Experts: OSHA Wants to Shame Employers Into Compliance
Is OSHA engaged in a conspiracy against employers? Possibly, say workers’ comp experts.
Recent actions by the agency combined with proposed changes to reporting requirements and a controversial white paper have led some to believe there is a concerted effort to at least shame employers into creating safer workplaces. During a recent webinar, two experts warned of stepped up enforcement actions and advised employers to make sure they are prepared.
Assistant Secretary of Labor for Occupational Safety and Health David Michaels believes some employers allow hazards to exist in their workplaces “because they recognize that it is not in their financial interest to abate serious hazards, especially in the short term.” The language was included in a statement Michaels released in July 2010, soon after his appointment. He noted that the likelihood of an inspection “is low” and the fines are “inconsequential.”
“When David Michaels was appointed (assistant secretary of labor for occupational safety and health) in July 2010 he issued a press release, and in that he essentially said OSHA needs to make a ‘fundamental transformation’ in the way it addresses workplace hazards,” said Mark Sullivan, senior consultant at Aon Risk Solutions.
Michaels’ message wasn’t subtle. “In some cases, ‘regulation by shaming’ may be the most effective means for OSHA to encourage elimination of life-threatening hazards and we will not hesitate to publicize the names of violators, especially when their actions place the safety and health of workers in danger,” he wrote. “To do this, we will issue more hard-hitting press releases that explain more clearly why we cited a specific employer.”
Sullivan and attorney Melissa A. Bailey of Ogletree, Deakins, Nash, Smoak & Stewart PC discussed the agency’s stepped up enforcement, publicity surrounding that enforcement, and a recent controversial white paper issued by the agency during a webinar. How Will OSHA Changes Impact Your Workers’ Compensation Program? was part of the Out Front Ideas with Kimberly and Mark educational series sponsored by Sedgwick and Safety National.
“As someone who’s done OSHA work for over 15 years, I follow policies carefully,” Bailey said. “I don’t recall a situation where this kind of white paper [was issued and] not related to a specific hazard. To me this is pretty unusual.”
The white paper, issued earlier this year, linked workplace injuries to income inequality. It coincided with the release of a series of reports from Propublica and NPR that were critical of the workers’ comp system.
“I haven’t seen this kind of policy paper from OSHA before on a global issue,” Bailey continued. “It matches up with the general mood of OSHA and the Department of Labor: ‘Let’s look at global issues and really advocate for policies we want.'”
According to the speakers, the white paper is further evidence of OSHA’s determination to force employers to comply with agency regulations in the face of budgetary cutbacks over the last several years.
Electronic Reporting Proposal
In addition, the speakers noted that OSHA plans to implement a new reporting requirement soon. While not changing what employers are required to track, the proposed rule would mandate the electronic submission of injury and illness information on a quarterly basis for establishments with more than 250 employees, and annual summaries of work-related injuries and illnesses for establishments with at least 20 employers in certain high-hazard industries.
The agency said it will eventually post the data online although the identification of the employer and employees will be redacted. How the agency would maintain the confidentially of employers on the public database remains to be seen, the speakers said.
“In some cases, ‘regulation by shaming’ may be the most effective means for OSHA to encourage elimination of life-threatening hazards and we will not hesitate to publicize the names of violators, especially when their actions place the safety and health of workers in danger.” —Assistant Secretary of Labor for Occupational Safety and Health David Michaels
“This is really a very major change in the recordkeeping system,” Sullivan said. “Under the current method, OSHA log information remains in-house unless OSHA inspects [the company] or requests it as part of a survey. This would modify the law to expand OSHA’s authority to collect that data.”
Sullivan noted one concern is that the proposal may drive companies to focus more on post-loss lagging indicators rather than leading indicators. “Leading indicators are pre-incident measurements,” he said. “Lagging indicators are collected after the incident and include traditional numbers, the rate or cost of injuries. They don’t by themselves reflect the effectiveness of safety management. Leading indicators include steps to prevent injuries such as training, audits, incident investigations, and corrective actions.”
OSHA has indicated the proposed rule would improve workplace safety and health through better tracking. But the speakers believe there are other reasons.
“This would be a tremendous benefit for union organizers,” Bailey said. “The message could be to an unorganized facility, ‘the facility that voted us in last year has had far fewer accidents than your facility, so vote union.'”
The posting of the information could also present problems for contractors.
“The use of injury rates has really been a prevalent practice for some time as part of the selection criteria to select safe contractors, especially in the construction industry,” Sullivan said. “In my experience, some of these ignore leading indicators and can cause an employer to be rejected on injury rates alone. That can result in severe hardship if they lose large contracts.”
Preparation Is Key
Employers can protect themselves against unwanted OSHA citations by establishing basic safety management. Sullivan noted several steps outlined in a standard from the American National Standards Institute:
- Management commitment to show senior management provides direction and policy and resources for a company to have and execute a safety process.
- Employee involvement.
- Planning, including ongoing hazard assessment and prioritizing.
- Implementation and operation, including the design and review of emergency procedures, safety training.
One Quarter of Opioid Patients Become Long-Term Users
A history of substance abuse, a greater burden of illness, and smoking may drive a progression from shorter to longer term opioid use. The Mayo Clinic found those were among the strongest risk factors leading to episodic or long-term opioid use.
Researchers looked at a sample of patients in an area near the Minnesota-based clinic who received prescriptions for opioids during 2009. The patients’ opioid uses were categorized into the following time frames:
- Short term — episodes of opioid prescribing that lasted 90 days or less.
- Episodic — episodes of opioid prescribing lasting longer than 90 days if the total days supply was less than 120 and the total number of prescriptions was fewer than 10.
- Long term — episodes of opioid prescribing lasting longer than 90 days with 120 or more total days supply or 10 or more prescriptions.
“Overall, 293 patients received 515 new opioid prescriptions in 2009,” the authors noted. “Of these, 61 (21 percent) progressed to an episodic prescribing pattern and 19 (6 percent) progressed to a long-term prescribing pattern.”
Prescriptions included in the study sample were all those in the opioid analgesic drug class: all formulations of oxycodone, morphine, hydromorphone, oxymorphone, hydrocodone, fentanyl, meperidine, codeine, and methadone. The most common reason for the first prescription was surgery or another painful procedure, followed by musculoskeletal pain and trauma.
For each of the three prescribing patterns, the authors looked at characteristics such as education, the presence of depression or anxiety, additional psychiatric illness, substance abuse, nicotine use, and CCI — severity and age weighted sum of diseases.
“In univariate models, patients in the group who received the episodic prescribing pattern were more likely to be past or current nicotine users than were patients in the group who received the short-term prescribing pattern. Patients in the group with the long-term prescribing pattern were more likely to have lower education levels, a past or current history of nicotine use, a past or current history of substance abuse, and a higher CCI than were patients in the group who received the short-term prescribing pattern,” the report explained. “When those in the episodic and long-term groups (i.e., who received more than 90 days of prescriptions) were considered together and compared with those in the short-term group, the former were more likely to have a past or current history of nicotine use, other psychiatric diagnosis, and a past or current history of substance abuse.”
The authors found that smokers with chronic pain were more likely to use opioids and in greater quantities than nonsmokers with chronic pain. They said research suggests an interaction between the pharmacology of nicotine and opioids.
“A reciprocal relationship has been observed between opioid and nicotine consumption,” they explained. “Increases in opioid use have been associated with increases in nicotine use, and increases in nicotine use have been associated with increases in opioid consumption.”
Medical providers should screen patients for past or current tobacco use and past or current substance abuse before starting an opioid prescription, the authors advised. “This would allow the clinician to assess the risk of longer-term prescribing and would provide the opportunity to counsel the patient about these potential risk factors before actually receiving the initial prescription.
Cyberrisk: ‘Healthy Dose of Paranoia’ Needed
The workers’ comp system has been generally spared from data hackers. But with the multitude of people and companies transmitting and sharing files daily, it is incumbent upon companies to take protective actions, advises a managed care services provider.
Data breaches at some of the country’s largest health plans as well as among retailers has prompted Genex Services, LLC to offer suggestions to protect the industry. In addition to recommended steps to take, a new white paper also includes basic regulatory issues and terminology to help industry stakeholders better understand data concerns and the need to collaborate with partners and vendors.
“Our industry certainly could be, and perhaps already is, at risk,” notes the paper. “Lack of strong data security could expose an organization to millions of dollars in litigation, damage control and repair costs.”
The document, Enemy at the Gate: Data Security Risks in Workers’ Comp, outlines the potential risks and offers advice.
“A healthy dose of paranoia is a necessity for today,” the paper states. “It is clearly in the best interest of our industry, and of workers, to err on the side of caution.”
“The ability to show strong data security controls is critical for employers and carriers,” the paper advises. “Companies want assurance that their data will be stored and backed up securely and in a physically safe location, that there are controls for who can access data, who can share information and the manner in which data is shared, e.g. secure email server.”
A number of “key domain risks” face the industry such as unauthorized access to personal health information. Such information “could be used for identity theft or even blackmail,” the paper says. “Unfortunately, there are many ways for such data to be accessed. Data is always in motion in comp claims as there are various vendors, case managers, bill review specialists, and independent medical examiners, all transmitting and sharing files and forms every day.”
“A healthy dose of paranoia is a necessity for today. It is clearly in the best interest of our industry, and of workers, to err on the side of caution.”
Carefully vetting vendors and properly managing passwords are among the methods to ensure security controls are effective. Passwords, the paper advises, should be “easy to remember, but not overly simplistic and be changed more than twice a year to reduce potential risks.” Password parameters should be developed for “all applications and networks.”
Sending claim information over the Internet is risky. The emphasis on mobile workplaces “exacerbates risk from the Internet.”
The authors advise companies to remind employees to “remain vigilant” when adjusters, providers, and injured workers are sending emails that include addresses, dates of birth, and Social Security numbers through non-secure servers. “These senders need to be informed and educated of the dangers associated with nonsecure platforms,” the document states.
Administrative, technical, and physical controls should be implemented. Administrative controls, for example, include conducting background checks and using confidentiality agreements, as well as security awareness training. Anti-virus, network segmentation and web and email filtering are among the technical controls that should be put into place.
Physical controls relate to limiting access to buildings and data access. Key fobs or card entry building access systems are recommended. A “security triangle” should be created to ensure all controls are highly secured and monitored.
Steps to Take
Organizations can take a variety of measures to ensure the security of sensitive data. Continually reviewing and improving technical controls and providing clear guidance and instruction to employees transmitting data are among them. Antivirus programs should be installed on all systems and virus definitions should be updated frequently, such as every three hours.
The paper offers a variety of additional tips, including:
Encrypt data on the C drive, data-in transit, and databases on servers to protect data, in case a laptop is lost or stolen.
Implement a system to determine which department or individual can access data and limit the number of people with full access to everything.
Guard against email phishing to avoid scams. “Be aware of anything involving shipping or delivery of product, and warn employees to be especially wary of unsolicited emails purporting to be from government agencies and popular internet commerce sites, such as the IRS or PayPal, especially during tax season, and high volume online shopping periods,” the document recommends.
Instruct vendors to tell their own employees of the importance of security to ensure all links in the data security chain are strong.
The paper is the latest to address concerns of potential data breaches in workers’ comp. Cyber security is among the targets for Sedgwick this year.
In a recent blog post, Sedgwick’s senior vice president and information security officer Robert Jackson suggested the health care industry has set the bar on data security too low. “You may think you have taken the steps needed to protect your company’s data,” Jackson wrote. “How does your data security currently stack up?”
Jackson poses a series of questions on tools to protect data and points out that many “standards” are insufficient. For example, antivirus software is not the best protection against malware, he says. “Traditional antivirus software can only protect against things it has previously seen; new malware is specifically designed to constantly change itself to bypass traditional antivirus software.” He points to application whitelisting software as the best replacement for antivirus software on workstations and servers.
Penetration testing is not the best way to double-check Internet facing software so it cannot be hacked. Instead, he says tools such as binary code testers analyze logic and software vulnerabilities for all programming in an organization’s code, not just the code operating when regular testing occurs.