Reliance on the use of contractors has increased dramatically over recent years in most employment sectors. Organizations are increasingly concentrating on core activities and operations and are taking on contract staff for chore activities. Many organizations, for example, make use of contract cleaning staff in place of their own cleaning operatives. Many organizations also take advantage of the increased flexibility with respect to labor that comes from the appropriate use of contract staff. Many seasonal activities, such as fruit picking have always relied on temporary labor. In recent years this trend has increased, with more and more organizations taking advantage of the increased flexibility from the use of contract or agency workers. This increased use of contract staff may present the organization's management with various challenges, but in most situations the advantages outweigh the disadvantages. It is essential, however, that the health and safety implications of this increased use of contract staff are considered and appropriate controls implemented.
Although there are many reasons for using contractors, there are also some disadvantages, including unfamiliarity of the contractor with the employer's business, management systems, procedures, work processes, premises, and plant and equipment.
The principles of effective management of contract staff are effectively the same whether the organization (referred to as the client) uses one individual or a variety of different contract organizations. It should be remembered, however, that self-employed contractors and contractors working for small organizations may be less aware of health and safety.
A common misconception: There is a common, but flawed, belief that appointing a contractor absolves the client from responsibility for the health and safety of that contracted work. Managers, Directors and VPs within organizations can be heard to voice the opinion: "they are the experts in what they do; surely all of the health and safety is down to them to sort out". This thinking may cost lives, business, profit and bad publicity.
Work carried out for a company, such as the work of a contractor, was still regarded as a part of their undertaking and so they retain a duty of care even when the work has been contracted out.
A better understanding of the position: Work undertaken for a client by a contractor is covered by a civil contract. It is good practice for health and safety requirements to be written in to such a contract. Health and safety responsibilities, however, are defined by the criminal law and they cannot be passed on from one party to another by a contract. In a client/contractor relationship, both parties will have duties under health and safety law. Similarly, if the contractor employs sub-contractors to carry out some or all of the work, all parties will have some health and safety responsibilities. The extent of the responsibilities of each party will depend on the circumstances.
Sign up to learn more about Controlling your contractors, including aspects such as:
Differences between ICD-9 and ICD-10
Planning and Implementation
Provide solutions for help
How much can it cost if you get it wrong? - Well, people can die or they can be made seriously ill and they can suffer life changing injuries.
It can also cost you money. In a recent UK case, a major high street retailer and three of its contractors were fined for putting people (including members of the public, staff and construction workers) at risk of exposure from asbestos-containing materials during the refurbishment of stores two of its stores. The client was fined £1 million (with costs of £600,000), while the various contractors were fined £200,000, £100,000 and £50,000 and were also ordered to pay costs.
The fines for the client were greater than those for the contractors.
Overview: Your organization's focus should be protecting the privacy and security of PHI and reducing the probability of a breach. Passing an OCR audit should be the result of an effective compliance culture, not your aim on goal.
Here are things you can do to ensure you're prepared for HIPAA compliance, and in turn, are ready for an audit:
Document your security, privacy and breach policies and review and update those policies periodically.
Regularly perform a security risk analysis to find any vulnerable areas and create an action plan to fix these possible vulnerable areas.
Update your risk analysis and risk management plans if they haven't been updated in 2+ ye.
Keep an organized archive of the business associates affiliated with your organization. Update your agreements with them when changes are made.
Train your staff so they understand the importance of maintaining a culture of HIPAA compliance and know the required steps to take to protect the PHI your organization handles.
Why is OCR cracking down with their audits? According to David Holtzman, a former senior advisor at OCR, "the healthcare industry is a generation behind banking in safeguarding information." In 2013, the healthcare industry saw a 138% increase in the exposure of sensitive records, as well as a 20% increase with medical identification theft.
No one looks forward to an audit. Audits are time-consuming and can be uncomfortable to endure. But no one wants to experience a security breach either, and the effects of a breach are much worse to endure than an audit. If you're already HIPAA compliant, then you're already prepared to survive an OCR audit.