FAQ’s
Compliance categories include OSHA, HIPAA, Infection Control, Fraud & Abuse, and Dental Radiation
The questions are grouped by major categories and then sub groups under those categories. You can look through the list of groups and sub groups or inquire using the drop down box below.
Click on the question to see the answer.
HIPAA COMPLIANCE FAQ’s
- Workers Compensation
- Personal Representatives
- Access & Denial of Access
- Breach
- Release of PHI & Records
- Business Associates
- Sample BAA Form
- Encryption
- Release & Use
- Marketing
- Training
- NPP
- Minors
OSHA COMPLIANCE FAQ’s
- Cleaning Logs
- Sharps Injuries
- Infection Control
- Radiation
- MSDS
- Regulations
- Training
- Hazard Communication
- Engineered Safety Devices
- Hepatitis B Documentation
Radiation FAQ’s
Infection Control FAQ’s
HIPAA FAQ
HIPAA: Workers Compensation
A covered entity may disclose protected health information where the individual’s written authorization has been obtained, consistent with the Privacy Rule’s requirements at 45 CFR 164.508. Thus, a covered entity would be permitted to make the above disclosure if the individual signed such an authorization.
Individuals do not have a right under the Privacy Rule at 45 CFR 164.522(a) to request that a covered entity restrict a disclosure of protected health information about them for workers’ compensation purposes when that disclosure is required by law or authorized by, and necessary to comply with, a workers’ compensation or similar law. See 45 CFR 164.522(a) and 164.512(a) and (l).
HIPAA: Personal Representatives
The individual who is the subject of the protected health information can exercise all rights granted by the HIPAA Privacy Rule with respect to all protected health information about him or her, including information obtained while the individual was an unemancipated minor consistent with State or other law. Generally, the parent would no longer be the personal representative of his or her child once the child reaches the age of majority or becomes emancipated, and therefore, would no longer control the health information about his or her child. Of course, any individual can have a personal representative – which may include a parent – who can exercise rights on his or her behalf.
How does a covered entity identify an individual’s personal representative?
State or other law determines who is authorized to act on an individual’s behalf, thus the Privacy Rule does not address how personal representatives should be identified. However, the HIPAA Privacy Rule does require covered entities to verify a personal representative’s authority in accordance with 45 CFR 164.514(h).
Individuals may control their protected health information under the HIPAA Privacy Rule to the extent State or other law permits them to act on their own behalf. Further, even if an individual is deemed incompetent under State or other law to act on his or her own behalf, covered entities may decline a request by a personal representative for protected health information if the individual objects to the disclosure (or for any other reason), and the disclosure is merely permitted, but not required, under the Rule.
However, covered entities must make disclosures that are required under the Rule (i.e., disclosures to the Secretary and to the individual). Consequently, with respect to the individual’s right of access to protected health information and for an accounting of disclosures, covered entities must provide the individual’s personal representative access to the individual’s protected health information or an accounting of disclosures upon the request of the personal representative, unless the covered entity, in the exercise of professional judgment, believes doing so would not be in the best interest of the individual because of a reasonable belief that the individual may be subject to domestic violence, abuse or neglect by the personal representative, or that doing so would otherwise endanger the individual.
The Rule allows a specified time period before a covered entity must act on such a request; and during this interim period, an individual and his personal representative will have an opportunity to resolve any dispute they may have concerning the request.
No. Except with respect to decedents, a covered entity must treat a personal representative as the individual only when that person has authority under other law to act on the individual’s behalf on matters related to health care. A power of attorney that does not include decisions related to health care in its scope would not authorize the holder to exercise the individual’s rights under the HIPAA Privacy Rule. Further, a covered entity does not have to treat a personal representative as the individual if, in the exercise of professional judgment, it believes doing so would not be in the best interest of the individual because of a reasonable belief that the individual has been or may be subject to domestic violence, abuse or neglect by the personal representative, or that doing so would otherwise endanger the individual.
With respect to personal representatives of deceased individuals, the Privacy Rule requires a covered entity to treat the personal representative as the individual as long as the person has the authority under law to act for the decedent or the estate. The power of attorney would have to be valid after the individual’s death to qualify the holder as the personal representative of the decedent.
The HIPAA Privacy Rule provides two ways for a surviving family member to obtain the protected health information of a deceased relative. First, disclosures of protected health information for treatment purposes—even the treatment of another individual—do not require an authorization; thus, a covered entity may disclose a decedent’s protected health information, without authorization, to the health care provider who is treating the surviving relative. Second, a covered entity must treat a deceased individual’s legally authorized executor or administrator, or a person who is otherwise legally authorized to act on the behalf of the deceased individual or his estate, as a personal representative with respect to protected health information relevant to such representation. The Rule permits the personal representative to obtain the information or provide an authorization for its disclosure.
HIPAA Compliance: Access & Denial of Access
No. Any practice that denies access can be reported to HHS for a violation of a patient’s right. Individuals have a right of access to any protected health information that is used, in whole or in part, to make decisions about them.
HHS provided guidance on this topic as outlined below.
A covered entity may not deny access to protected health information when the information has been obtained from a health care provider. An individual is entitled to have access to all information about him or her generated by the health care system.
No. If the provider has information on the patient it must be given to the patient unless there is reason stated in the regulation that allows a practice to refuse. See the response below received from Health and Human Services.
Response: A general principle in responding to all of these points is that a covered entity is required to provide access to protected health information in accordance with the rule regardless of whether the covered entity created such information or not. Thus, we agree with the first point: in order to meet its requirements for providing access, a covered entity must not only provide access to such protected health information it holds, but must also provide access to such information in a designated record set of its business associate, pursuant to its business associate contract, unless the information is the same as information maintained directly by the covered entity. We require this because an individual may not be aware of business associate relationships. Requiring an individual to track down protected health information held by a business associate would significantly limit access. In addition, we do not permit a covered entity to limit its duty to provide access by giving protected health information to a business associate.
We disagree with the second point: if the individual directs an access request to a covered entity that has the protected health information requested, the covered entity must provide access (unless it may deny access in accordance with this rule). In order to assure that an individual can exercise his or her access rights, we do not require the individual to make a separate request to each originating provider. The originating provider may no longer be in business or may no longer have the information, or the non-originating provider may have the information in a modified or enhanced form.
Yes there are restrictions and guidance. Neither state laws nor HIPAA allow you to refuse access. See information below.
When the HIPAA regulation defines what you can do under a certain condition (such as denying access) that is a very limiting factor. If the regulation does not say you can, then you must assume you cannot.
From Health and Human Services: Response to Comments Received about Access to Protected Health Information:
Response: We agree with these comments, and confirm that failure to pay a bill is not a lawful reason to deny access under this rule. Covered entities may deny access only for the reasons provided in the rule.
Under NC State Law:
Opinion by NC Attorney, Heather Skelton: A physician should never deny a patient 's request for their medical records for nonpayment issues.
Under SC State Law:
SC Code 44-115-70 states that “medical records may not be withheld because of an unpaid bill for medical services.”
AMA Code of Medical Ethics
Opinion 7.02 - Records of Physician: Information and Patients (AMA Code of Medical Ethics)
Notes made in treating a patient are primarily for the physician’s own use and constitute his or her personal property. However, on request of the patient, a physician should provide a copy or a summary of the record to the patient or to another physician, an attorney, or other person designated by the patient.
Most states have enacted statutes that authorize patient access to medical records. These statutes vary in scope and mechanism for permitting patients to review or copy medical records. Access to mental health records, particularly, may be limited by statute or regulation. A physician should become familiar with the applicable laws, rules, or regulations on patient access to medical records.
The record is a confidential document involving the patient-physician relationship and should not be communicated to a third party without the patient’s prior written consent, unless required by law or to protect the welfare of the individual or the community. Medical reports should not be withheld because of an unpaid bill for medical services. Physicians may charge a reasonable fee for copying medical records. (IV)
Report: Issued prior to April 1977; Updated June 1994
From a Georgetown University Booklet after an analysis of NC State law: Can my health care provider deny my request for my medical record because I have not paid my medical bill? No. Your provider cannot deny your request for your medical record because you have not paid your medical bill.
Potential Liability Issues
Talk with your liability insurance carrier about this issue if you are still considering holding records. If you refuse to provide medical records because of non-payment of medical bills, and something happens to the patient (serious illness or death), you may have some liability issues.
HIPAA Compliance: Breach
This is a violation and it is a breach.
Breach – If the employee did access and copy the records, this is a breach for your practice. You are required to notify the patient, report the breach to HHS and take other mitigating action as defined under the breach regulations.
Your policies and your employee training conducted by TMC state that you are only allowed to access or use PHI for treatment, payment and operations, unless another law says you can or must or the patient gives you written authorization. The practice could be fined. Having appropriate policies and training in place with an active enforcement program will go a long way with HHS as they evaluate the breach. The penalties for the employee could be jail time if HHS and the Justice department decided to pursue the route of a criminal charge.
If the employee did access and copy the records, this is a breach for your practice. You are required to notify the patient, report the breach to HHS and take other mitigating action as defined under the breach regulations.
If your records were taken you might also want to talk with your attorney about any financial implications of loss of business from theft of proprietary business information.
Yes. All breaches, 1 or more, are filed with HHS. HHS will put breaches of 500 or more on their website for public view but all are reported. You report 500 or more to HHS and the media. This is done immediately. With fewer than 500 involved, you only report them to HHS. You enter it online and you have until the end of the following January to get them recorded. The link for reporting a breach online is : http://transparency.cit.nih.gov/breach/index.cfm.
There is no alternative to reporting a breach to HHS. The alternative deals with situations where you may have to report to the media. If you have 10 or more people you are unable to reach with a breach notification due to bad addresses, the regulation requires you take an ad in a paper or on TV to reach them or you can put the notice on your website.
HIPAA Compliance: Release of PHI & Records
When a covered health care provider uses an interpreter to communicate with an individual, the individual’s authorization is not required when the provider meets the conditions below.
Covered entities may use and disclose protected health information for treatment, payment and health care operations without an individual’s authorization, 45 CFR 164.506(c). A covered health care provider might use interpreter services to communicate with patients who speak a language other than English or who are deaf or hard of hearing, and provision of interpreter services usually will be a health care operations function of the covered entity as defined at 45 CFR 164.501.
When using interpreter services, a covered entity may use and disclose protected health information regarding an individual without an individual’s authorization as a health care operation, in accordance with the Privacy Rule, in the following ways:
• When the interpreter is a member of the covered entity’s workforce (i.e., a bilingual employee, a contract interpreter on staff, or a volunteer) as defined at 45 CFR 160.103;
• When a covered entity engages the services of a person or entity, who is not a workforce member, to perform interpreter services on its behalf, as a business associate, as defined at 45 CFR 160.103. A covered entity may disclose protected health information as necessary for the business associate to provide interpreter services on the covered entity’s behalf, subject to certain written satisfactory assurances set forth in 45 CFR 164.504(e). For instance, many providers -- including those that are recipients of federal financial assistance and are required under Title VI of the Civil Rights Act of 1964 to take reasonable steps to provide meaningful access to persons with limited English proficiency -- will have contractual arrangements with private commercial companies, community-based organizations, or telephone interpreter service lines to provide such language services. If a covered entity has an ongoing contractual relationship with an interpreter service, that service arrangement should comply with the Privacy Rule business associate agreement requirements.
• In addition, a covered health care provider may, without the individual’s authorization, use or disclose protected health information to the patient’s family member, close friend, or any other person identified by the individual as his or her interpreter for a particular healthcare encounter. In these situations, that interpreter is not a business associate of the health care provider. As with other disclosures to family members, friends or other persons identified by an individual as involved in his or her care, when the individual is present, the covered entity may obtain the individual’s agreement or reasonably infer, based on the exercise of professional judgment, that the individual does not object to the disclosure of protected health information to the interpreter. 45 CFR 164.510(b)(2). For example, if a covered health care provider encounters a patient who speaks a language for which the provider has no employee, volunteer member of the workforce or contractor who can competently interpret, but then is able to identify a telephone interpreter service to communicate with the patient, the provider may contact the telephone interpreter service and identify the language used by the patient, so that the interpreter may explain to the patient that the interpreter is available to assist the patient in communicating with the provider. If the provider reasonably concludes that the patient has chosen to be assisted by the interpreter, and, by the patient’s willingness to continue the health care encounter using the interpreter, reasonably infers that the individual does not object to the disclosure, protected health information may be disclosed in accordance with 45 CFR 164.510(b) without a business associate contract.
Organizations that are subject to both HIPAA and Title VI must comply with the requirements of both laws, though not all HIPAA covered entities are recipients of federal financial assistance and thus, required to comply with Title VI; and not all recipients of federal financial assistance are also HIPAA covered entities, subject to the Privacy Rule.
For information about the obligation of recipients of federal financial assistance to take reasonable steps to provide meaningful access to persons who are limited English proficient, see Guidance to Federal Financial Assistance Recipients Regarding Title VI Prohibition Against National Origin Discrimination Affecting Limited English Proficient Persons available at http://www.hhs.gov/ocr/civilrights/resources/specialtopics/lep/index.html. This guidance includes information for recipients of federal financial assistance about important considerations for determining the competency of interpreters, such as their understanding of applicable confidentiality requirements, that should be taken into account when using interpreters arranged by the provider or when individuals elect to use friends, family or others as interpreters.
HIPAA covered entities may also be required to comply with the Americans with Disabilities Act and/or Section 504 of the Rehabilitation Act of 1973, both of which have requirements for the provision of sign language and oral interpreters for people who are deaf or hard of hearing. The use of communications assistants as part of a Telecommunications Relay Service (TRS) was the subject of a previous FAQ available at http://www.hhs.gov/ocr/hipaa (click on Your Frequently Asked Questions About Privacy, and then search on “TRS”).
Last revised: April 03, 2007
Acknowledgment of receipt of the Notice of Privacy Practices - If the patient is not competent to sign for themselves, you need to have a Personal Representative sign for them. This person must meet the HIPAA and State laws on who is a Personal Representative.
If the caregiver or relative does not have paperwork stating they have legal authority to sign for the patient, then the CE needs to sign the acknowledgment and document why the patient could not sign. The regulation allows you to do this when there is good reason they cannot sign.
You will then need to find out who can sign for the patient, if anyone, and try to obtain that signature. You can always mail the document to the official guardian or person with a POA. In most cases the nursing home has the appropriate paper work that allows them to take action in an emergency but a family member is the true guardian who has the authority to take action.
You can still share information with a caregiver to the extent that person is involved in the patient's care but only information relevant to care.
Only the patient or a personal representative can sign authorization forms to release information except for treatment.
For elderly patients who are no longer able to make decisions for themselves due to deteriorating mental conditions, you can advise the adult children of the need to obtain legal authority to deal with their parent. Until a competent person or the law has given authority to another person to make medical decisions, the patient is legally the decision maker as far as HIPAA and the release of information is concerned.
Many state law deal with personal representatives depending on the condition and circumstances. It is often difficult to find all of the state laws that might apply. The best way is to have the person who claims authority produce a document or a copy of the law that states they have such authority.
Many states produced documents comparing state laws with HIPAA and addressed preemption (which law prevails post HIPAA). This document could also be a big help in decisions involving personal representatives and explaining this to relatives of the patient.
Examples of the many different state laws dealing with Personal Representatives:
For minors, treatment and records release - For NC, Treating Minors, 90-21.1 through 90-21.9. If someone can consent to treatment, they are a Personal Representative. As a personal representative they can sign for the patient as it relates to records.
For mentally handicapped individuals who have always been that way – NC law
§ 50 13.8. Custody of persons incapable of self support upon reaching majority. For the purposes of custody, the rights of a person who is mentally or physically incapable of self support upon reaching his majority shall be the same as a minor child for so long as he remains mentally or physically incapable of self support. This NC law provides for parents to continue as Personal Representatives.
No. HHS dealt with this issue in the 2000 NPRM and their response to questions on this topic. HHS's response, in my opinion, puts the employer in the position of having to obtain an authorization for release of PHI concerning drug testing as a condition of employment and that Covered Entities should not release this information without such authorization.
From NPRM, December 20, 2000: (pgs. 83593 & 82594)
Comment: Several commenters stated that the Secretary should recognize in the preamble that it is permissible for employers to condition employment on an individual's delivering a consent to certain medical tests and/or examinations, such as drug-free workplace programs and Department of Transportation ("DOT'')-required physical examinations. These comments also suggested that employers should be able to receive certain information, such as pass/fail test and examination results, fitness-to-work assessments, and other legally required or permissible physical assessments without obtaining an authorization.…
Response: We reject the suggestion to define "health information,'' which Congress defined in HIPAA, so that it excludes individually identifiable health information that may be relevant to employers for these types of examinations and programs. We do not regulate employers. Nothing in the rules prohibit employers from conditioning employment on an individual signing the appropriate consent or authorization.…
Comment: One commenter asserted that the proposed regulation conflicts with the DOT guidelines regarding positive alcohol and drug tests that require the employer be notified in writing of the results. This document contains protected health information. In addition, the treatment center records must be provided to the Substance Abuse Professional (``SAP'') and the employer must receive a report from SAP with random drug testing recommendations.
Response: It is our understanding that DOT requires drug testing of all applicants for employment in safety-sensitive positions or individuals being transferred to such positions. Employers, pursuant to DOT regulations, may condition an employee's employment or position upon first obtaining an authorization for the disclosure of results of these tests to the employer. Therefore, we do not believe the final rules conflict with the DOT requirements, which do not prohibit obtaining authorizations before such information is disclosed to employers.
HIPAA Compliance: Business Associates
Under the Privacy Rule, a covered entity such as a doctor can contact a patient using a Telecommunications Relay Service (TRS), without the need for a business associate contract with the TRS. The sharing of protected health information between a covered health care provider and a patient through the TRS is permitted by the Privacy Rule under 45 C.F.R. 164.510(b), and a business associate contract is not required in these circumstances.
By way of background, the TRS enables telephone communication for people with hearing or speech impairments by using a communications assistant (CA) who transliterates conversations. The TRS CA relays information, which may include protected health information, between a text telephone (also known as “TTY”) user and another person communicating via voice. The CA must communicate what is said by the parties without alteration. The Federal Communications Commission (FCC), pursuant to the Americans with Disabilities Act (ADA), certifies all State TRS programs, which in turn contract with one or more TRS providers. All TRS providers must comply with standards for operators established by the FCC pursuant to Title IV of the ADA, including protecting the privacy of all relayed communications. The TRS is a public service that is available without cost to all persons and businesses, none of whom need to employ, contract with or otherwise establish business relationships with the TRS. Thus, when performing these services, the TRS is not acting for or on behalf of the covered entity and is not the covered entity’s business associate.
As permitted by 45 C.F.R. 164.510(b), protected health information can be shared during a telephone communication using the TRS because the individual will have an opportunity to agree or object to disclosures of protected health information to the CA. The following typical scenarios describe how this opportunity can be provided in the course of, or prior to, using the TRS:
•Where the individual initiates the call through the TRS, it is reasonable for a covered health care provider to infer from these circumstances that the individual has identified the CA as involved in the individual’s care, and that the individual does not object to the disclosure. See 45 C.F.R. 164.510(b)(2)(iii).
•Where the need for use of the TRS becomes apparent prior to a call being placed, such as when, during an office visit, the individual gives the health care provider his or her TTY number, the opportunity to agree or object to the TRS can be provided at that time. See 45 C.F.R. 164.510(b)(2).
• Even where the covered health care provider initiates a call using the TRS without the individual’s prior agreement, the individual will have an opportunity to agree or object at the outset of the call. Typically, the CA will begin the call by identifying the service to the party called, and if that party is unfamiliar with the TRS, the CA will briefly explain how the service operates. This initial contact by the CA provides the individual with the opportunity to agree to the disclosure by proceeding with the call using the TRS, or to object by terminating the call. See 45 C.F.R. 164.510(b)(2)(i)-(ii).
Last revised: March 26, 2007
HIPAA Compliance: Encryption
The Security Rule, effective in 2005, does not require encryption. It does require you to protect emails with PHI in them. The regulation then provides that encryption is a way to do that. If you protect data by any other means (other than encryption), you must document how and why you believe this is adequate to comply with the regulation. The burden of proof is on the practice.
In 2009 the HITECH Act passed which required HHS to name a definitive standard which was done in August 2009. This standard said if the encryption standard, NIST publication 800-52, is not used and the data is lost stolen hacked or otherwise exposed, it would be a breach requiring an expensive process of notification. See the Final Breach Regulation from 2009.
The greatest risk of unauthorized access may come from someone at the patient’s home or office not the open Internet. Unless you treat a celebrity it is unlikely someone would try to hack the emails.
If you will be sending and receiving only general information, not specific to the patient, then communication without encryption may be considered an acceptable risk. If you are sending and receiving very confidential patient information, I would recommend encryption or a secure email system where data does not travel over the Internet.
You will need to document the acceptance of the risk in your annual Risk Analysis if you do not use encryption and you send data of any type over the Internet.
HIPAA Compliance: Release & Use
Can thank you postcards be sent to patients or must they be enclosed in an envelope?
HHS has ruled that sending a post card to remind a patient of an appointment is an incidental disclosure. However, unless your NPP specifically states that you will send thank you postcards, then you are better off enclosing the post card in an envelope.
Can a physician’s office FAX patient medical information to another physician’s office?
The HIPAA Privacy Rule permits physicians to disclose protected health information to another health care provider for treatment purposes. This can be done by fax. Covered entities must have in place reasonable and appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information that is disclosed using a fax machine. Examples of measures that could be reasonable and appropriate in such a situation include the sender confirming that the fax number to be used is in fact the correct one for the other physician’s office, and placing the fax machine in a secure location to prevent unauthorized access to the information. See 45 CFR164.530(c).
Yes. The Privacy Rule allows those doctors, nurses, hospitals, laboratory technicians, and other health care providers that are covered entities to use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, and other medical information for treatment purposes without the patient’s authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient. See 45 CFR 164.506.
Be aware that some state laws require patient authorization to share PHI even with other providers. Usually State laws allow you to obtain this permission only once from the patient and it applies to all transactions after that unless revoked by the patient. South Carolina is a state that requires such authorization.
HIPAA Compliance: Marketing
Can our practice communicate new product and/or treatment information to patients?
Yes. But patients must be allowed to opt out from receiving future mailings. Under new proposed regulations of July 2010 implementing HITECH Act changes to HIPAA, your Notice of Privacy Practices should say you may be sending such notices and tell patients they have a right to request such notices not be sent. Additionally the notification sent to the patient must offer the opportunity to opt out of any future mailings of this type.
HIPAA Compliance: Training
Treat them as employees, have them read over and understand your HIPAA policies as it applies to PHI. They also need to understand the regulations and what HIPAA is about.
HIPAA: NPP
Begin using the new NPP for all new patients on the effective date. For existing patients who received the earlier version, make the revised NPP available in your lobby, on your web site and give anyone a copy if they request it.
HIPAA Compliance: Minors
What are the applicable laws regarding access and control of PHI for minors?
You may have records on minors where part of the protected health information (PHI) is controlled by the minor (requiring the approval of the minor for release of that information) and other PHI in the record that is controlled by the Personal Representative (usually a parent). To understand this you must know the HIPAA regulations and your pertinent State laws. Anyone under the age of 18 is considered a minor in most states. In most cases the patient or the Personal Representative of the patient may obtain records of the patient, adult or minor patient. The HIPAA regulations provide three situations in which the parent would not be considered the personal representative of a minor patient: - When state or other law does not require the consent of a parent or other person before a minor can obtain a particular health care service, and the minor consents to the health care service. - When a court determines or other law authorizes someone other than the parent to make treatment decisions for a minor; or - When a parent agrees to a confidential relationship between the minor and the physician. For more information see HIPAA regulations on Personal Representatives. Given the first exception listed above, see your state laws on when a minor can approve treatment for themselves and whether there are other mandatory laws on records availability to Personal Representatives even when the minor can approve payment. In SC anyone between the ages of 16 – 18 can consent to Health Care treatment without the consent of a parent or legal guardian. This does not apply to having an operation. Every State has some laws regarding types of treatment minors can approve for themselves and at what age these regulations exist. See the State Regulations section of your TMC HIPAA Compliance Manual for your state information.
OSHA FAQ
OSHA: Cleaning Logs
How long (how many years) we have to keep room cleaning logs?
OSHA does not have a set period of time you need to retain the logs. Usually you will make the retention schedule based on business issues for you. Three years is a good length of time if there are not requirements from other sources.
Your liability insurance carrier usually has suggestions for retention of documents and information they feel may be useful for proving compliance should a patient issue arise. I doubt this one is on their list but it never hurts to ask them.
OSHA: Sharps Injuries
The bloodborne pathogens standard defines "contaminated sharps" as "any contaminated object that can penetrate the skin, including but not limited to, needles, scalpels, broken glass, broken capillary tubes, and exposed ends of dental wires," 1910.1030(b). Scalpels and blades are included in this definition.
In response to the second part of this question, if safety-engineered blades and scalpels were commercially available, a healthcare facility would be required to evaluate them for appropriateness and effectiveness. Since no one device is appropriate for use in all circumstances, the decision to select a safety device is always based upon evaluation and a determination that the device is appropriate and effective for the particular procedure, 1910.1030(c)(1)(iv). Since safety-engineered blades and scalpels are types of engineering controls within the meaning of 1910.1030(b), their use is required by the employer if they are engineering controls which will eliminate or minimize employee exposure, 1910.1030(d)(2)(i).
In the state of South Carolina, would plastic speculums that have been used be considered a sharp and thus fall of the disposal requirements of sharps?
Used speculums may be discarded into a 1 ply, 3 millage red bag, then placed into a transport box with a red bag liner to meet the DHEC regulations. Do not overpack or overfill the bags. Speculums that break prior to or during usage, are considered "a Sharp" and must be placed in a rigid sharps container prior to being place into the lined transport box. (Answer/interpretation provided by SC DHEC)
If the blade had been used on a patient this is an OSHA potential exposure incident and must be handled as such. The source patient needs to be tested for Hepatitis B & C as well as HIV. Remember, many Hep C positive patients have no idea they are positive. The same is true of HIV. The employee needs to go to a physician for evaluation and determination if any postexposure treatment is needed. If the employee refuses have her sign a form indication her refusal. (TMC Post Exposure Medical Evaluation form ECP 150.)
Be sure the employee understands the potential for infection from a sharps injury. The practice also has some exposure if the source patient and the employee are not tested and treated. If the employee ever develops one of the diseases the practice could be liable even years later because you do not know: (1) If she already has a disease (2) If this incident caused it or not.
OSHA requires testing of the source patient, if allowed by law, as soon as possible to at least get a confirmation that there is no infection. A rapid HIV test is the best because if positive the prophylaxis drugs should begin within hours of the injury. OSHA requires this testing. It was just a few months ago that we had another incident and the doctor was injured. When the patient was finally asked to go and be tested, he said, “No need, I know I am positive for HIV.” We cannot always tell by looking at someone.
Yes. It is unsafe for the employee handling the device but it is also unsafe for patients. Both OSHA and the CDC advise against that practice.
In a Letter of Interpretation OSHA explains:
OSHA's Bloodborne Pathogens Standard (29 CFR1910.1030, paragraph (d)(2)(vii)(A)) provides: “Contaminated needles and other contaminated sharps shall not be bent, recapped, or removed, unless the employer can demonstrate that no alternative is feasible or that such action is required by a specific medical or dental procedure.”
More specifically, our new compliance directive, CPL 2-2.69 at XIII.D.5 states, “removing the needle from a used blood-drawing/phlebotomy device is rarely, if ever, required by a medical procedure. Because such devices involve the use of a double-ended needle, such removal clearly exposes employees to additional risk, as does the increased manipulation of a contaminated device.” In order to prevent potential worker exposure to the contaminated hollow bore needle at both the front and back ends, blood tube holders, with needles attached, must be immediately discarded into an accessible sharps container after the safety feature has been activated.
Using a syringe to collect blood would be an example of a situation where clinical or medical necessity would dictate the need for transferring the collected blood to a test tube before disposing of the contaminated blood collection device. If drawing blood with a syringe is necessary, engineering controls (engineered sharps injury protection) and safe work practices (including mechanical means of removal if available) must be used and needleless blood transfer devices must be implemented.
Removing contaminated needles and subsequently reusing blood tube holders poses multiple potential hazards. The increased manipulation required to remove a contaminated needle from a blood tube holder is unnecessary and may result in a needlestick from either the front or back end of the needle. According to information available from the International Health Care Worker Safety Center at the University of Virginia, injuries occurring in phlebotomy are among the highest-risk for transmitting bloodborne pathogens such as HIV, HCV and HBV, because they involve hollow-bore, blood-filled needles.
Further, improper disposal of used, unprotected needle devices potentially affects more than just the user. According to data presented by the California Department of Health Services (January 2002), close to half of all injuries from contaminated sharps occur to those who are not in immediate control of the device, but to those who come in contact with the unprotected needle downstream (e.g., nursing assistants, housekeepers, maintenance personnel). Therefore, disposing of single-use safety-activated blood collection devices decreases potential injuries downstream.
While patient safety is not within the scope of OSHA's mission, we recognize that tube holder reuse poses a potential health hazard to patients. Some clinical studies show that 50-80% of blood tube holders may be contaminated after just one use (Advance/Laboratory, p. 70, January 2000). While it may be difficult to document a patient-to-patient cross-contamination exposure, the risk does exist and should be weighed when making decisions regarding overall safety.
OSHA: Personal Protective Equipment
OSHA requires appropriate PPE. The determination of appropriate is whether it does the job of protecting the skin and clothes of the employee. Additionally OSHA requires that the employer furnish the PPE and that the employer launder the PPE. All lab coats or clothing covers must be removed before leaving the work area.
The Guidelines for Infection Control in Dental Healthcare settings is more specific as to the type of jacket that is best. (See below.)
Neither specified the type of material except that it cover the appropriate areas, is provided by the employer and is of sufficient thickness to protect skin and street clothes and that the clothing be removed at work and laundered by the employer. A shirt from home does not meet OSHA requirements of being provided by the employer. Since the employee presumably took the shirt home to be laundered, it also does not meet the OSHA requirement that the employer launder the item.
You can certainly establish office polices that are more restrictive and exact than OSHA requires, as to the type of lab coats that must be worn at your office.
OSHA Regulations on PPE (1910.1030(c)(3)
(3) Personal Protective Equipment --
(i) Provision. When there is occupational exposure, the employer shall provide, at no cost to the employee, appropriate personal protective equipment such as, but not limited to, gloves, gowns, laboratory coats, face shields or masks and eye protection, and mouthpieces, resuscitation bags, pocket masks, or other ventilation devices. Personal protective equipment will be considered "appropriate" only if it does not permit blood or other potentially infectious materials to pass through to or reach the employee's work clothes, street clothes, undergarments, skin, eyes, mouth, or other mucous membranes under normal conditions of use and for the duration of time which the protective equipment will be used.
(iv) Cleaning, Laundering, and Disposal. The employer shall clean, launder, and dispose of personal protective equipment required by paragraphs (d) and (e) of this standard, at no cost to the employee.
Protective Clothing (From Guidelines for Infection Control in Dental Health-Care Settings published by the CDC)
Protective clothing and equipment (e.g., gowns, lab coats, gloves, masks, and protective eyewear or face shield) should be worn to prevent contamination of street clothing and to protect the skin (e.g., forearms) from exposures to blood and body substances. OSHA bloodborne pathogens standard requires sleeves to be long enough to protect the forearms when the gown is worn as PPE (i.e., when spatter and spray of blood, saliva, or OPIM to the forearms is anticipated) .
The dental healthcare professional should change protective clothing when it becomes visibly soiled and as soon as feasible if penetrated by blood or other potentially infectious fluids. All protective clothing should be removed before leaving the work area (13).
OSHA: Radiation
While this question came from a NC dental facility, all states have similar laws and regulations. You should check your states Radiation regulations as to specific requirements.
Protecting an employee from exposure is more than just the equipment. In addition to the equipment itself:
-The settings must be appropriate
-The rooms must have adequate protection
-Procedures must be in place to avoid direct exposure
The dental professional must ensure that all of the factors result in adequate protection.
OSHA requires an employer to protect employees from radiation exposure. The dental professional has the responsibility to demonstrate that. Digital equipment alone does not meet this requirement.
Under North Carolina regulation, and most other State regulations, the owner of the equipment (the dental professional) must establish that employees do not receive exposure that exceeds the annual effective dose as described in the section of the State X-Ray Regulation. See NC regulation below.
Bonnie Poole with the NC Dept. of Radiation suggested each office establish that radiation exposure does not exceed the limit. One way to do so:
1. Have employees wear the badges for a period of 6 months.
2. Keep a permanent record of the measurements recorded.
3. Have each new employee wear the badge for the 6 month period as well.
4. If an employee becomes pregnant have the employee wear the badge for the entire term.
This also helps from a liability perspective.
1604 OCCUPATIONAL DOSE LIMITS FOR ADULTS
(a) The licensee or registrant shall control the occupational dose to individual adults, except for planned special exposures as provided in Rule .1608 of this Section, to the following dose limits:
(1) an annual limit, which is the more limiting of:
(A) the total effective dose equivalent being equal to five rems (0.05Sv); or
(B) the sum of the deep-dose equivalent and the committed dose equivalent to any individual organ or tissue other than the lens of the eye being equal to 50 rems (0.5 Sv); and
(2) the annual limits to the lens of the eye, to the skin, and to the extremities which are:
(A) an eye dose equivalent of 15 rems (0.15 Sv), and
(B) a shallow-dose equivalent of 50 rems (0.50 Sv) to the skin or to each of the extremities.
(b) Doses received in excess of the annual limits, including doses received during accidents, emergencies, and planned special exposures, shall be subtracted from the limits for planned special exposures that the individual may receive during the current year and during the individual's lifetime. Dose limits for planned special exposures are provided in Item (5) of Rule .1608 of this Section.
(c) The assigned deep-dose equivalent and shallow-dose equivalent shall be for the part of the body receiving the highest exposure. The deep-dose equivalent, eye dose equivalent and shallow-dose equivalent may be assessed from surveys or other radiation measurements for the purpose of demonstrating compliance with the occupational dose limits, if the individual monitoring device was not in the region of highest potential exposure, or the results of individual monitoring are unavailable.
(d) Derived air concentration (DAC) and annual limit on intake (ALI) values are presented in Table 1 of Appendix B to 10 CFR §§ 20.1001 - 20.2401 and may be used to determine the individual's dose and to demonstrate compliance with the occupational dose limits.
(e) In addition to the annual dose limits, the licensee shall limit the soluble uranium intake by an individual to 10 milligrams in a week in consideration of chemical toxicity. Requirements for annual limits on intake for uranium are provided in Appendix B to 10 CFR §§ 20.1001 - 20.2401.
(f) The licensee or registrant shall reduce the dose that an individual may be allowed to receive in the current year by the amount of occupational dose received while employed by any other person. Requirements for determining prior occupational exposure are provided in Rule .1638(e) of this Section.
History Note: Authority G.S. 104E-7(a)(2); Eff. January 1, 1994.
OSHA: MSDS
Are electronic copies and access for MSDS compliant with OSHA standards?
Yes.
Hazard Communication Standard Section ...1910.1200(g)(8)
The employer shall maintain in the workplace copies of the required material safety data sheets for each hazardous chemical, and shall ensure that they are readily accessible during each work shift to employees when they are in their work area(s). (Electronic access, microfiche, and other alternatives to maintaining paper copies of the material safety data sheets are permitted as long as no barriers to immediate employee access in each workplace are created by such options.)
1. The employer must ensure that MSDSs are readily accessible and that there are no barriers to employee access. This includes ensuring that reliable devices are readily accessible in the workplace at all times.
2. The employer must ensure that workers are trained in the use of these devices, including specific software.
3. The employer must maintain a paper copy of the MSDS inventory sheet (list of all MSDS for the office) for reference.
4. The employer must ensure that there is an adequate back-up system for rapid access to hazard information in the event of an emergency including power-outages, equipment failure, on-line access delays, etc.
5. Additionally, it has been a long-standing policy of OSHA that the transmission of hazard information over the phone is not acceptable.
6. The employer must ensure that the system of electronic access is part of the overall hazard communication program of the workplace.
7. The employer must ensure that employees are able to obtain hard copies of the MSDSs, if needed or desired.
8. In case of emergency, the employer must ensure that mechanisms must be immediately available to provide emergency response personnel with hard copies of MSDSs.
OSHA: Regulations
OSHA's Bloodborne Pathogens Standard applies to all employers with employees who have occupational exposure to blood or other potentially infectious materials (OPIM), regardless of how many workers are employed. However, workplaces with 10 or fewer employees are exempt from OSHA recordkeeping requirements and are also exempt from recording and maintaining a Sharps Injury Log. (See 29 CFR 1904 for applicability of recordkeeping requirements). All other applicable provisions of the Bloodborne Pathogens Standard still apply.
Do I have to keep a sharps injury log? Does it have to be confidential?
If, as an employer, you are required to maintain a log of occupational injuries and illnesses under 29 CFR 1904, you must also establish and maintain a sharps injury log for recording percutaneous injuries from contaminated sharps. The Sharps Log must contain, at a minimum, information about the injury, the type and brand of device involved in the injury (if known), the department or work area where the exposure occurred, and an explanation of how the incident occurred. The log must be recorded and maintained in such a manner so as to protect the confidentiality of the injured employee (e.g., removal of personal identifiers).
Even if you do not have to retain a list of occupational injuries, you will find such a report valuable for evaluating new devices and taking corrective action on an annual basis.
What if a safer option is not available for the medical device that I use?
A key element in choosing a safer medical device, other than its appropriateness to the procedure and effectiveness, is its availability on the market. If there is no safer option for a particular medical device used where there is exposure to blood or OPIM, you are not required to use something other than the device that is normally used. During your annual review of devices, you must inquire about new or prospective safer options and document this fact in your written Exposure Control Plan. With increasing medical technology, more devices are becoming available for different procedures. If no engineering control is available, work practice controls shall be used and, if occupational exposure still remains, personal protective equipment must also be used.
Small medical offices may want to seek input from all employees when making their decisions. Larger facilities are not required to request input from all exposed employees; however, the employees selected should represent the range of exposure situations encountered in the workplace (e.g., pediatrics, emergency department, etc.). The solicitation of employees who have been involved in the input and evaluation process must be documented in the Exposure Control Plan.
What if I've never had an employee experience a needlestick, do I still need to use safer devices?
Yes. OSHA standards are intended to be implemented as a means to prevent occupational injuries and illnesses. In order to most effectively avoid percutaneous injuries from contaminated sharps, employees must use engineering controls, including safer medical devices.
By what date do we have to implement safer medical devices?
The requirement to implement safer medical devices is not new. However, the revised standard further clarifies what is meant by "engineering controls" in the original 1991 Bloodborne Pathogens standard by adding language to the definition section of the standard that reflects the development and availability of new safer medical devices over the last decade. The 1991 standard states, "engineering and work practice controls shall be used to eliminate or minimize employee exposure." The revision defines Engineering Controls as "controls (e.g., sharps disposal containers, self-sheathing needles, safer medical devices, such as sharps with engineered sharps injury protections and needleless systems) that isolate or remove the bloodborne pathogens hazard from the workplace." Consequently, you should already have safer devices in place. If you have not already evaluated and implemented appropriate and available engineering controls, you must do so now. Also, employees with occupational exposure to blood and OPIM must be trained regarding the proper use of all engineering and work practice controls.
Does the "Needlestick Act" apply to me?
OSHA's Bloodborne Pathogens Standard, including its 2001 revisions, applies to all employers who have employees with reasonably anticipated occupational exposure to blood or other potentially infectious materials (OPIM). These employers must implement the applicable requirements set forth in the standard. Some of the new and clarified provisions in the standard apply only to healthcare activities, but some of the provisions, particularly the requirements to update the Exposure Control Plan and to keep a sharps injury log, will apply to non-healthcare as well as healthcare activities.
States and territories that operate their own OSHA-approved state programs must adopt the revisions to the bloodborne pathogens standard, or adopt a more stringent amendment to their existing standard, by Oct. 18, 2001. (NOTE: The original adoption date for state plan states was July 18, 2001 (or six months from the date the standard was published in the Federal Register). However, an additional three months was added which coincides with the Federal 90-day education campaign).
How does the "Needlestick Act" apply to OSHA's Bloodborne Pathogens Standard?
The Act directed OSHA to revise its Bloodborne Pathogens Standard (29 CFR 1910.1030). OSHA published the revised standard in the Federal Register on January 18, 2001; it took effect on April 18, 2001. The agency implemented a 90-day outreach and education effort for both OSHA staff and the regulated public before beginning enforcement of the new requirements. Accordingly, OSHA will not enforce the new provisions of the standard (requiring employers to maintain a sharps injury log and to involve non-managerial employees in selecting safer needle devices) until July 17, 2001. (The requirement to implement the use of engineering controls, which includes safer medical devices, has been in effect since 1992).
What is the Needlestick Safety and Prevention Act?
The Needlestick Safety and Prevention Act (the Act) (Pub. L. 106-430) was signed into law on November 6, 2000. Because occupational exposure to bloodborne pathogens from accidental sharps injuries in healthcare and other occupational settings continues to be a serious problem, Congress felt that a modification to OSHA's Bloodborne Pathogens Standard was appropriate (29 CFR 1910.1030) to set forth in greater detail (and make more specific) OSHA's requirement for employers to identify, evaluate, and implement safer medical devices. The Act also mandated additional requirements for maintaining a sharps injury log and for the involvement of non-managerial healthcare workers in evaluating and choosing devices.
OSHA: Employee Training
The standard does not specify that the trainer be "physically" in the classroom while training is being conducted. The training requirements established under 29 CFR 1910.1030(g)(2)(vii)(N) require an employer to allow for an opportunity for interactive questions and answers with the person conducting the training session. Employers use a variety of methods to meet the intent of the standard. As an example, training conducted by compressed digital video (CDV) where the trainer is in one location but is in direct communication with the trainees would provide for an interactive exchange and is an acceptable method for meeting the requirements of the standard. Additionally, OSHA has previously stated that an employer can meet OSHA's requirement for trainees to have direct access to a qualified trainer by providing a telephone hotline. The trainer must be accessible to employees during the time of training. It is important to note, too, that employees must be trained initially prior to being placed in positions where occupational exposure to blood or other potentially infectious materials (OPIM) may occur.
Staff members working on evening shifts or weekends when the healthcare professional or designated trainer is not on duty would therefore not have the opportunity for interactive discussion with the trainer during the training session. This training scenario would not meet the intent of the standard and would constitute a violation of 1910.1030(g)(2)(vii)(N). Employees must have direct access to a qualified trainer at the time the training is being conducted.
No. The Bloodborne Pathogens Standard, 29 CFR 1910.1030, does not specify a particular job classification for qualified trainers. 29 CFR 1910.1030(g)(2)(viii) does however require that the trainer be: knowledgeable in the subject matter covered by the elements contained in the training program. . . In OSHA's bloodborne pathogens compliance directive (OSHA Instruction CPL 02-02-069), we state: trainers include a variety of healthcare professionals such as infection control practitioners, nurse practitioners, registered nurses, occupational health professionals, physician's assistants, and emergency medical technicians. Non-healthcare professionals, such as but not limited to, industrial hygienists, epidemiologists, or professional trainers, may conduct the training provided they are knowledgeable in the subject matter covered by the elements contained in the training program as it relates to the workplace. One way, but not the only way, knowledge can be demonstrated is the fact that the person received specialized training.
OSHA: Hazard Communication
What is the definition of "corrosive materials" and the definition of "exposed to"?
Although the standards discussed above do not define these terms, OSHA's Hazard Communication Standard is instructive. The standard at 29 CFR 1910.1200, Appendix A, defines a corrosive as:
A chemical that causes visible destruction of, or irreversible alterations in, living tissue by chemical action at the site of contact. For example, a chemical is considered to be corrosive if, when tested on the intact skin of albino rabbits by the method described by the U.S. Department of Transportation in appendix A to 49 CFR part 173, it destroys or changes irreversibly the structure of the tissue at the site of contact following an exposure period of four hours. This term shall not refer to action on inanimate surfaces.
Generally speaking, corrosive materials have a very low pH (acids) or a very high pH (bases). Strong bases are usually more corrosive than acids. Examples of corrosive materials are sodium hydroxide (lye), sulfuric acid, X-Ray developer and Clorox.
As defined in 29 CFR 1910.1200(c),
"Exposure" or "exposed" means that an employee is subjected in the course of employment to a chemical that is a physical or health hazard, and includes potential (e.g., accidental or possible) exposure. "Subjected" in terms of health hazards includes any route of entry (e.g., inhalation, ingestion, skin contact or absorption.)
When are eyewash and shower fixtures required?
The OSHA requirements for emergency eyewashes and showers, found at 29 CFR 1910.151(c) and 29 CFR 1926.50(g), specify: "Where the eyes or body of any person may be exposed to injurious corrosive materials, suitable facilities for quick drenching or flushing of the eyes and body shall be provided within the work area for immediate emergency use." OSHA inspectors define this as in the same room with no door that can close between the area where employees work with a corrosive and where the eyewash station is located. X-Ray developer room or a place where you mix bleach and water are examples. The eyewash facility must be in the same room.
OSHA: Engineered Safety Devices
OSHA's Bloodborne Pathogens Standard (29 CFR1910.1030, paragraph (d)(2)(vii)(A)) provides: “Contaminated needles and other contaminated sharps shall not be bent, recapped, or removed, unless the employer can demonstrate that no alternative is feasible or that such action is required by a specific medical or dental procedure.” More specifically, our new compliance directive, CPL 2-2.69 at XIII.D.5 states, “removing the needle from a used blood-drawing/phlebotomy device is rarely, if ever, required by a medical procedure. Because such devices involve the use of a double-ended needle, such removal clearly exposes employees to additional risk, as does the increased manipulation of a contaminated device.” In order to prevent potential worker exposure to the contaminated hollow bore needle at both the front and back ends, blood tube holders, with needles attached, must be immediately discarded into an accessible sharps container after the safety feature has been activated.
Using a syringe to collect blood would be an example of a situation where clinical or medical necessity would dictate the need for transferring the collected blood to a test tube before disposing of the contaminated blood collection device. If drawing blood with a syringe is necessary, engineering controls (engineered sharps injury protection) and safe work practices (including mechanical means of removal if available) must be used and needleless blood transfer devices must be implemented.
Removing contaminated needles and subsequently reusing blood tube holders poses multiple potential hazards. The increased manipulation required to remove a contaminated needle from a blood tube holder is unnecessary and may result in a needlestick from either the front or back end of the needle. According to information available from the International Health Care Worker Safety Center at the University of Virginia, injuries occurring in phlebotomy are among the highest-risk for transmitting bloodborne pathogens such as HIV, HCV and HBV, because they involve hollow-bore, blood-filled needles.
Further, improper disposal of used, unprotected needle devices potentially affects more than just the user. According to data presented by the California Department of Health Services (January 2002), close to half of all injuries from contaminated sharps occur to those who are not in immediate control of the device, but to those who come in contact with the unprotected needle downstream (e.g., nursing assistants, housekeepers, maintenance personnel). Therefore, disposing of single-use safety-activated blood collection devices decreases potential injuries downstream.
While patient safety is not within the scope of OSHA's mission, we recognize that tube holder reuse poses a potential health hazard to patients. Some clinical studies show that 50-80% of blood tube holders may be contaminated after just one use (Advance/Laboratory, p. 70, January 2000). While it may be difficult to document a patient-to-patient cross-contamination exposure, the risk does exist and should be weighed when making decisions regarding overall safety.
OSHA: Hep B Documentation
When do we need to test our employees for TB? We have been testing them annually.
Testing depends on the risk rating for your practice. If you complete the Risk Evaluation and your practice is a low risk facility, the CDC recommends you test each employee when they are hired to obtain a baseline. The only need for additional testing is if there is an exposure incident or your risk rating changes. Most practices are low risk.
The TMC OSHA Manual has a TB plan in the Infection Control section of the manual and Safety Officer Webinars assist practices in documenting the TB Risk Rating.
No, it is not required that an employer administer serologic testing in order to document previous hepatitis B vaccination from another place of employment for employees who claim to have received the vaccination prior to beginning a new job. In fact, the standard prohibits making participation in a prescreening program a prerequisite for receiving hepatitis B vaccination [29 CFR 1910.1030(f)(2)(ii)]. When the employer cannot obtain records or employees are uncertain about whether they were vaccinated, the hepatitis B vaccine must be made available, unless previous antibody testing has revealed that the employee is immune or the vaccine is contraindicated for medical reasons [29 CFR 1910.1030(f)(2)(i)]. Vaccination of persons who have previously been vaccinated does not increase the risk for adverse events.
As you may know, employers are required to maintain an accurate copy of each employee's hepatitis B vaccination status, including the dates of all the hepatitis B vaccinations [29 CFR 1910.1030(h)(1)(ii)(B)]. The documentation of vaccination status serves as a useful tool in assisting healthcare professionals who must administer post-exposure counseling and treatment to employees following an exposure incident. Documentation showing administration of the complete 3-dose series is necessary to prevent unnecessary repeated vaccination. The Centers for Disease Control and Prevention (CDC) considers a reliable vaccination history to be a written, dated record of each dose of a complete series. 1 Employers must make every effort to obtain a reliable record of employees' vaccination status. These efforts may include contacting the previous employer or facility where the vaccination was administered to obtain these records. As it is a requirement that all employers maintain these records for the duration of employment plus 30 years, a previous employer who administered hepatitis B vaccinations would have copies of those records [29 CFR 1910.1030(h)(1)(iv)]. If a copy of the vaccination record cannot be obtained, then OSHA recommends that documentation verifying the employer's attempt to obtain the record be maintained. When these records cannot be obtained from the previous employer, the current employer must obtain from the employee a written statement about vaccination status, including the dates or, where this is not possible, the approximate dates of the vaccinations.
Radiation FAQ
Radiation: Dental X-Ray
Each state has regulations that define acceptable practices so you should check with your state regulations on these types of X-Rays.
From the NC Radiology Compliance Branch:
Shielding would be considered best practice or industry standard to shield patients regardless of age or exam. Below you will find I have highlighted areas that {state it} would be best practice to use shielding. This is from the NC Regulations. A facility can be cited for not using auxiliary equipment designed to minimize patient exposure. Note the highlighted areas of the regulation.
.0603(1)(F)
(F) Gonad shielding of not less than 0.5 mm lead equivalent shall be used for potentially procreative patients during radiographic procedures in which the gonads are in the direct, or useful beam, except for cases in which this would interfere with the diagnostic procedures.
(G) Individuals shall not be exposed to the useful beam except for healing arts purposes. Such exposures shall have been authorized by a licensed practitioner of the healing arts. This provision specifically prohibits deliberate exposure of an individual for training, demonstration or other non-healing arts purposes.
(H) When a patient or film must be provided with auxiliary support during a radiographic exposure:
(i) Mechanical holding devices shall be used whenever medical circumstances permit. Written safety procedures, as required in Part (a)(1)(D) of this Rule shall indicate the requirements for selecting a holder;
(ii) If a human holder is required, written safety procedures as required in Part (a)(1)(D) of this Rule, shall indicate the instructions provided to the holder;
(iii) The human holder shall be protected as required in Part (a)(1)(E) of this Rule;
(iv) No individual shall be used routinely to hold patients or film.
(I) Procedures and auxiliary equipment designed to minimize patient and personnel exposure commensurate with the needed diagnostic information shall be utilized. This includes, but is not limited to, the following requirements:
(i) The speed of film or screen and film combinations shall be the fastest speed consistent with the diagnostic objective of the examinations.
(ii) The radiation exposure to the patient shall be the minimum exposure required to produce images of good diagnostic quality.
Each state has regulations on what is acceptable so you need to verify that your state allows the newer lead-free ones and what the specific requirements are.
In NC you can use the lead –free variety if they are the thickness needed to meet the regulatory requirement of not less than 0.5 mm of lead equivalent. Some companies offer a product that does not mean these regulatory requirements. See the NC guidance on The Use and Care of Lead Protective Equipment. It states lead or lead equivalent.
You are correct. Squeeze bottles are not acceptable for use where corrosive chemicals are handled. If possible you need to have a plumbed eye wash unit. The unit must be in the room where corrosive chemicals are handled with no door that can be shut regardless of the distance to the nearest eyewash unit.
If that is not feasible or cost effective, a stand-alone portable unit is allowed by OSHA. There are gravity-fed or gravity flow types, where water flows downward by means of a tank higher than the nozzles and thus the volume of water pushes the flow downward. Gravity-fed or gravity flow units are easily mounted on walls and sometimes wheeled around on cart for mobility. Most gravity-fed eye wash stations emit the standard three gallons per minute and are capable of running uninterrupted for at least 15 minutes.
These units are available at Sears, from Guardian, SAS or many other reliable vendors on the Internet. If you do a search on portable eyewash stations you will obtain a number of options. Prices in the $150 to $225 range are available. You may need some drainage installation but some have everything self-contained.
See the eyewash requirements to assist you in selection and placement.
If you will reference the North Carolina Regulations for Protection Against Radiation, effective Aug 2002, it states in the 1600 Section, (.1624) that the licensee or registrant /*shall*/ post /*each*/ radiation area with a conspicuous sign or signs bearing the radiation symbol and the words: CAUTION/ RADIATION. This is a regulation and is not optional. They would be in violation without signs posted in each area, ie. Each x-ray room needs a sign.
Answered by Christy Britt, NC Radiation Protection
Do you need to use aprons with digital x-rays?
Always use protective garments, no matter if it is traditional or digital technology that you are using.
Infection Control FAQ
Infection Control: Sterilization
How many years should we keep sterilization records and logs?
According to Guideline for Disinfection and Sterilization in Healthcare Facilities, 2008 on page 92, records should be kept in accordance with many different recommendations.
Retain sterilization records (mechanical, chemical, and biological) for a time period that complies with standards (e.g., 3 years), statutes of limitations, and state and federal regulations.
Records related to the sterilization process will become extremely important should there be an investigation related to an infection outbreak in the practice or if there is an indication of equipment failure.
At TMC we recommend contacting your medical malpractice carrier or attorney for specific guidelines on retention of records. If part of a larger organization, comply with established record keeping standards.
Do we have to document every load we run in each autoclave?
Yes, the CDC in its document Guideline for Disinfection and Sterilization in Healthcare Facilities, 2008 on page 92 clearly outlines the expectation for documentation of all sterilization cycles. Each load should be documented and a brief explanation of contents processed. This documentation can be completed by using form ECP 560 – Sterilizer Log in the forms section of your TMC OSHA Manual.
For each sterilization cycle, record the type of sterilizer and cycle used; the load identification number; the load contents;
Can we use a household dishwasher to clean instruments utilized for procedures in our practice?
According to Guideline for Disinfection and Sterilization in Healthcare Facilities, 2008 on page 84,
Perform either manual cleaning (i.e., using friction) or mechanical cleaning (e.g., with ultrasonic cleaners, washer-disinfector, washer-sterilizers).
While this statement does not say you cannot use household dishwashers to clean instruments these units are not included in the recommended devices. In order for equipment to be used to clean instruments used in the delivery of patient care they must receive FDA approval for that use, which household dishwashers have not received.
Infection Control: NC IC Law 0206
How often do we have to attend the employee training?
There is no annual training requirement written in this law. Based on our experience we recommend attending the training every two to three years just to ensure that your practice is meeting the most current recommendations.
How will we know if we have to comply with this law?
If you perform invasive procedures this law applies to your practice. An invasive procedure can be as simple as drawing blood or giving an injection. For dental practices that perform procedures during which bleeding occurs or the potential for bleeding exist must meet the requirements of the law as well.
Do we need to have one person in each location that has attended the Infection Control training?
Yes, according to the staff at SPICE the law requires a person at each site that has attended a state approved training who will oversee the infection control program for the practice.
