Operating in the New Normal: Digital Technology to Help Mitigate Safety and Compliance Risk in Care Services

Aged-care provider faces prosecution for safety lapses during COVID

It came with some surprise when Victoria’s safety regulator began prosecution against an aged-care provider. The provider’s alleged fault: failing to manage a COVID outbreak among its staff and patients.

What happened? In a media releaseⁱ, WorkSafe Victoria alleges that in July 2020, the provider was notified by a staffer of a positive COVID test.

The provider, as the claim goes, neglected its duty of care obligation, failing to do the following:

• Require workers to wear personal protective equipment (PPE)
• Train workers how to safely use PPE
• Verify that staff were competent in using PPE
• Tell staff when PPE should be used
• Supervise the use of PPE

What followed, alleges WorkSafe Victoria, was an outbreak within the facility; over 175 residents and staffers tested positive for COVID. Forty-five residents died from COVID related health complications. 

As a result, the provider is now on the hook for violations of the following health and safety statutes: 

• Sections 21(1) and 21(2)(a) of the Occupational Health and Safety Act 2004 (Vic) (OHS Act). Failure to provide and maintain for its employees, as far as reasonably practicable, a working environment that was safe and without risks to health.
• Sections 21(1) and 21(2)(e) of the OHS Act. Failure to enable workers to perform their work safely and without risks to health by failing to provide necessary information and instruction, and supervision.
• Section 23(1) of the OHS Act. Failure to ensure, so far as was reasonably practicable, that persons other than its employees were not exposed to risks to their health or safety arising from conduct of its undertaking; and
• Section 26(1) of the OHS Act. Failure to ensure, so far as was reasonably practicable, that its workplace and the means of entering and leaving it were safe and without risk to health.

So, why does alleged negligence on part of one aged-care provider matter to the care sector more broadly?

Well, legal analysts suggest this prosecution, the first in Australian history levied against a provider for failing to manage a COVID outbreak, will likely become the template for future prosecutions against other providers in the care sector: “…the case of the aged facility serves as a reminder for employers that while COVID-19 restrictions have eased, the state still records thousands of positive COVID-19 cases daily, presenting work health and safety risks”ⁱⁱ.

What’s more, the prosecution draws legal ballast from core tenets of work safety legislation, i.e., that all persons conducting a business or undertaking (PCBUs) owe a duty of care to take reasonably practicable steps to verify, manage, and control health and safety risk – in this case, the risk of serious harm to vulnerable employees or other persons impacted by the PCBUs undertaking.

COVID looms large, of course. But more worrisome still for providers is the fact that COVID isn’t the only safety and compliance risk they face.

What providers need to know about the NDIS

For residential aged-care providers, specifically, December 2020 represented the date when those delivering services to NDIS (National Disability Insurance Scheme) participants automatically became registered NDIS providers (NDIS).

These providers, as a result, are now subject to a new Code of Conduct, obligating them and their workers to do the following:

1. Act with respect for individual rights to freedom of expression, self-determination, and decision-making in accordance with applicable laws and conventions
2. Respect the privacy of people with disability
3. Provide supports and services in a safe and competent manner, with care and skill
4. Act with integrity, honesty, and transparency
5. Promptly take steps to raise and act on concerns about matters that may impact the quality and safety of supports and services provided to people with disability
6. Take all reasonable steps to prevent and respond to all forms of violence against, and exploitation, neglect, and abuse of, people with disability
7. Take all reasonable steps to prevent and respond to sexual misconduct

Fortunately, meeting these new obligations to avoid regulatory scrutiny means wielding the same tools and strategies that would help effectively manage COVID and other health safety threats. Those tools and strategies include developing an effective incident management system.

Indeed, all NDIS providers must implement and maintain an incident management system – defined by law as a set of processes and procedures used to manage incidents that happen in connection with providing supports or services. 

What are the requirements for an incident management system?

But what does that mean? NDIS rules require providers to have an incident management system appropriate to their size and the types of supports and services they provide. 

The systems must:

• Be able to record the details of incidents and the provider’s response to those incidents
• Documented in an accessible form, including having written procedures
• Be accessible to, among others, all workers employed or otherwise engaged by the provider, and to persons with disability receiving supports or services from the provider.

That’s not all. Data compiled by/in the incident management system must be used to prevent subsequent incidents, improve practices, and support the capacity of workers to respond quickly and appropriately to incidents when they do occur.

What should happen after stakeholders become aware of a reportable incident?

For decision makers, the upshot of these regulations is simple. Once a worker becomes aware of a possible reportable incident, such as a positive COVID infection, that person now has a legal obligation to say something as soon as possible. 

That person can notify one of the following:

• A member of the registered NDIS provider’s key personnel
• A supervisor or manager
• The person specified in the incident management system as being responsible for reporting incidents that are reportable incidents to the NDIS Commission 

Given that requirement, the incident management
system itself must clearly specify who is to notify the
NDIS Commission of a reportable incident. In turn, that
person has the duty to first identify whether the incident
is reportable and then (provided it is) take all reasonable
steps to ensure that it is notified to the NDIS Commission.

The turnaround time is tight. Notification and providing of
further information must be done within a timely manner. 

All reportable incidents, except for the unauthorized use
of a restrictive practice, must be notified to the NDIS
Commission within 24 hours of a stakeholder becoming
aware of the incident. Additional incident notification
requirements include:

 

How digital technology can help providers avoid paying the price of non-compliance

The price of non-compliance, here, is steep. 

A failure to comply with requirements constitutes a breach of a provider’s condition of registration. That breach may lead to compliance and enforcement action, up to fines and being kicked out of the NDIS scheme altogether.

If the breach becomes relevant to a safety regulator, it can result in prosecution, as the WorkSafe Victoria case suggests.

How then can providers avoid paying the price of noncompliance while improving their overall safety and compliance risk posture? Decision makers will find that purpose-built care software comes with the requisite reporting workflows to create and transmit reports once a reportable incident happens. Unlike rudimentary manual solutions (e.g., spreadsheets and shared documents), these software platforms save time and effort which would otherwise be expended by senior staff.

If that weren’t enough, these same easy-to-use, mobile first platforms also fill in the gaps of many providers who have case management and billings systems but lack a systematic way to manage the entire lifecycle of an incident – not just incident reporting, but also involvement, investigation, assessment, case notes, corrective actions, and lessons learned.

In other words, these platforms (via in-built reminders and escalations) not only ensure that incidents get escalated to relevant stakeholders but also that legally mandated follow-up actions are completed within the required timeframe. The upshot, here, is closed-loop continuous improvement and the removal of a key barrier for decision makers to report incidents and events, which addresses systemic under-reporting, as well.

For decision makers, complaints management matters, too. Platforms can help in this instance, as well.

Relevant functionality helps providers record complaints from staff or patients, create and assign follow-up actions, monitor the lifecycle of complaints to ensure actions are completed, and monitor trends through easy-to-create trend reports.

This all happens within the same platform, which gives decision makers a single common operating picture across the service, eliminating all conflicting sources of information. 

Finally, providers are entering a thorny new compliance environment, largely thanks to COVID and related regulations. Staying compliant will entail improving the provider’s safety posture.

Fortunately, digital tools, such as Noggin’s solution for Care Services, can help. These purpose-built platforms help providers manage any type of incident – from injuries
and illnesses, restrictive practices, abuse and neglect, customer behaviors, medical incidents, and more. In a single integrated platform, they ensure providers have all the accurate information they need for regulatory reporting.

 

Sources

i. Paulinete Tamaray, Human Resources Director: Employer prosecuted after ‘deadly COVID-19 outbreak’ in the workplace. Available at https://www.hcamag.com/au/specialisation/employment-law/employer-prosecuted-after-deadly-covid-19-outbreak-in-the-workplace/412987.

ii. Ibid