Compliance 101 - 'What I didn't Learn in Dental School'

"I don't know all the questions; so how can I possibly know all the answers?" In January of 1992, it was the bottom-line question posed during the monthly meeting of a south end study club. In the conference room of a local restaurant, seven Renton dentists were trying to digest OSHA's (and, therefore, WISHA's) newest regulation, the Bloodborne Pathogens Standard. Little did they know but, in one fell swoop, this regulation would change the dental industry forever and dentists across the country were asking the same questions.

The topic of the evening was the latest in a series of club discussion under the general heading, "What I Didn't Learn in Dental School". As they agreed that evening and, over the next several sessions, it was just about everything relating to the growing numbers of local, state, and federal regulations. And, consistently, while they didn't always understand the questions, or have the answers, they knew their charge was singular; they had to comply. They invited HARRISBIOMEDICAL to help.

HARRISBIOMEDICAL was founded in 1989 to assist dental and medical practices respond to the written program and staff training requirements of King County's new Infectious Waste Management regulation. In the next couple of years, requests for assistance with WISHA's Accident Prevention, Hazard Communication, and Bloodborne Pathogens programs followed and HARRISBIOMEDICAL became recognized as the full-service Compliance Company.

The requirements are many and those 1990 dentists still practicing remember when most of the early regulations were adopted; many of our younger generation of dentists weren't yet born. OSHA's Accident Prevention (1970) and Hazard Communication (1983) were already in place when the Bloodborne Pathogen Standard was implemented in 1992. The Needlestick Safety and Prevention Act amended the Bloodborne rule in 2000 and HIPAA rules were implemented in 2003, 2005, 2010, and 2013. The Globally Harmonized System (GHS) amended the Hazard Communication standard in 2016. COVID-19 brought the Respiratory Protection Program in 2020 and COVID's Supplemental Plan and OSHA's Emergency Temporary Standard was added in 2021. On top of them all, DQAC implemented Washington's Infection and Prevention Control rules in 2021

At this point there are nine basic regulations, not counting anything relating to licensure that require written policies and procedures, staff training, annual review, and documentation. Each, of course, is presented in full "bureaucratize" fashion. This presentation offers a hands-on translation of what you didn't learn in dental school.

OSHA or WISHA; what's the difference?

OSHA is WISHA's "Mamma". The Occupational Safety and Health Act (OSHA) is the federal regulation that requires all employers to provide a safe working environment for their employees. The Act allows OSHA-approved "State Plans" which are operated and enforced by the individual states rather than federal OSHA. Washington's-approved State Plan; is the Washington Industrial Safety and Health Act (WISHA). This means in Washington, it's WISHA, not OSHA. Federal OSHA protects federal employees and WISHA protects non-federal employees (everybody else).

WISHA - Washington Industrial Safety and Health Act

The Washington Industrial Safety and Health Act is responsible to ensure the safe and healthful working conditions for every (non-federal) man and woman in the state. The Department of Labor and Industries has the responsibility to administer the state's safety and health programs. The Division of Safety and Health (DOSH) is the enforcement arm charged to ensure employers follow the rules, implement safety programs, and provide a safe working environment. It is DOSH that responds to complaints and conducts compliance investigations.

The three primary WISHA regulations designed to protect employees at work in Washington are the Accident Prevention, Bloodborne Pathogens, and Hazard Communication. Employers are required to establish in-house safety programs for each of the regulations that include written policies and procedures, staff training, on-going monitoring, and annual review.

Accident Prevention Program:

Each WISHA regulation requires written programs. The Accident Prevention Program was Washington's first and is the foundation Washington's regulations dedicated to ensuring that employees have a safe working environment. It includes basic safety requirement such as fire extinguishers, eye wash stations, written safety programs, safety meetings and staff training. It's based on the original OSHA regulation, with a short list of more restrictive amendments. Most notably is the requirement for written safety policies and procedures that must be tailored to the activities of the individual practice and may not be generic, fill-in-the-blank programs. It also requires that employee training be provided live and interactive.

Compliance Checklist:

•	Written Accident Prevention Program - (a) tailored to your practice and (b) based on WISHA regulations
•	Monthly safety meetings - Documented
•	Reporting Accidents - Training
•	Location and use of Fire Extinguishers - training
•	Location and use of Eyewash device - training
•	Staff training - documented
•	First aid certification - documented
•	Emergency response and evacuation - training

Hazard Communication Program:

Also called "The-Right-to-Know" law, the Hazard Communication regulation was adopted to ensure that employees were advised and trained about the hazards of all chemicals with which employees were working or might be exposed. Like the other WISHA regulations, a written program and annual staff training is required. In addition to program and training elements, the basic "Communication" of the standard is required with specific emphasis on product-specific labels and other forms of warning, Safety Data Sheets, and product monitoring. In 2013, the Globally Harmonized System (GHS) amended the standard to update the informational elements of both the labels and the (then) Material Safety Data Sheets.

Compliance Checklist

•	Written Hazard Communication Program - (a) tailored to your practice and (b) based on WISHA regulations
•	Staff training - documented
•	Primary and Secondary labels and warnings -training
•	SDS Manual/binder - complete and current
•	GHS written procedures - training
•	Emergency response - chemical exposures training
•	Personal Protective Equipment - training

Bloodborne Pathogens Program:

The adoption of WISHA's Occupational Exposure to Bloodborne Pathogen standard in 1992 completed WISHA's employee safety program trifecta. Implemented as the measure to protect employees from exposure to pathogen-contaminated blood and/or other potentially infectious body fluids, it completely changed the everyday operation of the dental practice. From new directives requiring the use of personal protective equipment, to specific, post-procedure disinfection and sterilization requirements, identification of employee risk categories, and hepatitis B vaccinations, the new game in town wasn't well received. And, WISHA inspectors had another reason to visit.

Compliance Checklist

•	Written Bloodborne Pathogens Program - (a) tailored to your practice and (b) based on WISHA regulations
•	Hepatitis B vaccination (clinical staff) - documented
•	Exposure potential tasks - documented
•	Personal Protective Equipment - training
•	Staff training - documentation
•	Post exposure management - training
•	Sharps Injury prevention - training
•	Sterilization and Disinfection - training

HIPAA - Health Insurance Portability & Accountability Act

HIPAA Privacy Rule:

The HIPAA Privacy rule was implemented in 2003 as the first of four significant rules designed to protect a patient's personal medical and dental records as well as other individually identifiable health information defined as Protected Health Information (PHI). For the most part, the Privacy Rule addressed the management of patient information documented in a paper format. Required written and physical safeguards, to protect the patient's privacy, along with established limits and conditions of use, are the cornerstones of the Privacy Rule. Terms like "covered entity" and "Business Associates" became commonplace and, as with WISHA, written policies and associated staff training are central to HIPAA compliance.

Compliance Checklist

•	Written Privacy Rule Program - (a) tailored to your practice (b) current
•	Staff training - documented
•	Statement of Privacy Practices (SPP)- offered and posted
•	Posted in office and website
•	Acknowledgement of Receipt of SPP - offered and documented
•	PHI security - facility and records
•	Breach Disclosures - training
•	Breach protocols - training
•	Breach notification - training
•	Annual risk assessment - documented

HIPAA Security Rule:

HIPAA's Security Rule was implemented two years after the Privacy Rule, in 2005. While the Privacy rule centered primarily on protecting patient paper records, the Security Rule established standards to protect patient records in the electronic format. Specifically, patient information that is created, received, used, and/or maintained electronically requires additional security safeguards to ensure protection of electronic protected health information. The Security rule equivalent to the Privacy Rule's PHI is ePHI.

Compliance Checklist

•	Written Security Rule Program - (a) tailored to your practice and (b) current
•	Administrative safeguards - documented / training
•	Workforce security (staff) - documented / training
•	Staff Training - annual; documented
•	Information management - training
•	Security Incidence Protocols - training
•	Contingency Plan - training
•	Physical Safeguards -training
•	Access Controls - training
•	Technical Safeguards - training
•	User ID and Passwords - documented / training
•	Encryption
•	Audit Controls

HIPAA Breach Notification Rule:

By HIPAA's definition, a "breach" is an impermissible access, use, or disclosure of a patient's PHI that compromises the security and/or privacy of the protected information. The Breach Notification Rule establishes the processes and steps necessary to investigate, report, and provide notification to affected patients and to Health and Human Services. The U.S. Office for Civil Rights is the investigative arm for HHS for all HIPAA complaints and reported. PHI breaches.

HIPAA Omnibus Rule:

The Omnibus rule was adopted as significant amendment to the Privacy and Security rules including substantive changes to the management responsibilities of Business Associates management of PHI and ePHI. Business Associates were required to comply with, and be directly liable for, violations of HIPAA's Security Rule technical, administrative and physical safeguards.

Infectious Waste Management Program:

The Infectious Waste Management rule is an arms-length cousin of WISHA's Bloodborne Pathogen standard. Called biomedical waste, infectious waste, and contaminated medical waste by various governmental entities, the BBP uses the term "regulated" waste and is concerned only about the handling and management of the waste while in the medical or dental facility. In Washington, when it leaves the facility for disposal it becomes a public concern and the responsibility of the individual county governments who establish disposal guidelines and requirements. Not all counties in Washington have adopted infectious waste disposal regulations.

Compliance Checklist

•	Written Infectious Waste Management Program - (a) tailored to your practice and (b) County rules
•	Staff training - annual; documented
•	Waste handling - training
•	Waste treatment - training
•	Waste disposal - training
•	Contingency Program - training
•	Complaints and Inspections

Respiratory Protection Program:

The requirement of a written Respiratory Protection Program is a child of COVID-19's impact on the medical and dental communities. When WISHA and Washington Governor mandated wearing an N95 respirator during aerosol-generating procedures, the requirements for fit-testing, seal-testing, and written Respiratory Protection Programs came with it. Just as WISHA and HIPAA require written programs that must be tailored to the activities of the individual practice, so it is with the Respirator regulation. All practices that use respirators must have written policies and procedures.

Compliance Checklist

•	Written Infection Control Program - (a) tailored to your practice and (b) WISHA rules
•	Respirator selection
•	Medical Evaluation
•	Fit testing
•	Seal testing
•	Staff training

Infection Control:

After more than four years of Committee meetings and dedicated effort of DQAC's Infection Control Committee and staff, Washington's new Infection Control and Prevention were adopted in late 2020 and became effective in January of 2021. Based upon the CDC's 2003 and 2012 guidelines for dental healthcare professionals, the new rules establish eight basic rules including protocols and procedures for hand hygiene, dental unit water quality, disinfection and sterilization, sterilization of low speed handpiece motors (August, 2022), written Infection Control programs and annual staff training.

Compliance Checklist

•	Written Infection Control Program - (a) tailored to your practice and (b) DQAC rules
•	Staff training - annual; documented
•	PPE - training
•	Environmental Infection Control - training
•	Spaulding Classification - training
•	Transmission Precautions - training
•	Disinfection & Sterilization - training
•	Dental Unit Water Quality - training

About HARRISBIOMEDICAL

HARRISBIOMEDICAL is one of the country's leading compliance firms, providing a full range of client services designed to help the dental industry respond to the mandates of OSHA, HIPAA, and Infection Control regulations. It established its leading-edge reputation by responding to client needs in direct, reliable, and accountable ways.

The introduction and preparation of its Accident Prevention, Hazard Communication, Exposure Control, Infectious Waste, Respiratory Protection, Infection Control, and COVID-19 supplemental written programs, along with the associated staff training, led to HARRISBIOMEDICAL becoming the health care industry's answer to compliance concerns.

Founded in 1989, HARRISBIOMEDICAL has prepared more than 8000 WISHA and OSHA programs, provided compliance programs and training to nearly 215,000 dental professionals. HB is recognized as the company that can not only ensure immediate written compliance and staff training, but can answer the ever-troublesome compliance questions. This added "information service" contributes significantly to its reputation as "The Compliance Company

Terre Harris

, President/CEO, has represented the dental industry and lectured throughout the country on OSHA, HIPAA, and Infection Control compliance since 1989. He's been a member of the Organization for Safety, Asepsis, and Prevention since 2001, a consultant to Seattle Study Club members since 2014, an active member of Washington's Academy of General Dentistry and the Advisor to its Board of Directors in matters of dental office compliance. His personal belief that people learn best and remember longer if they can laugh at the same time has helped place Terre's speaking engagements and training programs among the best and most enjoyable in the industry.