine requests for information, so the least amount of information is released in response to those requests All of the above

Explanation All covered entities must restrict the use or disclosure of PHI to the minimum amount of information needed. Access to information should be assigned on a need-to-know basis. It is important to identify which people need access to PHI, and then give access only to the information they need to do their jobs. For example, billing staff should generally have access only to a patient's demographic and billing information, not to the patient's entire record.

Common Signs of Illness Some common signs of illness are fever, coughing, sneezing, and vomiting. There are times an employee might show one of these symptoms but may not be contagious. In these instances, a manager must use his or her best judgment in assessing the situation.

Fever of 99 degrees or greater Best practice is for an employee to stay home if they have a fever of 99 degrees or above. Staying home for at least one full day without a fever is best practice. Most healthcare facilities have this rule in place to eliminate possible illness exposure to other staff members and patients.

Fire Safety Plans In addition to the requirements, we just went over regarding exit routes, your organization must also provide emergency action plans and fire prevention plans. Q/A An exit route is a continuous and unobstructed path of exit travel from any point within a workplace to a place of safety. The exit must be lit and clearly identified, and always unlocked from the inside. In addition, routes that "appear" to be exits, but are not should be labeled with "NOT AN EXIT" signs.

Fire Extinguisher Training If your organization provides portable fire extinguishers for you and your coworkers, several requirements must be met. Location - Fire extinguishers should be mounted, located and identified in places where they are easily accessible, without being in the way OSHA Approved - Only OSHA-approved portable fire extinguishers should be used Extinguishing Agents - Fire extinguishers can't use carbon tetrachloride or chlorobromomethane extinguishing agents Condition Fire extinguishers must also be fully charged and in operable condition, and they should always stay in their designated places unless they're in use. Removal Your organization must remove any old extinguishers that utilize soldered or riveted shell, self-generating soda acid, self-generating foam or gas cartridge water-type, operated by inverting the extinguisher to rupture the cartridge or initiate a chemical reaction. Learn more about the requirements your organization must follow when maintaining fire extinguishers: Visually inspect all portable fire extinguishers monthly Perform annual maintenance checks on all portable fire extinguishers Empty and maintain dry chemical extinguishers every six years Your organization must provide an educational program to familiarize you and all employees with general fire extinguisher use. It must be given upon initial employment and at least annually.

How Fires Start To understand how fire extinguishers work, it helps to first understand how fires start. Fire needs four significant elements at the same time to exist: Enough oxygen, enough heat to be ignited, a fuel or combustible material, and the chemical reaction that is fire.

Fire Extinguisher Use Portable fire extinguishers work by using an agent that will diminish or eliminate one of the four significant elements, either by cooling the burning fuel, removing oxygen or by stopping the chemical reaction of the fire. The labeled image on the extinguisher shows the major components of a standard portable fire extinguisher.

Common Natural Disasters Depending on where in the country you live, some natural disasters are more likely to occur than others. Nevertheless, you should be prepared for all possibilities. Coming up, we'll discuss the various natural disasters that could wreak havoc on your workplace so you can be better prepared. Q/A Drop, cover, hold on are the proper actions to take in the event of an earthquake.

Floods - Floods can be catastrophic in terms of both physical safety and technical issues. They're one of the most common hazards in the United States, so it makes good sense to know how you can be prepared for one. Preparing for a Flood includes: Having an evacuation plan Preparing emergency supply kits Understanding and paying attention to flood watches and warnings Tornadoes - Another natural disaster is a tornado; they manifest quickly and can occur with little or no warning. Whether or not a strong storm is in the forecast; take precautions in advance so you'll be prepared in case of a tornado. Remember to: Develop and learn your organization's emergency action plan Learn the warning signs of a tornado Monitor tornado watches and warnings Provide employees with training to recognize alarms and respond accordingly Identify shelter locations within your workplace Implement accountability procedures Earthquakes - Earthquakes can cause death, injuries, and extensive property damage. Most earthquake-related injuries are the result of collapsing walls, glass, and falling objects. The list below identifies the things you should do in the event of an earthquake. Do You Know What to Do in an Earthquake? Find a safe place under a table or desk, away from windows and falling objects Practice "drop, cover and hold on" in this safe place Have first aid and emergency medical supplies available. Know where they are and be sure they're accessible Have an emergency plan in place and familiarize yourself with it Fire - The Occupational Health and Safety Administration (OSHA) requires buildings to meet specific fire safety standards. Your workplace's emergency preparedness plan should include these standards and meet OSHA regulations. Certain safety tips should be followed in case of a fire in the workplace. Know where your fire extinguishers are located and ensure proper signage is in place and visible that points to the location of fire extinguishers Always be mindful of the closest exit to your working location Essential Steps to Take When Facing a Fire: You can handle small fires with proper use of the fire extinguisher. In case of larger fires, follow your organization's evacuation plan to a designated meeting place away from the workplace, alert emergency responders, ensure that all fire alarms and smoke detectors are in working order ahead of time, and always keep exits cleared and properly labeled. Fires can be unpredictable and deadly. According to the U.S. Fire Administration, in 2017 there were 3,400 deaths attributed to fires and 14,670 fire-related injuries? Use the tips we just outlined to stay safe in case of a fire. Power Outages - Oftentimes following a big storm or other natural disaster, power outages occur. Please read through the following list to learn more about what to do in case of a prolonged power outage. Identify equipment and systems critical to continuous operation, and ensuring reliable backup power supplies for those systems Someone from your facility will make sure the central operating systems are backed up but review your processes for your stand-alone systems and back up your files and other systems regularly Keep battery operated or crank operated flashlights and radios accessible Be aware of power outage drills and ensure battery backup systems like exit signs or emergency lighting works properly Report any problems during drills Q/A: Backing up files and operating systems often ensures preparedness for prolonged power outages.

Lifting Guidelines You should take caution while lifting heavy loads in your work environment. Here are some guidelines to keep you safe from injury.

Guidelines - Never transfer patients or residents when you are off-balance Lift loads close to your body Never lift fallen patients or residents alone Use team lifts or mechanical assistance Limit the number of allowed lifts per worker per day Avoid heavy lifting, especially with your spine in a rotated position Train your staff when and how to properly use mechanical assistance

If returning or destroying the information is not feasible, the business associate must notify the covered entity of the conditions that make return or destruction of the information infeasible and they must continue to protect the information and limit further uses or disclosures indefinitely. When a patient leaves a medical practice, state regulations for how long to keep that person's medical record on file can vary. The business associate should retain the patient's medical record for the number of years the state dictates unless it is shorter than six years. The patients are permitted to receive a copy of their record and have a copy sent to their new physician.

HIPAA notes that when a covered entity is closing business, it may give individuals it served an opportunity to pick up their records, including when those records are housed by a business associate. It also states that the covered entity should check with its state of residence to ensure it meets the state's requirements for medical records retention.

5. Limited Data Set and Authorized Uses and Disclosures

HIPAA permits covered entities to disclose some information to researchers without authorization when identifying information has been deleted. This information is any direct identifier of the patient, patient's family or household members and employer. For uses and disclosures that do not fall into one of the categories already discussed, disclosure is permitted as long as the covered entity receives written authorization from the individual. The authorization must be specific about what information is being requested, the purpose of the disclosure and an end or expiration date. Many covered entities create their own standard authorization form they use when patients request information. Using their own form ensures HIPAA standards are met and that all required information is included.

Administrative Requirements

HIPAA privacy regulations require all covered entities to fulfill certain administrative requirements. It recognizes that some organizations are much larger than others, so it allows some flexibility in how these are met but expects they will all be met in some form.

Definition of Business Associates HIPAA standards define business associates as organizations that contract with covered entities to provide services that involve exposure to PHI. An employee of the covered entity is not considered a business associate. Another health care provider, health plan or health clearinghouse may be considered a business associate if the service the business associate performs involved PHI.

HIPAA says examples of business associate-covered entity relationships include: A third-party administrator that assists a health plan with claims processing A CPA firm that provides accounting services to a hospital An attorney providing legal services An independent medical transcriptionist providing services to a physician Any independent contractor requiring access to PHI

3. Informal and Incidental Uses and Disclosures

HIPAA standards permit some informal uses and disclosures unless the patient specifically objects. For example, most hospitals maintain a directory listing of their patients. This directory typically includes the patients' names, location in the facility, the patients' condition, and the patients' religious affiliation. Family members and others who inquire about the patient are given all of this information except religious affiliation. Religious affiliation is given to members of clergy. Covered entities who keep these directories assume patients are OK with their listing in the directory unless they state otherwise. Informal uses and disclosures also apply to family members and friends who are involved in the patient's care. For example, an individual is permitted to have a family member or friend pick up prescription medication at a pharmacy. And if a family member or friend goes with the individual for an appointment or procedure, the health care provider may disclose information the provider deems relevant to the patient's care. HIPAA recognizes that it may be impossible for a covered entity to prevent every possible disclosure of PHI. When PHI is disclosed incidentally and the covered entity has taken all required precautions and disclosure is the minimum required, incidental disclosures are permitted. Some PHI may also be de-identified so that records may be used for other purposes The HIPAA guidelines say there are two ways to de-identify information: A formal determination by a qualified statistician The removal of specified identifiers of the individual and of the individual's relatives, household members and employers is required, and the removal is adequate only if the covered entity has no actual knowledge that the remaining information could be used to identify the individual

2. TPO Requests

HIPAA standards seek to make the health care system more efficient and effective by allowing covered entities to share protected information with one another when it is needed in order to provide treatment to the individual, for payment purposes or for health care operations. This is known as TPO requests. HIPAA defines treatment as the provision, coordination, and management of care of patients by health care providers. This includes consultations and referrals. A physician may not discuss a patient's care or condition with another physician unless the other physician is consulting on the case. HIPAA defines payment as the activities needed for health care providers to receive payment for their services, including determining eligibility for services, coverage levels and amount of patient responsibility. Health care operations are defined by HIPAA as activities health care providers complete to manage or improve their operations. Health care operations include but are not limited to: - Quality assessment and improvement efforts Competency assurance activities Medical reviews, audits or legal services Insurance purposes Business planning and development Reporting past due balances to consumer credit agencies Business management and administrative purposes. A covered entity that participates in an organized health care arrangement (OHCA) may disclose protected health information about an individual to another covered entity that participates in the OHCA for any joint health care operations of the OHCA, including training medical students. Any covered entity who reports a potential fraud situation is permitted to include patients' protected health information when needed in the report to HHS. All of these TPO uses and discloses are permitted and do not require prior patient authorization or consent. Also, HIPAA does not require covered entities to obtain patient consent for the use of protected health information for treatment. However, covered entities may choose to obtain consent. HIPAA does not provide guidance on what the consent form contains. The covered entities should develop the consent form to best meet their services and practices. TPO does not include disclosures for research or marketing, nor does it allow pharmaceutical companies to view patient records without first getting written authorization from them.

4. Public Interest and Benefit Activities

HIPAA's Privacy Rule permits the use and disclosure of PHI without individuals' authorization when it is in the public interest or public's benefit. These uses include those that are required by state laws and statutes or court orders. Public health uses, for example, to control disease outbreaks, for employers when employees have filed workers' compensation claims or for OSHA purposes, are all considered permissible as public interest or benefit activities. Federal Drug Administration (FDA) filings and required reporting are also permitted and classified in this category. Covered entities are also permitted to disclose PHI in situations of abuse, neglect or domestic violence. Also, covered entities are permitted to disclose PHI for health oversight activities, such as audits and investigations conducted by the government. Other public interest and benefit activities that are permitted include: Judicial and administrative proceedings Law enforcement purposes After a patient's death to funeral homes, coroner or medical examiner Donation and transportation of cadaver organs, eyes or tissue Research Serious threat to health or safety Essential government functions

Your Right to File a Complaint - You have the right to file a complaint and request an OSHA inspection of your workplace anytime you believe there's a severe workplace hazard or if you believe your organization isn't following OSHA standards. OSHA takes complaints very seriously and will keep your information confidential.

How to File a Complaint - There are several ways in which a complaint can be filed with OSHA: Completing the online complaint form Downloading the OSHA complaint form, complete it and faxing or mailing it to your local OSHA Regional or Area Office Telephoning your local OSHA Regional or Area Office Though OSHA recommends that you first try to resolve safety and health issues by reporting them to your supervisors, managers, or safety and health committees, you have the right to file a complaint at any time. When should you file a complaint to OSHA? - If you ever observe a serious hazard or lack of compliance with OSHA standards, and within 30 days of experiencing discrimination for exercising your rights to refuse to work when faced with danger of death or serious injury.

Radiation Safety If you work in a healthcare facility where you're at risk of being exposed to radiation, such as through exposure to imaging units like x-rays or MRIs. It's essential to understand your rights to ensure that your organization is maintaining radiation safety in your workplace. Radiation exposure occurs when unprotected individuals are near a radiation-producing machine while it is in operation. Radiation exposure can occur from gamma rays, alpha rays, beta rays, x-rays, neutrons, high-speed electrons, high-speed protons, and other atomic particles. Minimizing radiation exposure can help you avoid negative health effects, which range from vomiting and diarrhea to skin cancer and death.

How to Minimize Radiation Exposure Minimizing radiation exposure comes in two parts: Monitoring radiation exposure Utilizing physical protective equipment or PPE Your organization is required to equip you with a monitoring device - such as a film badge, pocket dosimeter or ring badge - that can measure radiation exposure. Records of the radiation exposure must be maintained for any employees that require exposure monitoring. In rooms with radiation equipment, your organization should have additional protective equipment or structures in place to reduce radiation exposure. This type of protective equipment and structures can include: Lead aprons and gloves Lead-plated glass that acts as a barrier wall Lead strips during fluoroscopy procedures Maximized distance from the radiation source Remote procedures that can be performed from a radiation-free room Q/A Radiation exposure can occur from gamma rays, alpha rays, beta rays, X-rays, neutrons, high-speed electrons, high-speed protons, and other atomic particles.

All of this information must be protected by covered entities and their business associates that use it. De-identified information is permitted to be used without first obtaining permission from the individual. De-identified information does not include any identifying information, nor does it contain any information that would reasonably allow identification of the individual.

However, HIPAA standards say there are only two ways a covered entity can be sure the information has been de-identified: 1 Have a qualified statistician certify it as de-identified 2 Remove all the identifiers listed for the individual, the individual's family members, household members and employers, and the covered entity has no knowledge that the remaining information could be used to identify the individual

Amendments to Medical Records Individuals have the right to request amendments to their medical records according to HIPPA standards. If a patient obtains a copy of their medical record and feels it contains inaccurate information, he or she may request an amendment to the record. Care providers are then required to review the amendment request.

If the provider feels the record is accurate as it is, the provider is not required to make the amendment. The care provider must then respond in writing to the patient, letting them know why the amendment is not going to be added to the record. The patient may write a response to the denial and have that response included in their medical record. The provider must keep the amendment request, practice denial letter, disagreement statement from the patient, and any rebuttal from the doctor with the patient's medical record at the location of the item the patient is disputing. If the care provider agrees with the amendment, he or she must also include it in the medical record. Business associates who maintain original records are required to incorporate amendments with the original record and include them with future disclosures from the record. This is one of the requirements the covered entity must include in its written contract with the business associate. When a covered entity (health care provider, health care plan or insurer) requests an amendment to a patient's record it has agreed to with a second covered entity, that second entity must make the amendment in a timely manner. When the provider or covered entity amends the record it must also: 1. Make reasonable efforts to provide the amendment to persons that the individual has identified as needing it 2. Make reasonable efforts to provide the amendment to a covered entity that might rely on the information to the individual's detriment

Signs and symptoms of MSDs - Pain in the fingers, wrists or other parts of the body Tingling or numbness, particularly in the hands or fingers Swelling, inflammation or joint stiffness Loss of muscle function or weakness Discomfort or pain in the shoulders, neck, or upper or lower back Extremities turning white or feeling unusually cold General feeling of muscle tightness, cramping or discomfort Clumsiness or loss of coordination Loss of range of motion Discomfort when making certain movements

If you recognize any of these symptoms or have any concerns, report them to your supervisor. Early intervention may greatly improve your recovery outcome.

Protected Health Information Protected health information as defined by HIPAA includes "individually identifiable health information," which is information that relates to an individual's current or past physical or mental health along with common identifiers.

Individually identifiable health information includes: The provision of health care to the individual The past, present or future payment for the provision of health care to the individual Information that identifies the individual Information for which there is a reasonable basis to believe it can be used to identify the individual

Designated Security Officer - Like covered entities, business associates that have access to PHI are required to have a designated security officer or person. This person performs many important tasks, including: Maintaining the organization's safety and security policies and procedures Reviewing the policies on a regular basis Conducting risk analyses Implementing changes when needed

Internal Audit - Business associates that are preparing for a compliance audit should complete their own internal audit to help prepare them. This audit should include: Reviewing HIPAA policies and procedures Employee training on HIPAA policies and procedures Security and privacy safeguards that are in place

Business Associate Guidelines Some relationships with other organizations do not require a business associate contract. When the relationship is for treatment reasons, the contract is not required. The relationship between a health plan sponsor and the health plan does not require a business associate contract.

It is important to remember that once an organization contracts with a covered entity and is considered a business associate, the organization must comply with all of the same HIPAA standards as the covered entity, including: Risk analysis and management Instituting safeguards, policies, and procedures Compliance audits Breach reporting =================================== A vendor or company that is considered a business associate under HIPAA standards is expected to meet the Security rule standards, which include creating administrative, physical and technical safeguards. New employees should sign a nondisclosure agreement and receive HIPAA standards, and their exposure to PHI should be limited to the information they need to perform their work. Part of the safeguards business associates are required to take to protect PHI is sanctioning employees when they violate a privacy rule. For example, an employee leaving PHI visible in a public area would be considered a violation. Access to PHI should be the minimum necessary, and the company should have and train employees on policies for protecting PHI on the tablets.

OSHA requires organizations to perform exposure determinations regarding which activities, and therefore which jobs might incur occupational exposure to blood or other potentially infectious materials, without regard for personal protective clothing or equipment.

Job Classification The organization's exposure control plan must include a list of job classifications indicating all employees or some employees who have occupational exposure. Note within the second group, "some employees," specific tasks and procedures causing occupational exposure must be listed. Good Samaritan Acts The OSHA bloodborne pathogen standard does not apply to Good Samaritan acts. For example, if an employee becomes exposed to a hazard while acting as a Good Samaritan and it is not an expectation to render assistance as part of their job responsibilities, then the exposure is not covered by the bloodborne pathogens standard. How Exposure Occurs An exposure can occur in any number of forms, including: Needle sticks Cuts from contaminated sharps Via bodily fluids; such as blood, vomit, feces, urine Saliva comes in contact with your mucous membranes - eye, nose, mouth or broken skin *** Helping someone because it is the right thing to do but isn't part of a job function would be considered acting as a Good Samaritan and would not be covered under the Bloodborne Pathogens standard.

Compliance Any provider who accepts payment from any health plan or other insurance company must comply with HIPAA if they conduct the adopted transactions electronically. HIPAA requires health plans to accept any covered transaction submitted electronically in the designated standard format. If the health plan cannot accept standard transactions, it may use a clearinghouse to accept and process transactions for it. According to HIPAA standards, Internet transactions are a form of electronic transaction that needs to be handled the same way as other electronic transactions using the standard HIPAA transaction. According to HIPAA standards, it does not matter if the transactions are contained within a single business entity. All electronic transactions must use standard transactions.

Like any other HIPAA standard, if covered entities do not comply with standard transaction usage, they could be fined monetary penalties for the violations. Sending the patient a copy of his billing history is not a transaction and does not require coding but does require the usage of encrypted email for the protection of PHI. HIPAA email rules require messages to be secured in transmission if they contain ePHI and are sent outside a protected internal email network, beyond the firewall. The operating rules were established under the Patient Protection and Affordable Care Act and authored by CAQH CORE. They specify the information that must be included when conducting standard transactions, making it easier for providers to use electronic means to handle administrative transactions. The expanded provisions in the ACA of 2010 included requirements for the adoption of: Operating rules for each of the existing transactions A standard unique identifier for health plans Standards for electronic funds transfer and electronic health care claims attachments

Covered entities are also expected to institute policies and procedures that will ensure HIPAA standards are followed and PHI uses and disclosures are limited according to those standards.

Limit computer access privileges to the information employees need to do their jobs Identify individuals or groups of individuals in the workforce who need access to PHI to carry out their duties Establish procedures for handling routine requests for information so the least amount of information is released in response to those requests The standard also states that the covered entity's policies and procedures need to cover routine requests for health care information and develop criteria for handling nonroutine requests. It is permitted under HIPAA for a covered entity to rely on another entity's assessment of the minimum necessary information needed if the request is coming from a public official, a covered entity's business associate or a researcher following the HIPAA standard for access for research. All covered entities must restrict the use or disclosure of PHI to the minimum amount of information needed. Access to information should be assigned on a need-to-know basis. It is important to identify which people need access to PHI, and then give access only to the information they need to do their jobs. For example, billing staff should generally have access only to a patient's demographic and billing information, not to the patient's entire record.

Posting the NPP HIPAA also requires covered entities to post or display the NPP in a prominent location where the public may see it. Additionally, a covered entity must prominently post and make available its notice on any website it maintains that provides information about its customer services or benefits. Sharing the NPP Providers are no longer required to obtain the patient's consent to use or disclose information for TPO. These uses and disclosures are permitted under the regulations without patient consent. Physicians with privileges at a hospital that has an organized health care arrangement with its medical staff can rely on the hospital's NPP. HIPAA requires covered entities with direct relationships to individuals to provide the NPP to patients upon their first service encounter. In emergency situations, the covered entity is permitted to provide the NPP once the emergency has been concluded.

Making NPP available to individuals Covered entities must also make the NPP available to any individuals who request them, even if the individual may have already received the notice, it is posted in the office or it is available on the entities' website. HIPAA also requires covered entities that have direct relationships with individuals to make a good faith effort to obtain a signed acknowledgment that the individuals have received and/or read the entity's NPP. Patients must receive the signed copy of the form. Getting a signed acknowledgment is waived in emergency situations. When a health plan revises its NPP, the revised notice must be provided to individuals then covered by the plan within 60 days of a material revision.

Workplace Violence Training Your organization should offer some form of training in your workplace safety training and/or orientation programs. This training should cover some or all of the following:

Methods to prevent or diffuse volatile situations or aggressive behavior How to recognize and deal with hostile, aggressive people Anger management Conflict resolution techniques Stress management and relaxation techniques Security procedures Personal security measures, such as self-defense Talk to your supervisor or human resource department about getting more information on how you can prevent and reduce violence in your workplace.

Joint Commission Safety Standards - Employees According to the Joint Commission Standards, staff and licensed independent practitioners must be able to describe or demonstrate methods for eliminating and minimizing physical risks in the environment of care. Some of the ways you can ensure these standards are met include:

Orienting staff to key safety content during orientation Instructing staff on hospital-wide and unit-specific policies and procedures Informing them of specific job duties (including infection prevention and control and assessing and managing pain) Explaining the value of being sensitive to cultural diversity Informing staff of patient rights

Most fire extinguishers operate using the P.A.S.S. technique. Read below to learn what P.A.S.S. stands for:

P - Pull the pin A - Aim low, pointing the extinguisher nozzle or hose at the base of the fire S - Squeeze the handle to release the extinguishing agent S - Sweep from side to side at the base of the fire until it appears to be out -------------- Watch the area. If the fire reignites, repeat the last three steps.

Safe Patient Handling A common source of injury to healthcare workers is musculoskeletal disorders (MSDs). These are largely due to overuse of muscles from repeated manual patient handling activities. The consequences of MSDs are substantial, including reduced productivity, long-term injury or disability, and turnover.

Patient Handling-Related Injuries - Patient handling-related injuries can occur in various scenarios that result in awkward postures for you such as: Transferring a patient from the toilet to a chair Transferring a patient from a chair to a bed Transferring a patient from the bathtub to a chair Repositioning a patient in any apparatus, or from side-to-side in bed Lifting a patient in bed Any of these activities above can quickly become exacerbated in emergencies when you might become less attentive about your health and safety to protect that of the patients. Patient Transfer & Lifting Technology - Proper patient handling ensures safety for both you and the patient. In addition to using proper ergonomic techniques, your organization should consider and provide patient transfer and lifting technology to make handling and moving patients safer. As a healthcare worker, you should be trained on the proper use of patient lifting equipment and devices, such as braces, mechanical lifting arms, etc. Also, your organization should orient you to your work environment and discuss how you can assess patient handling hazards day-to-day. Patient-handling equipment and devices are not only helpful for you, but for patients as well. Explaining planned lifting procedures to patients before lifting can encourage them to cooperate and stay engaged in the movement, which ultimately increases their safety, comfort, and dignity.

Let's begin by discussing ergonomics and some healthy employee behaviors to prevent or minimize workplace-related injuries. Ergonomics is the practice of conforming the design of a work environment to fit an employee's physical needs. The goal of ergonomics is to reduce and eliminate stress or injuries related to overuse of muscles, bad posture and repeated tasks. Ergonomics is important because it mitigates work-related musculoskeletal disorders or MSDs before they occur, provides an optimal working setup, reduces fatigue, and reduces injury-related costs, turnover rates and sick/injured days.

Potential Causes and Risks of Workplace Injuries Common workplace injuries come from various risk factors. You should use caution while doing several activities, including manual handling of equipment or patients, heavy lifting, twisting movements, and working long hours in awkward positions or with repeated movements. Reducing Risk Factors You can control and limit work injury risk factors through a variety of methods. Use appropriate workstation tools and equipment design. You should also utilize proper work techniques, including lifting techniques and workstation cleanliness. Implement administrative controls, such as task variety and increased rest breaks, when necessary and finally, always use personal protective equipment, such as back braces, gloves, and glasses. It's important to recognize the signs and symptoms of a potential MSD that has been caused by a work-related task. The Office of Risk Management and Environmental Health Safety at the University of Northern Iowa has outlined an extensive list of signs and symptoms that may indicate a person is suffering from musculoskeletal disorders.

Hazard Communication What if you started a job without knowing its potential hazards? What if these hazards could be extremely dangerous - even deadly? OSHA's Hazard Communication standard is designed to ensure that information about hazards associated with chemicals used in the workplace, and associated protective measures, are communicated to employees like you. Signs, Labels & Pictograms for Chemical Hazards Labels must include the universal biohazard symbol, and the term "biohazard" must be visible on containers of regulated waste, refrigerators or freezers containing blood or other potentially infectious materials (OPIM), and containers used to store, transport, or ship blood or other potentially infectious materials. Bags used to dispose of regulated waste must be red or orange-red in color, and they, too, must include the biohazard symbol. Signs must be used to identify restricted areas. Chemical manufacturers and importers are required to provide a label that includes a consistent signal word, pictogram, hazard statement, and precautionary statement for each hazard class and category, in addition to product identifier and manufacturer contact information.

Revised Hazard Communication Standard (HCS) The update to the Hazard Communication Standard, or HCS, provided a common and clear approach to classifying chemicals and communication hazard information on labels and safety data sheets. The improved HCS: Improve the quality and consistency of hazard information in the workplace Improve employee safety by providing easily understandable information on appropriate handling and safe use of hazardous chemicals Definition of Hazard The definition of hazard was changed to provide specific criteria for classification of health and physical hazards, as well as classification of mixtures. The criteria will ensure evaluations of hazardous effects are consistent across manufacturers and that labels and Safety Data Sheets (SDS) are more accurate. Q/A: Precautionary statements, a signal word, hazard statements, and pictograms are required for manufacturers to provide on a label when hazardous chemicals are involved.

Written authorization from the patient or their legal representative would be required before providing copies of a patient's medical record to an attorney unless a valid subpoena or court order was issued. According to HIPAA guidelines, covered entities are not permitted to condition treatment, payment or eligibility for benefits based on whether the individual signs the authorization form. The covered entity should not disclose the information when a signed authorization form is required.

Revoking Authorization The HIPAA Privacy Rule gives individuals the right to revoke, at any time, an authorization they have given. The revocation must be in writing. It is not effective until the covered entity receives it. However, the written revocation is not effective when it comes to the actions the covered entity took prior to receiving the written revocation. In other words, it is not retroactive and will not make the covered entity in violation of the privacy rule.

Risk Analysis, Risk Management All covered entities and business associates that have access to PHI are required to perform a regular risk analysis. This analysis may be conducted by an individual or committee of the covered entity. To complete the analysis, the person or committee reviews all of the organization's security policies and procedures, as well as the security safeguards it has in place to determine if they are working, being adhered to, and are effective. If after completing the analysis the organization determines there are items for improvement, the entity is required to manage or mitigate the risk it sees in these items by making changes that will reduce the risk (of exposure, breaches, and disclosures of PHI).

Risk Analysis - Risk analysis should include: Evaluating the likelihood and impact of potential risks to electronically communicated PHI Implementing appropriate security measures Documenting the security measures that were chosen Maintaining continuous, reasonable and appropriate security protections -------------------------------------------------------- Assessing Potential Impact of Breach - HIPAA also recommends that the individual or committee should assess the potential impact a breach of PHI could have using the following possible outcomes: Unauthorized access to ePHI (electronic protected health information) Permanent or temporary loss or corruption of ePHI Loss of financial cash flow Loss of physical assets --------------------------------------------------------- Risk Management Process - Following the analysis, HIPAA recommends that a covered entity should perform a risk management process that includes: Developing and implementing a risk management plan Implementing security measures Evaluating and maintaining security measures

Employee Health/Occupational Health Now, let's discuss how your human resources or employee health department (also known as occupational health) can play a critical role in the interpretation and implementation of Occupational Safety and Health Administration (OSHA) guidelines.

Role of Employee Health Department Managing occupational health and safety needs of the employees of the healthcare facility Maintaining responsibility for the oversight of many OSHA-related issues (from employee injuries and bloodborne pathogen exposure to HEPA mask fittings) Recording and retaining issues related to employee injuries Tracking bloodborne pathogen exposures Ensuring that employees are treated appropriately, and that laboratory testing follows the correct guidelines, and many other services.

Slips, Trips and Falls Slips, trips and falls, for example, make up the majority of general industry accidents. In fact, fifteen percent of all accidental deaths occur from slips, trips and falls in the workplace. Keep your workplace free from slips, trips and falls. Ensure floors and mats are clean, dry, and free from obstructions. Also, eliminate any uneven floor surfaces. In halls and stairways, ensure ample lighting. And remind employees to use handrails on stairs and to avoid moving too quickly when using them.

Sharps and Containers Sharp containers must be easily accessible to employees and as close as possible to the area of use, kept upright during use, replaced routinely, closed when moved, and never overfilled. All sharps containers must be FDA-cleared disposal containers. FDA-cleared sharps disposal containers are made from rigid plastic and come marked with a line that indicates when the container should be considered full, which means it's time to dispose of the container. Remember: If a sharps container becomes cracked or punctured, it must be replaced. Always store and/or process reusable sharps in a way that ensures safe handling

State Law HIPAA regulations say that when state laws are not aligned with HIPAA standards, covered entities are required to follow HIPAA standards, not state laws. If however, state laws provide greater privacy protections, then the covered entity should follow state laws over HIPAA standards.

Some state laws also require covered entities to report diseases or injuries to public health officials and some health plan reporting. HIPAA standards permit these exceptions.

Preventing Issues with Air Quality To prevent issues with indoor air quality, inspect the building for things like leaks and malfunctioning equipment. Regularly evaluate your H-VAC system and monitor the carbon dioxide levels. Ideally, you should keep the building's temperature between 68 and 70 degrees and the relative humidity should be between 30 and 60 percent. Some control methods to reduce indoor air pollutants include:

Source management, for removal, substitution, and enclosure of sources of potential pollutants Engineering control to keep systems in place that reduce indoor air pollutants Administrative controls, like education and housekeeping

Hepatitis B is a type of liver disease that inflames the liver and leads to liver damage. Hepatitis B vaccines can be requested from employers if an employee is exposed to potentially infectious materials on the job.

Symptoms of hepatitis B - Symptoms of hepatitis B include: Fatigue Abdominal pain Loss of appetite Nausea Jaundice Vomiting Diarrhea Light-colored stools Dark urine Hepatitis B symptoms may not appear for some time after initial exposure. The hepatitis B virus is very durable, and it can survive in dried blood for up to seven days. Hepatitis B Vaccination - OSHA and the U.S. Public Health Service require that the hepatitis B vaccination be available free of charge at a reasonable time and place to all employees at risk of exposure within ten working days of initial assignment. There are three exceptions to this rule, however, they are: Unless the employee already had the vaccination If antibody testing reveals immunity Any personal or medical reason offered by the employee There are some additional requirements of the hepatitis B vaccination. Vaccination must be performed by a licensed healthcare professional. Vaccination must be provided even if it's initially declined and later accepted Anyone who declines the vaccination must sign a declination form No one is required to participate in an antibody prescreening program to receive the vaccination The vaccination booster doses must be provided if it's recommended by the U.S. Public Health Service

Requirements of the Exposure Control Plan:

The exposure control plan must address the following requirements: The plan must be written It must include a list of job classifications in which workers have reasonably anticipated exposures It must be reviewed annually, to account for any changes that may have occurred, like tasks, procedures, or assignments, resulting in employee exposure or new technological advancements that will eliminate or reduce exposure The annual review must document the organization's considerations and implementation of safe medical devices Organizations must solicit input from front-line potentially exposed employees to improve the plan's identification, evaluation, and control methods The plan must be accessible to all employees The plan must include record keeping

Marketing HIPAA defines marketing communication as any communication that encourages an individual to purchase a product or service. HIPAA also says that when one covered entity sells, either directly or indirectly, individuals' PHI so that the purchaser can market goods or services to those individuals, that is considered marketing. In either of these two marketing situations, the individuals involved must provide written authorization to the covered entity. Under the HIPAA privacy rule, covered entities are permitted to market their own products and services to existing patients and authorization is not required. HIPAA guidelines allow hospitals to market new products or services to their patients. When communications to patients can be considered health-related, it is NOT considered marketing.

The following describes communications that are NOT considered marketing: Communications that describe health-related products or services or payment for them, provided by or included in a benefit plan of the covered entity Communications about participating providers in a provider or health plan network, replacement of or enhancements to a health plan and health-related products or services available only to a health plan's enrollees that add value to, but are not part of, the benefits plan Communications for treatment of the individual Communications for case management or care coordination for the individual or to direct or recommend alternative treatments, therapies, health care providers or care settings to the individual

The organization's exposure control plan plays a critical role in providing a safe and healthy work environment by eliminating or minimizing occupational exposure to bloodborne pathogens. The exposure control plan details the employee protective measures that are in place.

The plan must include: - Engineering and workplace controls Hepatitis B vaccinations Helpful signs and labels Personal protective equipment requirements Training Medical surveillance

Valid Authorization When individuals request personal health information to be sent to individuals or organizations that fall outside the rules of TPO, they must provide written authorization. HIPAA recommends covered entities create standard authorization forms that can be used for this purpose.

The privacy guidelines explain that there are specific elements the authorization must contain in order to be considered valid: Only one type of record should be included on an authorization. A meaningful description of the information to be disclosed The name of the individual or the name of the person authorized to make the requested disclosure A description of each purpose of the disclosure (The statement "at the request of the individual" is sufficient when the individual initiates the authorization and does not, or elects not to, provide a statement of the purpose) The name or other identification of the recipient of the information An expiration date or an expiration event that relates to the individual A signature of the individual or their personal representative (someone authorized to make health care decisions on behalf of the individual) and the date. Personal representatives may sign authorization forms. However, they are also required to describe their authority to act for the patient.

Who is Covered by the Standard?

The standard covers all employees for whom contact with blood or other potentially infectious materials can be reasonably expected while performing job duties. This includes: Physicians, nurses, and emergency room personnel Housekeeping and laundry personnel Dentists and dental workers Laboratory and blood bank workers Medical examiners First responders Home healthcare workers Medical waste treatment workers

OSHA Requirements Regarding Record-Keeping OSHA requires the organization to maintain medical and training records, as well as a log of injuries from contaminated sharps. Each organization is required to keep employee medical records confidential and never disclose or report their contents without the employee's written consent, and they must maintain medical records for the duration of employment plus 30 years. The organization is also required to establish and keep training records of all exposed employees for three years and must maintain a sharps injury log to record any injuries resulting from contaminated sharps. The log must be reviewed annually.

The table below lists the items OSHA requires for medical records: Employee's name, social security number, and hepatitis B vaccination status Results of examinations, medical testing, and post-exposure evaluation/follow-up A healthcare professional's written opinion Information provided to the healthcare professional An organization is also required to establish and keep training records of all exposed employees for three years. These records should include: Names and job titles of everyone attending the training sessions Dates and contents of the training sessions Names and qualifications of the trainers there Organizations must maintain a sharps injury log to record any injuries resulting from contaminated sharps. The log must be reviewed annually, and must contain: The type and brand of the device that was involved in the incident The location where the incident occurred A description of the incident

General Rules The same covered entities that must comply with HIPAA privacy standards are also required to comply with HIPAA security standards. These include health care providers, health care facilities, such as hospitals and nursing homes, health plans and business associates, that have access to PHI. The security rules also apply to the same PHI as described in the Privacy Standard.

There are four general security standard rules. Covered entities are required to Ensure the confidentiality, integrity, and availability of all PHI they transmit, receive, create or maintain Identify and protect PHI from reasonably anticipated potential threats Protect PHI from reasonably anticipated impermissible disclosures Ensure employees comply with standards HIPAA standards recognize that entities may be small or large and does not dictate how these security standards are accomplished. It does expect that they will incorporate security measures, policies and procedures that will allow them to comply with the security rules and that they will review and modify their procedures on a regular basis.

Minimum Necessary Minimum necessary is an important part of the HIPAA privacy rule. When a covered entity is communicating PHI for permissible reasons, or it is communicating it as part of an authorized request, it needs to limit the information to just the minimum necessary to fulfill the request. For example, if a health plan is verifying a patient's address from a health care provider, the health care provider, should not communicate all of the patient's contact information or medical record. HIPAA requires all covered entities to institute policies and procedures in their organizations that will ensure that employees understand the minimum necessary rule and be able to apply it correctly.

There are some exceptions to the minimum necessary rule: - Disclosure to or by a health care provider for treatment Disclosure to the individual or the individual's personal representative Disclosure made following a signed authorization by the individual Disclosure to HHS for complaint investigation, compliance review or enforcement Use or disclosure required by law Use or disclosure required for compliance with the HIPAA Transactions Rule or other HIPAA Administrative Simplification Rules

Termination Guidelines for Business Associates Just as in any other industry, change is constant. Employees find other opportunities and leave the company. Covered entities explore other relationships and terminate services with business associates. HIPAA guidelines for privacy and security explain safeguards that must be taken when these terminations occur. When an employee resigns or is fired from a business associate's organization, it is important that the employee can no longer access PHI.

This can include: Ensuring that the employee's access to all PHI is terminated Ensuring remote access to any calendars and applications is revoked Deleting the employee's computer password and logon from its computer systems ---------------------------------------------------- Under HIPAA, business associates must return or destroy all PHI at the termination of the contract. Business associates are not permitted to keep copies of any protected health information.

Joint Commission Safety Standards - Leadership The Joint Commission's standards on patient and workplace safety speak to both leaders and staff, alike. Leaders are required to create and maintain a culture of safety and quality throughout the organization, while those who work within the organization must focus on improving safety and quality.

Those in management positions can set an example for staff by wearing any required personal protective equipment, reporting hazards, and reporting injuries and illnesses. In short, leadership should also be doing anything they expect their employees to do. Q/A Overall, JCAHO standards are to assist an organization in maintaining a culture of safety and quality. One way to achieve this is by management and leadership being an example and role models by using proper equipment when necessary.

Response Activities Security procedures can prevent unauthorized access to the workplace, and protect vital records and equipment during an emergency. This portion of the action plan makes a huge difference in your organization's ability to bounce back after a disaster. OSHA also requires your organization to address effective emergency communication and security procedures within its action plan. Identify the steps you should follow when creating an action plan. Here are a few: Your organization must make sure alarms are used as a signal to evacuate or perform specified actions in the plan. It should also make emergency communication systems available, like a public address system or a portable radio unit to notify employees or outside agencies of the emergency. Be sure the alarms in your workplace will work even if power is lost, and provide an auxiliary power supply. Always account for personnel following evacuation

Training OSHA requires that each and every employee knows the details of the emergency action plan. Your organization must conduct training annually or whenever someone is hired or their job changes. Additional training needs to be provided when new processes, materials and/or equipment are introduced; when procedures are updated or revised; and when exercises show that employee performance is inadequate. Remember the emergency and safety tips provided in this course are not a substitute for knowing your workplace's emergency action plan. There are many more emergency safety tips than are discussed in this course. Make sure you familiarize yourself with your workplace's plan and OSHA requirements. Q/A OSHA requires that employers with ten or more employees have a written emergency action plan.

Recordkeeping In regard to recordkeeping, employers with 10 or fewer employees at peak employment during the year, are exempt from most requirements of the rules. Low-hazard sectors, such as retail, service, finance, insurance and real estate, are also exempt. However, all employers covered by OSHA must report any workplace incident resulting in an employee fatality or the hospitalization of three or more employees.

Training OSHA standards require and monitor annual training for bloodborne pathogens to employees when they are first hired. It is best practice, and possibly a state regulation in your state, for healthcare workers to receive proper training on OSHA standards as applicable to healthcare facilities. This may include fire safety, hazard communication, infection and exposure control, etc. Training should be executed only by qualified personnel.

Tuberculosis Prevention and Treatment One infectious disease that can be overlooked is tuberculosis. According to the Centers for Disease Control and Prevention (CDC), one-fourth of the world's population is infected with tuberculosis. That's about 2 billion people. TB is the leading infectious disease killer in the world, claiming 1.5 million lives each year. The CDC has published recommendations that can help in developing a plan.

Tuberculosis Signs and Symptoms Tuberculosis is an infectious disease caused by bacteria. It is spread by airborne droplets created when an infected person coughs, speaks, sings, sneezes, shouts, breathes, etc. An employee can become infected by inhaling these droplets containing the bacteria. The signs and symptoms include: Night sweats Cough or Coughing up blood Loss of appetite Lethargy or weakness Weight loss (Night sweats and fever, lethargy, weakness, and cough are all symptoms of tuberculosis.) Preventing Transmission of Tuberculosis The CDC has published recommendations that can help in developing a plan. Transmission can be prevented by implementing specific actions. The CDC recommends: Patient screening Rapid diagnosis Appropriate and curative therapy Reducing air contamination Providing isolation rooms Screening of healthcare personnel Thorough investigation and control of outbreaks Depending on the organization's needs and capabilities, employees may have preventable work practices and devices available to help minimize the exposure to tuberculosis. If the organization doesn't have a formalized plan, ask for information on the actions that are available.

You can support your organization and your peers by:

Understanding and complying with the established workplace violence prevention program Actively participating in employee complaint/feedback sessions Always promptly and accurately reporting any workplace violence incidents

The term "universal precautions" refers to an approach to infection control used to protect employees from exposure to all human blood and other potentially infectious materials. Let's see what OSHA requires of employees and their organizations. A great thing to remember - The best defense is a thorough offense. Always follow universal precautions when handling contaminated materials. When treating all bodily fluids as if they are infectious, the employee will always be prepared.

Universal Precautions - OSHA requires that employees: Use proper personal protective equipment (PPE) Dispose of all contaminated material in the proper manner Treat all blood and bodily fluids as if they were contaminated Properly clean up and decontaminate Personal Protective Equipment - The organization is required to provide appropriate PPE at no cost if blood exposure is reasonably anticipated in the employee's job duties. Wear gloves when handling chemicals or bodily fluids Wear safety shoes, boots or covers, and an apron, gown or coveralls if a hazardous substance is likely to splash Use a respirator when hazardous substances are airborne such as in the case of tuberculosis Wear hearing protection for loud noises Always remove PPE carefully, to avoid contamination Dispose of PPE in designated containers before leaving the contaminated area Employer Obligations - Under OSHA requirements, the organization is responsible for cleaning, laundering, or disposing of PPE. Training in proper cleaning techniques for reusable PPE Proper disposal of contaminated PPE Training in safe laundering procedures

What happens if exposure occurs? What about post-exposure to a potential hazard follow-up? The organization is required to provide post-exposure evaluation and follow-up in the event of bloodborne pathogen exposure. Steps to follow when exposure occurs: Q/A Wash with soap and water, report the exposure and seek medical attention are all steps to take after exposure.

Wash the exposed area with soap and water Flush nose, mouth or skin with water Irrigate eyes with water or saline Report the exposure Be sure to seek medical attention Post-exposure to a potential hazard requires follow up. There are several things that must be included in the follow-up. Please read the list below to learn more: Document how the exposure occurred Record any injuries from contaminated sharps as a "Privacy case" on the 300 Log and in a sharps injury log if the organization requires it Obtain consent from source individual and the employee exposed, and test blood as soon as possible Provide risk counseling and offer post-exposure protective treatment for the disease, when medically warranted Provide a written report of the findings to the organization and the exposed employee within 15 days of evaluation

Medical and First Aid

We all know that even the best safety precautions can't prevent all accidents from happening. Therefore, organizations should provide medical and first aid supplies and personnel that fit the hazards of your particular workplace. The American National Standard Institute describes minimal contents of a generic first aid kit. If you work in a more substantial workplace or conduct operations with unique needs, your organization will determine the need for enhanced supplies and equipment or additional kits.

HIV attacks the body's immune system weakening it so it cannot fight deadly diseases. Symptoms include:

Weakness Fatigue Sore throat Persistent fever Swollen lymph glands Weight loss

Designated Record Set The HIPAA privacy standard allows individuals to access the PHI that is part of the covered entity's designated record set. HIPAA defines the designated record set as "group of records maintained by or for a covered entity that is used, in whole or part, to make decisions about individuals, or that is a provider's medical and billing records about individuals or a health plan's enrollment, payment, claims adjudication and case or medical management record systems." Designated record sets include protected health information (PHI). Covered entities must clearly describe the components of designated record sets in their written policies, train their employees about the designated record set, and ensure they comply with valid requests. (See our infographic for what else is included in a designated record set)

What's not included - Psychotherapy notes and any information compiled for legal proceedings, laboratory results to which the Clinical Laboratory Improvement Act (CLIA) prohibits access or information held by certain research laboratories are not part of the information in the designated record set and are not usually provided to the individual or authorized requester. Also, information like quality assessment notes is not considered part of the patient's designated record set.

Psychotherapy Notes Psychotherapy notes are treated differently than other health care services, and they are not considered TPO. The covered entity that originated them is permitted to use them for treatment. The originating covered entity may also use them for training, for defense in a legal case, to prevent a serious and imminent threat to public safety or as required by law. A covered entity should notify law enforcement or the appropriate family member when an individual is threatening to harm himself or someone else. Otherwise, the patient's authorization to obtain copies of the psychotherapy notes is required for any party requesting them.

When a different covered entity or a personal representative is authorized to view a patient or individual's medical record, psychotherapy notes are excluded from the record, except in the situations described above. Parents are not permitted to read their children's psychotherapy notes, although they are permitted to read their children's mental health diagnoses, symptoms and treatment plans.

National Standards A transaction is an electronic exchange of information between two parties to carry out financial or administrative activities related to health care. An example of this is when a health care provider sends a claim to a health plan to request payment for medical services. According to CMS, HIPAA required HHS to establish national standards for electronic transactions to improve the efficiency and effectiveness of the nation's health care system.

When transaction and code set standards became effective, local codes were eliminated. Insurance carriers using local codes were required to map those codes to standard code sets. NOTE All electronic healthcare transactions, such as claims, remittance, eligibility, claims status requests and responses, are required to follow the standards adopted by HHS - ASC X12 Version 5010 and NCPDP Versions D.0 and 3.0.

Illness Policy Have you ever walked into work and seen your coworker coughing and sneezing? This can create a risk of illness for you and other employees. In this next section, we'll discuss the importance of an illness policy.

Why Develop a Policy? Employers have an obligation to their employees to create a safe and healthy workplace. When an employee is ill in the workplace, they put other employees at risk of becoming ill. However, having an illness policy minimizes this risk. Policy Development Common items to include in your workplace illness policy include: Signs of illness that would warrant an employee being sent home or to not come into work Procedure for sending an employee home in the event of being ill Discipline action if employee refuses to leave the workplace

Prevention of workplace violence is a crucial safety issue in and around hospitals and other healthcare environments. Efforts must be made to prevent and eliminate workplace violence circumstances whenever possible. You should feel safe, supported, and encouraged to report violent incidents or potential violent hazards to your organization without fear of retaliation.

Why Incidents Go Unreported - Incidences of violence sometimes go unreported. It is for a variety of reasons that healthcare staff may not inform management of situations that involve workplace violence. Why do you think that is? It could be for a variety of reasons such as: Lack of procedures or reporting policies Fear that your organization won't be able to resolve the incident effectively Misperception that violence is just a part of your job Fear of employer retaliation It is important for all employees to report any such situation that the employee is uncomfortable with or is outright violent to supervisors. Employees should not be subjected to violent outbursts or situations that cause fear. Be informed of your organization's policies surrounding reporting of situations and report as necessary.

OSHA Workplace Poster and Records The Occupational Safety and Health Act of 1970 (OSHA) assures safe and healthful working conditions for employees by setting and enforcing standards and by providing training, outreach, education, and assistance. OSHA tells employees of their rights with an OSHA poster, which summarizes the major provisions of the OSHA Act of 1970 and explains how to file a complaint. All organizations — including yours — are required to display the poster in the workplace in a conspicuous location where all employees can see it. Most employers place this in a universal break room or employee area. One of the stipulations in the OSHA Act is to keep a record of occupational injuries and illnesses. Under the OSHA record-keeping regulation, your organization does this by completing the OSHA 300 log. This log is where your organization maintains records of serious occupational injuries and illnesses.

Why is this important to you? - This is important to you because it allows you to evaluate the safety of your workplace and really understand industry hazards. It also identifies any worker protections that may be implemented to reduce or eliminate hazards. Accessing Records - Employers with more than 10 employees are required to record specific work-related injuries and illnesses using the OSHA 300 Log. They're also required to prepare a 301 Incident Report for each recordable injury, and from February 1st to April 30th, they must also post a 300A Annual Summary of Work-Related Injuries and Illnesses in your workplace during the previous year. As a current or former employee of your organization, you're entitled to access injury and illness records. Your organization, or your representative, must give you a copy of the relevant documents by the end of the next business day after request.

Engineering Controls The first and best strategy for any potential hazard is to control it at its source. Engineering controls are intended to minimize the hazards of bloodborne pathogens in the work environment and the job itself. These engineering controls include: Sharp disposal container Self-sheathing needles Safe medical devices, such as sharps with engineered sharps injury protection and needleless systems

Work Practice Controls Workplace practice controls are workplace rules and procedures that reduce the likelihood of exposure to hazards by prescribing a safe way a task is performed. Some existing work practice controls are: Never recapping needles Transporting specimens in a secondary container Always disposing of sharps in a Sharps container immediately after use Hand Hygiene Hand washing is one of the most important and easiest practices that can be used to prevent the transmission of bloodborne pathogens. Hands or exposed skin should be thoroughly washed as soon as possible following exposure, and you should try to use soft antibacterial soap. Housekeeping Far too frequently, housekeepers, custodians, and others are punctured or cut by sharps and other potentially contaminated materials that have been improperly disposed. There must be a written schedule for cleaning and decontamination at the work site based on: Location within the facility Type of surface to be cleaned Type of contamination present Tasks or procedures being performed Work surfaces must be decontaminated with an appropriate disinfectant after procedures are completed when surfaces are contaminated and at the end of the work shift. Regulated waste must be placed in containers that are closable, prevent leakage and punctures, are appropriately labeled or color-coded, and are located near the point of use.

Workplace Illumination Proper lighting in the workplace is critical to minimizing the risk of injury or illness. To begin with, poor lighting can negatively affect your work performance by reducing productivity. Injuries due to poor workplace lighting are frequently experienced. Eye strain and headaches are common illnesses that result from subpar lighting. OSHA standards require emergency lighting in the workplace. Emergency lighting assists employees' safe exit from the workplace in the event of an emergency. It is needed in work areas, hallways, and stairwells. Emergency lights should come on whenever power goes out or when a fire alarm is activated and exit signs should be lighted to ensure a safe exit. Additionally, emergency lighting must be inspected annually by a fire marshal.

Workplace Environment Task lighting refers to a more concentrated light, such as a desk lamp or under-shelf lighting. Task lighting guards against eyestrain and headaches. Recommendations for proper workstation setup include arranging one's office or desk to minimize glare from overhead lights, desk lamps, and windows. Use light diffusers to limit brightness on the computer screen and utilize blinds and drapes to eliminate bright light.

Patient and Workplace Safety Measures in Healthcare

XXXXXXXXXXXXXXXXXXXXXXX Introduction and Overview In emergencies, patients and visitors will expect healthcare workers like you to be able to navigate them quickly and safely away from hazards. We'll summarize various workplace hazards, such as fire and radiation, and identify appropriate measures that you should use to ensure the safety of patients and staff. After this course, you will have a better understanding of workplace hazards and how to address them in a safe, calm manner.

Steps to Minimize Workplace-Related Injuries in Healthcare Working in healthcare, you face several serious safety and health hazards. It's crucial to be mindful of working in an environment that not only reduces the healthcare-related hazards like bloodborne pathogen exposure, but also minimizes injuries related to basic workplace hazards, such as ergonomics.

XXXXXXXXXXXXXXXXXXXXXXXXXX