The wait is over for employers seeking clarity on the details of the Biden Administration’s vaccine and testing rules for private employers, first announced by President Biden in early September and now slated to take effect alongside federal contractor vaccine requirements on January 4, 2022.

The first rule, issued by the Occupational Safety and Health Administration (the “OSHA Rule”), will require private employers with 100 or more employees to ensure that each of their workers is either fully vaccinated, or tests negative for COVID-19 at least once per week.  The second rule, issued by the Centers for Medicare & Medicaid Services (the “CMS Rule”), will require healthcare workers at facilities participating in Medicare and Medicaid to be fully vaccinated.  Unlike the OSHA Rule, the CMS Rule does not include a weekly testing option.

The rules represent a significant and long-anticipated step in the Biden Administration’s efforts to boost lagging vaccination rates across the country.  The Biden Administration anticipates that the OSHA Rule will cover approximately 84 million employees, whereas the CMS Rule will cover approximately 17 million workers at about 76,000 healthcare facilities across the country.

A summary of the newly released rules follows.

The OSHA Rule

The stated purpose of the OSHA Rule is to “establish minimum vaccination, vaccination verification, face covering, and testing requirements to address the grave danger of COVID-19 in the workplace, and to preempt inconsistent state and local requirements relating to these issues, including requirements that ban or limit employers’ authority to require vaccination, face covering, or testing, regardless of the number of employees.”

 Coverage

The OSHA Rule covers all private employers with 100 or more full- and part-time employees, except for workplaces covered by CMS Rule, or workplaces covered by the Biden Administration’s earlier requirements for federal contractors.  Employees who do not report to a workplace where other individuals, such as coworkers or customers, are present are exempted from coverage – an exemption which could lead employers to reevaluate whether to continue remote working practices.  Also exempted are employees of covered employers who exclusively work from home, or who work exclusively outdoors.

Vaccination Requirement and Verification

Vaccination Requirement

The OSHA Rule requires employers to establish, implement, and enforce a written mandatory vaccination policy requiring employees to be fully vaccinated unless “the employer establishes, implements, and enforces a written policy allowing any employee not subject to a mandatory vaccination policy to either be fully vaccinated against COVID-19 or provide proof of regular testing for COVID-19 . . . and wear a face covering.” The OSHA Rule defines a “mandatory vaccination policy” to require vaccination of all employees, including new employees as soon as practicable, other than for employees for whom: (i) a vaccine is medically inadvisable; (ii) medical necessity requires a delay; or (iii) there is a legal entitlement to a reasonable accommodation under federal civil rights laws due to a disability or sincerely held religious belief, practice, or observance.

An employee is considered “fully vaccinated” two weeks after completing primary vaccination with a COVID-19 vaccine with, if applicable, at least the minimum interval between doses as recommended by the CDC, World Health Organization (“WHO”), or if administered as a part of a clinical trial.  An employee also is considered fully vaccinated two weeks after receiving the second dose of a combination of two doses of approved or authorized COVID-19 vaccines.  In this latter case, the second dose must be at least 17 days after the first dose.

Verification

It is the employer’s responsibility to determine the vaccination status of each employee.  Specifically, employers must require each vaccinated employee to provide “acceptable proof” of their vaccination status, including whether they are fully or partially vaccinated.  The following is considered acceptable proof of vaccination status:

1. A record of immunization from a healthcare provider or pharmacy;
2. A copy of the COVID-19 Vaccination Record Card;
3. A copy of medical records documenting the vaccination;
4. A copy of immunization records from a public health, state, or tribal immunization information system; or
5. A copy of any other official documentation that contains the type of vaccine administered, date(s) of administration, and the name of the healthcare professional(s) or clinic site(s) administering the vaccine or vaccines.

An employee who is unable to produce such acceptable proof may instead produce a signed and dated statement that: (1) attests to their full or partial vaccination status; (2) attests that they have lost or are otherwise unable to produce acceptable proof of their vaccination status; and (3) includes language declaring the veracity of his or her attestation, and acknowledging that knowingly providing false information may subject the employee to criminal penalties.  Employees providing such statements in lieu of other acceptable proof should, to the best of their recollection, also disclose the type of vaccine administered, the date(s) of administration, and the name of the administering healthcare professional(s) or clinic site(s).

For the purposes of the OSHA Rule, employees not following these verification requirements are to be treated as not fully vaccinated, and thus, can be kept from the worksite.

Employers are Responsible for Allowing Time and Paid Leave for Vaccination and Recovery

Employers are required to provide a reasonable amount of time for employees to receive each vaccination dose, and offer up to four hours of paid time (including travel time) at the employee’s regular rate of pay for that purpose.  Employers also must provide reasonable time and paid sick leave for employees to recover from side effects from any vaccination dose.

Recordkeeping

Employers are to maintain a record of each employee’s vaccination status, and acceptable proof of vaccination (as defined above) for each fully or partially vaccinated employee.  These records must be maintained in a “roster” of each employee’s vaccination status, which should be considered employee medical records and generally should not be disclosed.

Alternative Testing and Face Covering Requirements

The OSHA Rule exempts employers from its mandatory vaccination policy only if the employer “establishes, implements, and enforces a written policy allowing any employee not subject to a mandatory vaccination policy to choose either to be fully vaccinated against COVID-19 or provide proof of regular testing for COVID-19.”  Such employees also must wear an adequate face covering in the workplace.

Testing

There are separate testing requirements for non-fully vaccinated employees depending on the frequency that they report to a workplace where other individuals, such as coworkers or customers, are present.  Employees who are present at such a workplace at least once every seven days must be tested for COVID-19 at least once per week, and must provide documentation of their most recent test result no later than every seven days.  Employees who do not report to such a workplace at least once a week (such as an employee who teleworks for two weeks before reporting to the workplace) must be tested within seven days prior to returning to the workplace, and must provide documentation of their test results upon their return.

A self-administered and self-read test does not satisfy OSHA’s testing requirements unless the employee takes the test under the employer’s observation, or the observation of an authorized telehealth proctor.

Face Covering

Employees who are not fully vaccinated are required to wear appropriate face coverings when indoors and when occupying a vehicle with another person for work purposes.  However, employees need not wear face coverings under certain delineated circumstances, including:

1. When alone in a room with a closed door and floor to ceiling walls;
2. For a limited time while eating or drinking at the workplace, or to comply with safety and security requirements;
3. When wearing a respirator certified by the National Institute for Occupational Safety and Health, or approved facemask;
4. Where the employer can show that a face covering is infeasible or would create a greater hazard that would excuse compliance (e.g., where it is important to see an employee’s mouth for job-related purposes, or where a face covering presents a “risk of serious injury or death” to the employee).

Employers are not Required to Pay for Tests or Face Coverings

The OSHA Rule does not require employers to pay for any costs associated with testing or face coverings unless otherwise required by state or local laws, or in labor union contracts.  However, employers may voluntarily choose to cover such costs.  The OSHA Rule also does not address whether time spent going for a test is compensable.  Thus, employers should expect that the FLSA (and any applicable state wage and hour laws) will govern with respect to whether that time must be paid.

Failure to Provide Satisfactory Documentation

Employees who do not provide acceptable documentation of a COVID-19 test result must be removed or kept from the workplace until an acceptable test result is provided.

Positive Test Results

If an employee tests positive for COVID-19 (or is diagnosed with COVID-19 by a licensed healthcare provider), employers must not require further testing for 90 days following the date of the positive test or diagnosis.  OSHA explained that the intention of this provision was to counter the “high likelihood of false positive results” following a recent infection.  Practically, it appears that this means that an unvaccinated person who has been diagnosed with COVID-19 may be kept out of the workplace for a significant period of time.

Recordkeeping

Similar to the recordkeeping requirements for vaccinations, employers must maintain a record of each COVID-19 test result submitted by an employee.  Those results are considered employee medical records and generally should not be disclosed.

Reasonable Accommodations for Disabilities or Sincerely Held Religious Beliefs

Despite the foregoing requirements, the OSHA Rule acknowledges that workers may nevertheless be entitled to a reasonable accommodation from their employer under federal law, such as the Americans with Disabilities Act (“ADA”) and Title VII of the Civil Rights Act of 1964 (“Title VII”), unless such accommodation would result in undue hardship for the employer.

Thus, for example, a worker may be entitled to a reasonable accommodation under the ADA if he or she cannot be vaccinated or wear a face covering due to a disability.  Similarly, a worker may be entitled to a reasonable accommodation if a vaccination, test, or face covering conflicts with such worker’s sincerely held religious belief, practice, or observance.   The OSHA Rule does not address whether an employer may be required, depending on the specific circumstances, to pay for testing as a reasonable accommodation.  For more information on handling requests for religious exemptions from mandatory vaccination policies see our previous blog post.

Notice to Employees

Covered employers must inform each employee about the provisions of the OSHA Rule, as well as any policies and procedures established to implement it.  Additionally, employers must provide the document, “Key Things to Know About COVID-19 Vaccines” to employees.

Employers also must inform employees that they cannot be discharged or discriminated against for reporting work-related injuries or illnesses, and that they cannot be discriminated against for exercising their rights under the OSHA Rule.

Reporting Requirements

Employers must report to OSHA each work-related COVID-19 fatality, within eight hours of learning of the fatality, and each work-related COVID-19 in-patient hospitalization, within 24 hours of learning of the hospitalization.

When evaluating whether a fatality or in-patient hospitalization is the result of a work-related case of COVID-19, employers must follow the criteria in OSHA’s recordkeeping regulation for determining work-relatedness.  In other words, employers must consider a case of COVID-19 work-related if an event or exposure in the work environment “either caused or contributed to the resulting condition or significantly aggravated a pre-existing injury or illness.”  Further, work-relatedness is generally presumed for illnesses resulting from events or exposures in the work environment.

Penalties

Non-compliant employers are subject to possible fines, up to $13,653 per serious violation.  If the violation is willful, penalties can be up to $136,532.

Compliance Dates

As noted above, testing for unvaccinated workers will begin after January 4, 2022. Employers must comply with all other requirements under the OSHA Rule – for example, providing paid time for employees to be vaccinated and masking for unvaccinated workers – by December 5, 2021.

The CMS Rule

The CMS emergency regulation, titled the CMS Omnibus COVID-19 Health Care Staff Vaccination Interim Final Rule with Comment Period (“CMS Rule”), requires Medicare and Medicaid-certified facilities to quickly develop and implement policies and procedures to ensure that their staff are fully vaccinated for COVID-19 by January 4, 2022, unless an individual is exempted.  CMS explained it is issuing the rule as an emergency regulation because any delay in implementation would result in additional deaths and serious illness among healthcare staff and patients, further worsening the ongoing strain on healthcare providers.  The CMS Rule is effective immediately upon publication, November 5, 2021, though CMS will accept public comment until January 4, 2022.  The details of CMS’ emergency regulation follow below.

What facilities are subject to the CMS Rule?

The CMS Rule applies to the following Medicare and Medicaid-certified providers and suppliers:

• Ambulatory Surgery Centers,
• Community Mental Health Centers,
• Comprehensive Outpatient Rehabilitation Facilities,
• Critical Access Hospitals,
• End-Stage Renal Disease Facilities,
• Home Health Agencies,
• Home Infusion Therapy Suppliers,
• Hospices,
• Hospitals,
• Intermediate Care Facilities for Individuals with Intellectual Disabilities,
• Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient Physical Therapy and Speech-Language Pathology Services,
• Psychiatric Residential Treatment Facilities (PRTFs) Programs for All-Inclusive Care for the Elderly Organizations (PACE),
• Rural Health Clinics/Federally Qualified Health Centers, and
• Long Term Care facilities, including nursing homes.

The CMS Rule does not apply to Religious Nonmedical Health Care Institutions (RNHCIs), Organ Procurement Organizations, and Portable X-Ray Suppliers.

Who within a covered facility must be vaccinated?

Within a given facility, the CMS Rule applies to all current staff as well as any new staff who provide any care, treatment, or other services for the facility and/or its patients. Thus, the vaccine requirement covers staff who perform patient care services outside the four walls of a facility, e.g., home health workers seeing patients in their home.  The requirement also includes facility employees, licensed practitioners, students, trainees, and volunteers as well as individuals who provide care, treatment, or other services for the facility and/or its patients under contract or other arrangements. CMS clarifies that the scope of the Rule includes “administrative staff, facility leadership, volunteer or other fiduciary board members, housekeeping and food services, and others.”

Also, while physician practices are not covered by the CMS Rule because they are not a Medicare or Medicaid-certified provider or supplier, physicians and other clinicians who have staff privileges and admit and/or treat patients in a hospital are subject to the vaccination requirement. CMS also notes that health care providers who are not subject to the CMS Rule may still be subject vaccine requirements under other laws and regulations such as the OSHA Rule, the Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors, or state laws.

The vaccination requirements do not apply to staff at covered facilities who exclusively provide telehealth or telemedicine services outside of the facility setting and who do not have any direct contact with residents and other staff. The requirements also do not apply to staff providing support services for the facility that are performed exclusively outside of the facility setting and who do not have any direct contact with residents and other staff, e.g., individuals who provide services 100 percent remotely and who do not have any contact with any patients or other staff.

When is a staff member fully vaccinated under the CMS Rule?

Generally, an individual is considered to be fully vaccinated fourteen (14) days after the first dose of a one-dose vaccine or fourteen (14) days after the last dose of a multi-dose vaccine.  However, under the CMS Rule, facility staff who receive the second dose of a two-dose vaccine or the first dose of a one-dose vaccine by January 4, 2022 will be considered as satisfying the vaccination requirement.

What is required of covered facilities?

Covered facilities must establish a policy or process to ensure that all eligible staff are vaccinated against COVID-19.  Specifically, facilities must ensure that all applicable staff have received the first dose of a two-dose COVID-19 vaccine or a one-dose COVID-19 vaccine before providing any care, treatment, or other services by December 5, 2021. All eligible staff must be fully vaccinated by January 4, 2022. Third doses and booster vaccines are not currently required by the CMS Rule.  As noted above, unlike the OSHA Rule, the CMS Rule does not provide a testing option for those staff who are unvaccinated and do not qualify for an exemption.  CMS considered daily or weekly testing of unvaccinated individuals but rejected that option because it “reviewed the scientific evidence on testing and found that vaccination is a more effective infection control measure.”  However, providers are welcome to submit comments on this decision.

Facilities must also develop policies and procedures that provide exemptions to the vaccine requirement for staff with recognized medical conditions for which vaccines are contraindicated or religious beliefs, observances, or practices that prohibit vaccination.  In the Rule and in FAQs, CMS signals that facilities are not to liberally grant exemptions.  For example, no exemption should be provided to any staff unless the ADA or Title VII require one, and staff requests for an exemption solely to avoid vaccination should be denied.  Also, as described below, CMS is very specific about the documentation that must be provided to support an exemption based on a medical condition.

Timing

As noted above, the CMS Rule is effective upon publication on November 5, 2021, though there is a phased implementation.  Phase 1 is effective December 5, 2021 (30 days after publication) and consists of the requirements that (i) all staff have received, at a minimum, a single dose COVID vaccine or the first dose of a multi-dose COVID-19 vaccine, or have requested and/or been granted a lawful exemption, prior to staff providing any care, treatment, or other services for the facility and/or its patients, and (ii) all covered facilities have developed and implemented the required policies and procedures (see below).  Phase 2 is effective January 4, 2021 and consists of the requirement that all staff be fully vaccinated (see discussion below) except for those who received an exemption or for those for whom the vaccine must be temporarily delayed due to clinical precautions or considerations, as recommended by the CDC.

Required policies

Covered facilities must implement policies that provide a process for:

• ensuring that all eligible facility staff have received at least a single dose COVID-19 vaccine or the first dose of a multi-dose vaccine prior to the staff providing any care, treatment, or services for the facility and/or its patients;
• ensuring that all staff, except those are granted exemptions as described below, are fully vaccinated for COVID-19;
• ensuring implementation of additional precautions to mitigate the transmission and spread of COVID-19 for all staff who are not fully vaccinated;
• tracking and securely documenting the COVID-19 status of all staff, including any staff who receive any booster doses as recommended by the CDC;
• requesting an exemption from the vaccine requirement based on applicable Federal law;
• tracking and securely documenting information provided by staff members who request, and for whom the facility grants, an exemption from the COVID-19 vaccination requirements;
• ensuring that all documentation supporting staff requests for medical exemptions from vaccination is signed and dated by a licensed practitioner (who is not the individual requesting the exemption) and further ensuring that such documentation:
• specifies which of the authorized COVID-19 vaccines are clinically contraindicated for the staff member to receive and the recognized clinical reasons for the contraindications and
• includes a statement by the authenticating practitioner recommending that the staff member be exempted from the facility’s COVID-19 vaccination requirements for staff based on the recognized clinical contraindications;
• ensuring the tracking and secure documentation of the vaccination status of staff for whom COVID-19 vaccination must be temporarily delayed due to clinical precautions and considerations, as recommended by the CDC,; and
• contingency plans for staff who are not fully vaccinated for COVID-19.

In implementing the policies described above, particularly those addressing exemptions from the vaccine requirement, covered facilities must also comply with federal laws governing anti-discrimination and civil rights protection, such as the ADA, Title VII, and GINA.  However, when granting exemptions or accommodations based on disability, medical condition, or sincere religious belief, employers must ensure that they minimize the risk of transmission of COVID-19 to at-risk individuals, consistent with their obligation to protect the health and safety of patients.

Many facilities should be able to leverage their existing policies and procedures regarding safeguarding employee medical information and handling requests for medical or religious accommodations in implementing the CMS Rule.

Enforcement

Notably, the new vaccine requirement is a Condition of Participation, Condition for Coverage, or Requirement for Participation, as applicable, for covered facilities.  CMS will enforce the vaccine requirements through its established survey and enforcement processes, with the goal of bringing health facilities into compliance rather than punishing them.  CMS expects state surveyors to assess all facilities for the vaccine requirements during standard recertification surveys and to assess staff vaccination status on all complaint surveys.  Accrediting organizations will also have to update their survey processes to include the new vaccine requirement in their assessments.

Providers and suppliers who do not comply with the requirements will be cited by a surveyor and afforded the opportunity to become compliant before additional action is taken.  Nursing homes, home health agencies, and hospice facilities that do not come into compliance could face civil monetary penalties, denial of payment, and even termination from the Medicare program.  Non-compliant hospitals and certain acute and continuing care providers could be terminated.

Interaction with other laws

In what appears to be acknowledgement of likely challenges to the vaccine requirement by some states, CMS says that under the Supremacy Clause of the U.S. Constitution, the emergency regulation preempts any state law to the contrary.  CMS also acknowledges that there are several regulations and other authorities imposing vaccine mandates that could simultaneously apply to healthcare providers.  For facilities that are certified under the Medicare and Medicaid programs and are regulated by the CMS Conditions of Participation, Conditions for Coverage, and Requirements for Participation, the CMS Rule takes precedence over other federal vaccine requirements.

Conclusion

Although these rules almost certainly will be subject to significant pushback and legal challenges, the prevailing view following a series of failed efforts to challenge vaccine mandates is that such mandates are permissible.  Covered employers should therefore immediately begin preparing for the December 5^th and January 4^th deadlines by creating and implementing written mandatory vaccination and/or testing policies and communicating such policies to their employees. Of course, your Akerman counsel can assist you with these policies.