As all employers confront the COVID-191 (coronavirus) pandemic, they must balance providing a safe and healthy work environment for their employees with a need to avoid potential liability when taking decisive, well-meaning protective action. This pressure is particularly acute for employers in the healthcare industry.
Concerns of healthcare providers are unique compared to other employers and will require tailored guidance specific to the provider’s position within the healthcare industry, and will also require analysis of governmental regulatory and reporting obligations. Accordingly, this alert discusses special employment- and labor-related concerns, confidentiality of health information, regulatory standards and practices, and potential legal pitfalls healthcare employers may face when confronting a potential pandemic.
As with any serious disease or viral outbreak, issues related to COVID-19 are rapidly evolving. Healthcare employers should stay abreast of developments from authorities such as the U.S. Centers for Disease Control (CDC),2 the Centers for Medicare & Medicaid Services (CMS), the Equal Employment Opportunity Commission (EEOC), the World Health Organization (WHO), and state and local public health agencies, and seek advice from experienced legal counsel with an understanding of the healthcare industry regarding specific legal concerns.
Employment Law Considerations for Healthcare Providers
Keeping Employees Safe
Employers have an obligation under Section 5(a) of the Occupational Safety and Health Act (OSHA) and state health and safety laws to provide a workplace “free from recognized hazards that are causing or are likely to cause death or serious physical harm.” 29 U.S.C. § 654(a). State laws may impose more specific health and safety requirements, such as Cal/OSHA’s Aerosol Transmissible Diseases (ATD) for healthcare employers.
Employees with acute respiratory illness symptoms (e.g., cough, shortness of breath) should be separated from other workers and sent home immediately after reporting to occupational health. If an employer learns that an employee has tested positive for COVID-19, the employer may have obligations to notify co-workers who may have been exposed while protecting the confidentiality of the employee who is ill.
- Refer to their existing written infection control or aerosol transmissible disease plans as a starting point.
- Follow all guidelines provided by health authorities such as the CDC, CMS, and state and local health authorities. Among other instructions, these guidelines provide recommendations for group gatherings and social distancing. For example, CDC recently issued special guidance for New Rochelle, NY, Santa Clara, CA, and Seattle, WA.
- Keep in mind that employees who express a reasonable fear of health and safety risks may be protected from disciplinary action under OSHA’s anti-retaliation provision.
Monitoring for Symptoms
The CDC has issued Interim Guidance for Risk Assessment and Public Health Management of Healthcare Personnel, available here. In addition, CMS published Guidance for Infection Control and Prevention, available here, and continues to issue memoranda applicable to various types of health facilities, available here. This guidance is expected to continue to evolve as the virus progresses, so healthcare employers should check back frequently.
With respect to screenings and similar monitoring actions, the ADA and state antidiscrimination laws generally prohibit employers from conducting medical examinations of employees unless they are “job-related and consistent with business necessity.” This means that any examination must be tailored to assess the employee’s ability to perform essential job functions or whether the employee poses a “direct threat” to self or others.
Further, the scope of any medical examination or inquiry should be tailored to the business necessity and no broader than necessary. Although this is a high standard, under EEOC guidance, employers should have greater flexibility to monitor for symptoms now that the WHO has declared COVID-19 to be a pandemic. Further, in light of healthcare providers’ role in caring for vulnerable patients, the CDC interim guidance makes clear that healthcare employers have wider latitude still to monitor employees for symptoms of COVID-19, particularly where employees have the potential for direct or indirect exposure to patients or infectious materials. Healthcare providers are encouraged to seek guidance from local public health authorities and to use their own clinical judgment in assessing risk.
The CDC contemplates that healthcare providers may measure employees’ temperatures and ask about symptoms prior to starting work. Employers should pay nonexempt employees for the time spent undergoing these checks. As an alternative, employers may ask employees to report their temperature and confirm absence of symptoms to occupational health before each shift.
Employees should be instructed to monitor themselves at all times for fever and signs of respiratory illness and to stay home if symptoms develop. Employers should train their employees on how to report possible exposures to COVID-19, as well as to report COVID-19 symptoms.
For employees who may have come into contact with someone with COVID-19, under current CDC guidance, healthcare employers should conduct a risk assessment of the employees’ potential for infection and take monitoring steps, including temperature checks and observation for symptoms, based on whether an employee is assessed to be low-, medium-, or high-risk. Depending on the risk level, self-monitoring under the supervision of the employer’s occupational health or infection control program, active monitoring by the public health authority (which may be delegated to the facility), or exclusion from the workplace for 14 days may be indicated.
Employees Who Have Traveled to High-Risk Locations
Many employers are requiring employees who have traveled recently to countries for which the CDC has issued a Travel Health Notice to remain away from work for a period (typically 14 days) after they return. Any questions about recent travel should be consistently asked of all employees.
Employers should use care not to single out employees based on ethnicity or national origin, and supervisors should be reminded to watch for and report any conduct that suggests that stereotyping could be occurring. In addition, for union employers there may be a duty to bargain prior to requiring employees to stay home, as discussed below.
Pay During Mandated Time Away From Work
Employers should consider whether employees will be paid for time when they are required to remain away from work due to a possible exposure or recent travel to high-risk areas.
In some cases, employees may be able to continue working remotely while away from the office. Where this is possible, employers should plan for the issues that typically arise with remote work, including ensuring that nonexempt employees are paid for all time worked, the necessary tools and equipment are provided, and safeguarding data security. In some cases, including in California, employers may be required to pay for employees’ necessary use of their personal devices to telework.
Healthcare providers that are covered by HIPAA should review and, if needed, update their risk analyses to address risks associated with employees working remotely.
Where work from home is not possible, employers should consider whether to pay employees for mandated time away, including where a union contract does not require this. Although pay may not be required for employees who are nonexempt from overtime and for full-week absences for exempt employees, some employers may choose to pay for the time away to promote positive employee relations, a step that some state governments, including Washington, are encouraging.
In some states, including Washington, employees may be eligible to receive workers’ compensation pay for periods when they are excluded from work. In California, employees who are unable to work due to confirmed exposure to COVID-19 may be eligible for State Disability Insurance payments. Where such benefits are available, some state governments, including Washington state, are encouraging employers to make up the difference between the amount of the benefit and the employee’s full pay.
Other employers may choose to grant additional sick leave to cover the time off. Employers also should check sick leave and vacation/PTO policies, as well as policies providing for time off due to exposure to infectious substances, to determine additional sources of pay during required time off. Employers who require asymptomatic employees to remain home, or who reduce employees’ work hours, may need to provide notices relating to disability insurance and/or unemployment insurance benefits and should consult counsel if they have questions.
Employees Who Become Ill
According to CMS guidance, if an employee develops signs of a respiratory infection while working, then the employee should stop working immediately, put on a face mask, and self-isolate at home. Employees also should inform the healthcare provider’s occupational health or infection control team, and the employer should contact the local health department.
Employees with symptoms of respiratory illness, even with no known exposure to COVID-19, should be required to stay home for a period after they are free of fever (100.0°F or greater using an oral thermometer or subjective fever ), signs of a fever, and any other symptoms, without the use of fever-reducing or other symptom-altering medicines such as aspirin or cough suppressants. The Washington State Department of Health recommends here that individuals should remain at home for 72 hours after symptoms clear.
In the event that a healthcare employee contracts COVID-19 at work, the illness may be covered by workers’ compensation. In addition, employees who become sick (at work or otherwise), are likely to have rights to protected time off under the federal Family and Medical Leave Act (FMLA) and state family and medical leave laws, as well as additional leave time as a reasonable accommodation.
Employees who have family members who become ill may have rights to use sick leave and/or to take leave under FMLA and state law to care for the family member. Such employees may need to self-isolate for the duration of the family member’s illness, plus an additional period to see if they develop symptoms.
Labor Relations for Healthcare Providers
Many healthcare systems have unionized workforces, meaning both the employer’s and the union’s response to COVID-19 must remain mindful of various limitations imposed by the National Labor Relations Act (NLRA).
Unions already have started demanding information about potential workplace exposures and are entitled to information relevant to their representation of bargaining unit employees, including information regarding any risk assessment, precautionary measures, and contingency plans. Unions also have a right to information that relates to the bargaining unit employees’ working conditions. In most cases the standard is very low, and the employer likely will be required to produce requested information.
Confidential information also might need to be produced, but employers can flag that data and request the union accommodate the need to maintain confidentiality. For bona fide confidential information, such as protected health information (PHI), employers may withhold that information unless and until the parties bargain an agreement as to how the confidential information will be used.
As to a union’s right to information about specific patients being treated by the healthcare provider who may be involved in a potential workplace exposure, HIPAA likely would permit a covered healthcare provider to disclose limited information about a patient, such as a permissible disclosure as a healthcare operation, but only the minimum amount of information necessary to address the union’s concerns. For example, generally there would be no need to provide the patient’s name, but there may be reason to state to which units the patient may have been admitted. Healthcare providers should verify the implications of more stringent requirements, such as under state law or 42 CFR Part 2, that protects the confidentiality of substance use disorder information.
Bargaining Obligations for Healthcare Providers
The NLRA places important restrictions on when a healthcare employer can make changes to the terms and conditions of work, even in response to a pandemic. This begins with an employer’s affirmative obligation to provide notice and bargain over changes to so-called “mandatory subjects of bargaining.”
Broadly speaking, these include wages, hours, and other terms and conditions of labor. For instance, screening employees for symptoms, requiring protective gear (i.e., facemasks and respirators), changing an employee’s schedule, and requiring vaccinations are all examples of mandatory bargaining subjects. Many CBAs also have provisions that govern time off (paid and unpaid) in the event of an illness, emergency, or other prohibition on reporting to a usual and customary place of work.
If an employer institutes a change touching on mandatory subjects of bargaining, absent one of the exceptions identified below, the employer must provide the union advance notice and bargain over the proposed change before implementation. If the employer and the union reach an impasse on a proposed change to a mandatory bargaining subject, then the employer may implement its change unilaterally. However, no hard and fast rule exists for determining whether an impasse has been reached, and the presence or absence of a legitimate impasse often is the subject of contentious litigation.
- Unions may waive their statutory right to demand bargaining through established past practices or a clear and unambiguous management rights clause in a governing CBA. Any analysis of what an employer can and cannot do in response to a threat like COVID-19 should thus start with a careful examination of the CBA and the parties’ past practices to determine what terms and conditions apply and whether the union waived its statutory right to bargain the particular change under consideration.
- Another exception to the general duty to bargain exists when a “compelling economic exigency” requires immediate, unilateral action. Although the economic exigency standard is high, an employer may be able to justify it in a pandemic situation. As with reaching an impasse, however, no hard and fast rule exists for determining the presence or absence of a “compelling economic exigency,” and every situation will be evaluated according to its own unique facts and circumstances.
However, it is important to bear in mind that even if the employer is free to implement a change affecting a mandatory subject of bargaining for one of the reasons discussed above, the employer still will be required to bargain the effects of its decision, although it does not have to exhaust bargaining prior to implementation.
If an employer is obligated to provide notice of a planned change, then the NLRA requires “adequate” notice to afford meaningful bargaining. When a healthcare employer can show that time is of the essence and a prompt change is required, then relatively short notice of a few days may be adequate under certain circumstances.
As the foregoing discussion illustrates, the labor implications of a comprehensive pandemic response are complex. It is a good idea for healthcare employers to coordinate with relevant unions as soon as possible to promote proper bargaining, particularly when implementing what could constitute a physical examination or other change to an entitlement covered by the CBA . Securing union leadership support early can go a long way toward a rapid response that keeps both employees and patients as safe as possible.
HIPAA continues to apply during the COVID-19 outbreak as well as in other emergency situations. The Department of Health and Human Services has published guidance concerning HIPAA and COVID-19, which can be found here.
With respect to patients, HIPAA prohibits uses and disclosures of PHI unless specifically permitted or required under HIPAA. These requirements apply to information about the provider’s patients, which may include employees who are treated by their healthcare employer .
Remember, the minimum necessary rule applies to most of these permissible uses and disclosures. Providers should be careful to verify that state law does not restrict these uses and disclosures that are permitted by HIPAA. For example, California law narrowly limits the ability of providers to disclose health information in response to an imminent threat.
Generally, as a high-level overview, HIPAA would permit uses and disclosures of PHI for the following purposes:
- Treatment Purposes - HIPAA permits a covered healthcare provider to use and disclose PHI for treatment purposes without the patient’s authorization. This would include treating the particular patient or another patient as well as coordination or management of healthcare, consultations, and referrals. The minimum necessary rule does not apply to uses and disclosures for treatment purposes.
- Public Health Activities - HIPAA also permits – and states generally require – the healthcare provider to disclose PHI to a public health authority for public health activities. A provider generally must report a COVID-19 diagnosis. The public health authority may further disseminate the information as needed for public health purposes. The provider also may disclose PHI to a person at risk of contracting or spreading the disease as long as authorized under state law.
- Prevention or Lessening of a Serious and Imminent Threat - Healthcare providers, using their professional judgment, may share PHI to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public. The disclosure may be to anyone who reasonably may assist in preventing or lessening the threat.
- Disaster Relief Efforts - A healthcare provider may disclose PHI to disaster relief organization, such as the American Red Cross, to coordinate notification of family. The provider should follow its HIPAA guidance to “avail itself of the opportunity to agree or object” to protocols.
- Family and Others Involved in the Individual's Care - After providing the individual with the opportunity to agree or object, the provider may share with a patient’s family members, friends, or others involved in the patient’s care PHI that is directly relevant to the patient’s care. The provider also may notify family and others responsible for the care of the patient of the patient’s location and general condition.
- Facility Directory - Unless the patient has opted out of the facility directory, the provider may disclose to a person asking for the patient by name the patient’s location and general condition. If a patient is unable to agree to participate in the directory, then the provider may use its professional judgment in deciding what would be in the patient’s best interests.
- Healthcare Operations - A healthcare provider may use and disclose PHI for its own healthcare operations such as planning, administration, and keeping the provider operating through the emergency situation.
- Authorization - A healthcare provider may obtain a valid HIPAA authorization from on behalf of the patient, particularly if no other permissible purpose for disclosure exists. An authorization is recommended for the provider to announce to the media or the public at large specific identifying information about a particular patient. The provider should carefully vet any public announcements.
HIPAA generally would not apply to information about the healthcare employer’s employees that is maintained by the provider in its capacity as an employer. Beyond that, an employer must be cognizant of its obligations under the ADA not to share medical information about an employee and the employee’s right to privacy (by avoiding public disclosure of private facts).
One option is for the provider to ask the employee for permission to share the fact of the diagnosis with co-workers. Without consent, the employer should limit its statements, such as to simply inform employees that they may have been exposed to COVID-19 or that a person on a particular unit is being monitored for COVID-19.
Group Health Plan
Healthcare providers also usually sponsor group health plans for their employees and dependents. Most group health plans are covered entities under HIPAA. Any uses and disclosures of PHI from the group health plan must meet the requirements of HIPAA.
Healthcare employers should not use any health plan information for employment purposes, such as to review claims for clues as to whether an employee may have been exposed to COVID-19.
Regulatory Standards and Requirements
Federal, state, and local agencies with oversight over healthcare provider licensing and accreditation requirements and/or government healthcare benefit programs are taking action in response to COVID-19 on an ongoing, evolving basis. Many of these agencies now have areas on their public websites dedicated specifically to COVID-19-related matters and also provide links to other relevant sites, including the CDC.3
Agencies also are using their Twitter accounts to provide news and make announcements related to COVID-19 and arrange conference calls with impacted stakeholders. To date, healthcare regulatory agencies have emphasized to the providers over which they have jurisdiction to communicate with appropriate government authorities when they encounter patients with or suspected to have COVID-19, and to also strictly adhere to recommended infection control protocols when treating patients confirmed or suspected to have the virus.
CMS Calls on Healthcare Facilities to Ramp Up Infection Control Measures
CMS has been active among regulatory agencies in responding to the COVID-19 outbreak. On March 4, 2020, the agency issued a public “call to action” to healthcare providers across the United States to implement infection control procedures, which are required at all times as condition of participation in the Medicare program.
Consistent with this directive, CMS also announced that it would temporarily modify certification and survey activity to focus solely on serious health and safety threats and infection control. Institutional healthcare providers like hospitals and skilled nursing facilities normally are subject to routine, periodic inspections by CMS, or state healthcare agencies working with CMS, to determine whether those providers are complying with Medicare’s conditions of participation.
Surveys also can be triggered by complaints an agency receives about a particular provider. In response to the COVID-19 situation, CMS is shifting its approach to surveys and suspending all non-emergency inspections. CMS outlined its now-active survey and certification protocols in a policy memorandum issued on March 4, 2020.
The CMS memorandum on survey and certification outlines exactly how the agency will prioritize conducting facility inspections and also discusses how such inspections will be conducted with COVID-19 precautions in mind. According to the memorandum, any Medicare participating facility that treats a person with an identified case of COVID-19 potentially is subject to inspection for purposes of verifying that the facility has implemented and is following appropriate infection control measures.
Therefore, it is imperative that facilities review infection control protocols that they already have in place and augment those practices, as necessary, to be consistent with CMS and CDC recommendations. In this regard, CMS offers on its website a “Hospital Infection Control Self-Assessment” tool intended to assist facilities to prepare for inspection by Medicare surveyors, as well as a “Universal Inspection Control Training Course” that gives detail instruction on CMS’s recommended infection control protocols.
The practices that CMS has emphasized in its recent policy announcements concerning controlling the spread of COVID-19 are as follows:
Know how to screen patients and visitors for COVID-19
Upon arrival at a healthcare facility, patients and visitors should be asked the questions below:
- Do they have any fever or symptoms of a respiratory infection?
- Have they traveled internationally within the last 14 days to any restricted countries (as identified by the CDC)?
- Have they had any contact with someone known or suspected to have COVID-19?
CMS also recommends this same screening be performed with respect to all healthcare facility staff.
Follow Recommended Infection Prevention and Control Practices
Facilities may need to modify placement practices for COVID-19 patients, if possible, by isolating them in well-ventilated spaces in the facility and not allowing them to be in close proximity to other patients waiting for care.
Facilities should ensure that all professionals and employees are following careful hygiene and disinfecting practices and wearing appropriate personal protective equipment (PPE) whenever treating a confirmed or suspected COVID-19 patient. Facilities may want to restrict visitation policies while the COVID-19 threat is at a high alert level.
Additional information and recommendations from CMS regarding controlling the spread of COVID-19 can be found in another policy issuance released by the agency on March 4, 2020.
CMS Monitoring Coverage and Payment Policies in Connection With COVID-19
In addition to modifying survey and certification practices and calling on Medicare participating facilities to focus on good infection control practices, CMS also is actively reviewing coverage and payment polices in conjunction with the COVID-19 situation.
Among other things, the agency has announced that Medicare will cover an additional code for COVID-19 laboratory testing and also has provided information on billing for telehealth services to encourage providers to screen patients for COVID-19 without seeing them in person . Other Medicare coverage and payment policy changes could be in play as the medical community’s approach to identifying and treating COVID-19 evolves.
- Healthcare professionals should actively monitor the CMS website and/or the agency’s Twitter feed for additional announcements.
To date, CMS has not announced any other payment policy changes being adopted specifically related to COVID-19. However, one of the agency’s recent memoranda concerning COVID-19 references already existing policies CMS has developed for a “Declared Public Health Emergency.”4
For hospitals, CMS guidance addresses questions like whether a facility can permissibly convert a bed in a unit with a special Medicare payment classification, such as an acute psychiatric unit, to general acute care use in response to a public health emergency. CMS’s answer to that particular question is no. In this regard, any hospital considering changes to how beds in a facility are used in response to the COVID-19 situation first should consult CMS’s public health emergency policies or consult legal counsel.
State Health Agency Responses to COVID-19 Vary and Are Continually Evolving
State healthcare agencies that license facilities and/or oversee state Medicaid programs are each responding to the COVID-19 emergency in distinct ways. Most of these agencies, like CMS, have called on the providers to follow screening procedures for COVID-19 cases and carefully comply with infection control protocols, but how agencies are handling the enforcement (or non-enforcement) of state-specific facility licensing requirements during the current state of emergency will vary from agency to agency.
- Again, healthcare providers should continue to monitor agency websites and Twitter feeds for new announcements concerning COVID-19.
Minimum staffing requirements are among the types of regulatory requirements for healthcare facilities that may be impacted by the COVID-19 outbreak. Whether due to shifting resources for treating COVID-19 cases or facility personnel not being available for reasons related to the viral outbreak, some facilities have expressed concern over being able to meet normally applicable staffing requirements while the COVID-19 emergency persists.
We are not aware of any states officially announcing that they have suspended enforcement of these rules, but that is something facilities should monitor for. That said, many states, including California and Oregon, have existing laws or regulations that address how facility staffing requirements may be impacted by an emergency outside of the facility’s control and afford some flexibility in such situations.
- Should a facility anticipate having difficulty meeting any regulatory licensing requirements due to COVID-19, they should contact the agency responsible for enforcing the requirement or legal counsel for guidance on what the potential options and risks are under applicable laws.
Healthcare providers should continue to try to meet all applicable state licensing and Medicare/Medicaid requirements to which they are subject, with particular emphasis right now on infection control standards. To the extent providers believe they might not be able to meet certain requirements due to factors related to the COVID-19 emergency, steps to be considered include:
- Contacting appropriate regulatory agency personnel or legal counsel to obtain guidance; and
- Monitoring available public resources for updates and announcements on COVID-19 from healthcare regulatory agencies.
In particular, providers may want to designate an individual or team to check the CDC, CMS, and their relevant state public health agency websites on a daily basis while the emergency is in effect.
- Continue to monitor information from the CDC, CMS, EEOC, WHO, and state and local public health agencies to stay up to date on new developments.
- Review infection control plans and confirm employees are aware of infection control procedures, symptoms of COVID-19, self-monitoring procedures, and the proper channels to report possible symptoms.
- Develop a consistent approach for whether recent travelers will be required to stay away from work and for pay for employees who are required to remain off work due to possible exposure.
- Remind supervisors to watch for and report any conduct that suggests stereotyping based on race, ethnicity, or other characteristics protected by law.
- Remind union leadership of existing policies and procedures currently in place to address pandemic readiness. These could include policies and practices covering employee screening, donning protective gear, and attendance.
- Alert union leadership to any changes in such policies the healthcare employer believes are necessary to address the coronavirus crisis effectively and attempt to secure union support for such changes.
- If the union demands decisional bargaining or if effects bargaining is required, begin the process as soon possible with the aim of reaching agreement or impasse. Assistance from other entities, like the Federal Mediation and Conciliation Service, may also be useful.
- Remember: HIPAA continues to apply so apply the same standards to any uses and disclosures of health information.
- When in doubt, ask.
DWT will continue to provide up-to-date insights and remote access events regarding COVID-19 concerns. For the most recent developments visit www.dwt.com/COVID-19.
1 Coronaviruses are a large family of viruses that include Severe Acute Respiratory Syndrome (SARS) and the Middle East Respiratory Syndrome (MERS).
2 See Interim U.S. Guidance for Risk Assessment and Public Health Management of Healthcare Personnel with Potential Exposure in a Healthcare Setting to Patients with Coronavirus Disease 2019 (COVID-19), Interim Infection Prevention and Control Recommendations for Patients with Confirmed Coronavirus Disease 2019 (COVID-19) or Persons Under Investigation for COVID-19 in Healthcare Settings; and Coronavirus Disease 2019 (COVID-19) Hospital Preparedness Assessment Tool.
3 See, e.g. Centers for Medicare and Medicaid Services - https://www.cms.gov/newsroom/press-releases/covid-19-response-news-alert-cms-issues-frequently-asked-questions-assist-medicare-providers; California Department of Public Health - https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/Immunization/ncov2019.aspx; Washington State Department of Health - https://www.doh.wa.gov/Emergencies/NovelCoronavirusOutbreak2020/TestingforCOVID19.