White Paper: Standardized Compliance of Maritime Medical Surveillance


Since 1970, with the expansion of the U.S. economy; growth in labor force; and the emergence of new industries & occupations, OSHA has passed a plethora of new federal and state regulations with the aim of protecting the health and safety of American workers. As a result, these regulations have placed a tremendous burden on organizations to be compliant with OSHA Medical Surveillance standards. Employers are legally required to provide appropriate medical screenings for all employees that fall under OSHA's jurisdiction.

Because of the required OSHA Medical Surveillance, employers bare the burden of creating & setting medical protocols, providing an ongoing surveillance program, as well as researching & interpreting newly passed OSHA legislation. Organizations are forced to create a multi-skilled support team to execute these functions. This team consists of doctors, nurses, legal counsel, human resources personnel, and an administrative support staff. The Medical Surveillance program must be carried out for multiple occupations and job functions (depending on the complexity of the organization), and often through multiple regions and states with their own OSHA regulations.

Failure to adopt an effective program compliant with OSHA regulations that promotes a healthy working force can lead to the following negative impacts:

  1. Employees working with undiagnosed and undocumented chronic medical abnormalities
  2. Increasing occurrences of health risks that may lead to reportable injuries
  3. Litigation and Workers Compensation payouts
  4. Fines from OSHA
  5. Negative publicity (OSHA violations are published)
  6. Uncontrolled costs

Because of the serious implications of non-compliance of OSHA standards, National Medical Systems has developed a Standardized Compliance Program (SCP) of OSHA Medical Surveillance. The SCP provides a complete, all-encompassing process that fully customizes OSHA Medical Surveillance programs across all industries and occupations. It is designed to support organizations by providing an expertise of medical solutions, management, cost-savings, OSHA compliance, and IT. With the SCP, organizations can realize ROI by promoting a healthy workforce.


Over the second half of the 20th century, the US economy and labor force changed dramatically. In 1970 the US GDP was a little over $1 trillion 1 with a labor force of approximately 82 million people 2. In that same year, as a result of a rapidly growing workforce, the Occupational Safety and Health Act was enacted by Congress "to assure safe and healthful working conditions for working men and women; by authorizing enforcement of the standards" 3.

Since OSHA's inception, the United States labor force has gone through three major transformations:

  1. A changing labor force as a result of population growth and the increase in women's labor force pushed the total labor force to 159 million people - nearly double the total of 1970.
  2. A more educated and productive labor force began working. The economy globalized and grew the US GDP by 1400% ($14.5 trillion in 2010 vs $1 trillion in 1970).
  3. 3) The US labor force underwent industrial restructuring - the distribution of workers across new industries, new geographic locations and new occupations 4.

The expansion in labor was met with the expansion of OSHA regulations. OSHA enacted a number of additional regulations with the purposes of protecting the American worker from hazards such as chemical exposure, noise pollution, confined spaces, and carcinogens. Some regulations were drafted to protect entire industries. From the time of Nixon's presidency to Clinton's, a total of 65 new OSHA regulations were passed. Of those 65 regulations, 29 were related to health 5.

The OSHA Standards enacted per Presidential Administration

Fig 1. Safety and Health Standards that were passed by OSHA from the Presidency of President Nixon to President Clinton.

Admittedly, Assistant Secretary of OSHA Joseph Dear said in a statement to Congress that because of the plethora of OSHA compliance necessary "employers expressed concern regarding the volume and complexity of federal regulations" 6 .

Dear would eventually become Director of OSHA, and led with the initiative of reinventing the department by giving employers two options for OSHA compliance: enforcement or partnership. Enforcement meant traditional OSHA red tape involving citations and site inspections. Partnership was defined as working with OSHA to identify problems, develop standards, and implement workplace safety and health programs "OSHA was refocused to take less of a 'command and control' role and more of a partnership approach in promoting health and safety in the workplace" 7. This partnership became what was known as the Voluntary Protection Program and the Collaborative Protection Program. It put the responsibility of managing safety and health into the hands of organizations, with OSHA serving as a support function. Dear's initiative, although saved lives and prevented injuries, created a new problem - it put the burden of safety and health on the shoulders of organizations. Organizations were now responsible for providing Medical Surveillance programs companywide across multiple locations, while interpreting multiple OSHA regulations in the process.


The Fragmentation of Medical Surveillance

The problem with the partnership initiative is that it created a fragmented, more expensive approach for companies. Clearly, organizations must create a program that promotes a healthy working force, but by doing this they must create a multi-pronged process with a team of experts from different professional backgrounds. The program must provide a comprehensive health screening for employees, interpret the OSHA regulations correctly, and coordinate this for multiple job functions and locations. In total there are seven departments that must coordinate an effective medical surveillance program: Safety, Medical, Legal, Human Resources, Information Technology, Finance and Administration. Each department carries the following functions:

Safety & Risk Department


  • Oversees Medical Surveillance process
  • Establishes safety criteria
  • Establishes OSHA compliance
  • Responsible for identification of workplace hazards, prevention, and remediation

Medical Department

Positions Required:

Occupational Health M.D.

Occupational Health R.N.


  • Must conduct medical screenings in the form of physical examinations, vision & hearing assessments, physical ability tests, chemical exposures, etc.
  • Must conduct a medical review of employee results that is compliant with OSHA standards
  • Must issue a documented statement of fit/ unfit in regards to employee's health
  • Must interpret federal and state OSHA medical regulations and create a standardized baseline medical protocol
  • Must provide consultation and treatment for employees who are injured, become ill, or experience an exposure
  • Acts as the Medical Review Officer for Substance Abuse testing

Human Resources Department


  • Executes and oversees hiring process to assure OSHA compliance
  • Maintains employee database
  • Manages employee health records
  • Experts in HIPPA compliance

Information Technology Department


  • Develops databases and programs for managing employee records and screening dates
  • Develops software that is HIPPA compliant
  • Develops software for record retrieval by Medical Department

Finance Department


  • Oversees all invoices from medical clinics
  • Responsible for audit of invoices to ensure that unauthorized or non-contracted services are not being performed
  • Cost control on all spending related to Medical Surveillance
  • Budgeting/ Forecasting of Medical Surveillance expenses

Administration/ Operations Department


  • Creates Medical Network for Clinics, Laboratories and Specimen Collectors
  • Provides Clerical support to Medical and Legal in terms of record retrieval
  • Coordinates scheduling of physical exams at medical clinics

Legal Department


  • Assists in case of litigation
  • Assists in legal counsel in event of a safety or health complaint made by an employee to OSHA
  • Assists and makes recommendations in interpreting state and federal OSHA regulations
  • Assists in compliance with HIPPA law
  • Assists in compliance with Workers Compensation payouts litigation
  • Assists in compliance of own Occupational Health & Safety bylaws

On top of numerous functions, a single person from the Safety & Risk department is usually given the responsibility of overseeing the entire program. In some cases, an M.D. doubles as the company's Medical Director or shares the responsibility with the Human Resources Department and oversees the program.

Fragmented Approaches

There are three fragmented approaches to managing medical surveillance. They are:

  1. In-House Management
  2. Vendors (two types):
    1. Human Resources Solution Vendor
    2. Clinical Network Vendor

1) In-House Management Model:

With the In-House Management model, the Safety & Risk Department is often assigned the task of overseeing the Medical Surveillance process. The Safety Manager, who is responsible for safety compliance (preventing hazardous workplace conditions, and establishing safety criteria), is also in charge of health compliance. They are vested the responsibility of working with multiple departments to establish a standard program. This model fails to provide a comprehensive surveillance plan for several reasons:

The in-house model approach to managing OSHA Medical Surveillance

Fig 2. In-House Management Model which demonstrates that all departments communicate only with the Safety Department. The other departments do not communicate amongst each other.

  • The Safety & Risk department is responsible for more safety regulations than health regulations. Because of this, Medical Surveillance is a secondary responsibility of the department vested in overseeing it. This trend trickles down throughout the entire organization: The Human Resources Department is heavily involved in recruiting and training. The Medical Department is involved in seeing employees at their On-Site Medical Centers. In some cases, organizations do not have Medical Departments which means medical standards are created by non-medical personnel.
  • Communication between each department is static. Each department is its own separate entity, with different internal databases. Representatives, especially in organizations who are spread throughout different locations, may rarely meet face-to-face. A medical surveillance process is put in place but never analyzed for effectiveness. This causes problems to remain unresolved. The lack of communication means ideas and solutions are never fully explored, vetted and reviewed for effectiveness. In addition, many administrative tasks, such as employee roster management, are duplicated by each department.
  • Fragmentation causes departments to have an incomplete understanding of Medical Surveillance. Each department is responsible for only owning their part of the OSHA puzzle. Because of this, an incomplete understanding exists. When interpreting OSHA health regulations, the main goal is creating cost-effective yet comprehensive medical protocols. A medical protocol contains multiple medical procedures that assist in creating a baseline health assessment. The baseline health assessment is a snapshot of the employee's health at a certain point in time (usually prior to employment). By doing this, they are establishing a comparative basis for future health assessments. Failure to interpret the regulations correctly, leads to the adoption of incorrect medical standards. Organizations who do not fully understand the regulations correctly, often adopt one of two methods for creating medical standards.
    1. They adopt numerous medical standards to cover all bases. This leads to large expenditures on unneeded medical services. It also leads to more administration in reviewing documents and records.
    2. They adopt few medical standards out of fear of conducting invasive screenings. Too few medical screenings lead to failures in identifying diseases, injuries, or other abnormalities. Missed, or undocumented chronic illnesses during baseline examinations can lead to tremendous payouts in the form of Workers Compensation. It can also lead to fines from OSHA in the event of an employee complaint about medical standards.

2) Vendor Models

In many situations, a company chooses to contract a third party to manage their Medical Surveillance program. There are typically two categories of vendors who offer these services. A company that offers Human Resources solutions and a Clinical Network company. The Human Resources Vendor Model is typically strong on the IT front but lacks management and OSHA expertise, while the Clinical Network Vendor Model is a network of medical clinics spread across multiple regions but lacks centralization. Both have fragmented approaches to managing Medical Surveillance because of two key factors:

  1. Communication flows in one direction
  2. Medical Results are not interpreted by a centralized "Clearing House"
A) Human Resources Solutions Vendor

The Human Resources Vendor is a company that offers an array of HR and hiring services including background checks, substance abuse screenings, employee interviews, recruitments and employee health screenings, in what is advertised as 'Occupational Health Management'. The mission of HR Solutions vendors is to improve internal hiring processes through streamlined software or web-based applications. Services are built to serve the Human Resources Department of an organization but unfortunately do not provide a comprehensive solution to organizations in the following ways:

The HR Solutions model to managing OSHA Medical Surveillance

Fig 3. The HR Solutions Vendor Model demonstrates that the vendor acts as a passthrough for the medical results. The results are not interpreted before being sent to the client organization.

  • They are not OSHA experts. HR Solutions Vendors do not create medical guidelines and standards for its clients. The Medical Surveillance program that is offered is not based on recommended medical procedures that are compliant with OSHA regulations. Instead, the cost of the program is the utilization and access to the clinics in their network.
  • Their Clinical Network is a passthrough. The HR Vendor has a network of medical clinics that are spread throughout multiple regions. The cost for this program is the direct expense for medical services. Therefore organizations are paying for the ability to access their clinical network. After a screening takes place, the medical results are released to the vendor, and then passed through to the client without medical interpretation. The flow of communication travels in one direction: From the clinic to the vendor to the client.
  • They lack a Medical Review Department. When medical results are passed through to the vendor, it is most likely not reviewed by an in-house M.D. to ensure that the person is fit or unfit for duty in accordance to OSHA compliance. Instead, the results are passed down to the client regardless of the employee's health and medical history. Therefore, the interpretation of medical records fall on the shoulders of the organization.
  • The client still carries the liability. Because the client is the party responsible for creating the medical standards, they instruct what medical procedures should be performed. The "you tell us" approach by the vendor, results in vendor removing themselves from any associated risk. Therefore, the client holds all of the liability for the entire Medical Surveillance program.
B) Clinical Network Vendor

The Clinical Network Vendor is a company that has multiple clinics spread across multiple regions. Like the HR Solutions Vendor, they offer an array of services. Their services include primary care, physical therapy, and urgent care with occupational health management as an ancillary offering. The strength of the Clinical Network Vendor is that they have multiple locations, all of which are staffed by a full medical staff including an M.D., R.N.s, P.A.s, and other support staff such as administration and technicians. The Clinical Network can provide all of the required medical services to execute a medical surveillance program. The shortfall of this model is their lack of centralization & standardized guidelines, mostly caused by their poor communication structure. It has weaknesses in the following ways:

Clinical Network model for Managing OSHA Medical Surveillance

Fig 4. The Clinical Network Vendor Model which demonstrates that medical guidelines are communicated to the medical clinics. The medical clinics communicate directly with client organization leading to a lack of centralization which causes variance.

    • Each Clinic operates as their own separate entity which creates a high degree of variance. The flow of information pertaining to medical standards starts at the corporate level with information flowing downwards to the individual clinics. The information that the clinics receive is the medical procedures that should be performed by the examining physician for the employee. The main flaw of the Clinical Network Vendor is that each clinic operates as its own separate entity. Each clinic has its own management structure of medical and administrative staffs. Therefore, theoretically, if a vendor has 100 clinics in its network, there are 100 different clinical teams. This in turn creates a high variance of medical results - an employee deemed fit in one clinic, might be deemed unfit in another depending on the examining physician's medical background, OSHA knowledge, and overall philosophy.
    • Lack of centralization raises liability. Other than the creation of medical standards, the corporate level of the Clinical Vendor relies on the clinics for OSHA compliance and surveillance. The review of medical results is performed by the clinic and then passed to the client. Because a centralized team at the corporate level does not oversee compliance and surveillance, or because that centralized team relies heavily on the opinion of the examining physician, compliance comes from the clinic's medical staff. One of the most important facets of an ongoing medical surveillance program is the comparative analysis of the employee physical exam results from year-to-year. The lack of a central entity reviewing a past year's results can lead to unfounded medical abnormalities. Ultimately the client is at risk for staffing unhealthy employees.
    • Multiple Invoices. Upon the completion of medical examinations, the client receives multiple invoices from each clinic with different CPT codes. The client is responsible for auditing invoices that contain medical terminology.
    • Unanticipated costs due to a high incidence of overpaying clinics for unauthorized and non-contracted procedures. Depending on location/market clinics will issue different charges for identical procedures.


The Standardized Compliance Program (NMS Model)

In 1994 National Medical Systems was founded with the goal of establishing a Standardized Compliance Program for OSHA Medical Surveillance. The SCP was created after a comprehensive analysis of the weaknesses of other approaches.

The main flaw in other approaches is the offering of a fragmented solution. Shortfalls include:

      • lack of centralization
      • lack of communication
      • limited understanding of proper OSHA medical protocol
      • non-integration into the organization
      • high variance of medical results
      • uncontrolled costs

With other models offering a fragmented approach, the organization carries the burden of risk by having a non-compliant program, or runs the risk of improperly surveying the health of its employees.

Conversely, the SCP offers a standardized approach that provides a managed layer of protection. Through its various resources and organizational philosophies it has created a proven process of program creation and execution. The end product is a customized but standardized compliant Medical Surveillance program.

The SCP was founded on six core values:

OSHA & Occupational Health Experts - Consisting of a Corporate Medical Director who oversees and provides direction on all Medical Surveillance initiatives, NMS comprehensively reviews all current OSHA regulations at the federal and state level.

Centralized Management - At the core of SCP is NMS's centralized management approach. As opposed to other models, all information and communication enters into NMS's management crux and is delivered to the organization directly. This eliminates the need for the organization to deal with a multitude of vendors and contacts. All information flows directly to the organization from NMS, rather than a third party. This eliminates administration and variance.

Standardized Medical Review - In connection with the centralized management approach, medical review of employee health screenings is overseen by NMS's Medical "Clearing House". When medical records are passed down from the clinic to NMS, they are checked for correctness and then rated as fit or unfit. All medical reviews follow a strict, literal interpretation of the medical guidelines. By following strict medical guidelines, NMS eliminates variance in its medical clearances.

Standardized Pricing - As part of their SCP model, all medical screenings are priced with a single charge, regardless of location and other variables. With the ability to offer clients 'exam widgets' that have set prices, organizations have the ability to accurately forecast their Medical Surveillance budget with 99% accuracy.

Multi-Channel, Multi-Directional Communication - NMS preaches a policy of open communication. All communication at NMS travels in a dynamic multi-directional model. As opposed to other models which feature one-way communication, NMS communicates with all related parties, including the organization, in a two-way feedback loop. Information in the form of medical results flows from various clinics to NMS for review; similarly NMS manages and gives direction to clinical staff on information such as correct medical protocol, OSHA medical standards. NMS also communicates with the organization in a two-way feedback loop: NMS delivers medical clearances to the organization; similarly the organization communicates with NMS via consultation on aspects of the program such as standards or program execution. In addition, NMS communicates with various mediums including its employee tracking system, the Health Depot. By adding a multi-layer communication structure, transparency is added to the program and requires less administration for the organization.

Integration - As part of standardization, NMS designs its medical surveillance program to integrate into the organizations management scheme. Therefore, all communication tactics are created to fit each department’s need. This results in program adoption requiring minimal administration on the organization's end, or what is more commonly referred to as a turnkey solution.

NMS utilizes these core values for its main processes involved in Program Creation and Execution:

Program Creation:

Understanding Need

With each organization building a different product, dispersed in different locations, and dealing with different occupational health hazards, there is a high variance of needs that requires the creation of a customized program. Therefore, NMS first interviews the organization that is requesting the Medical Surveillance Program. During its initial fact finding, NMS discusses and learns job functions that require surveillance, chemical exposures, locations of the organization, and current surveillance measures.

The NMS Standardized Compliance Program Model for managing OSHA Medical Surveillance

Fig 5. The SCP Model which demonstrates the standardized approach. It involves centralization of tasks, integration into the client organizations processes and interpretation of the medical results in accordance with established medical guidelines.

Medical Standard Creation

Upon the completion of its initial interview, the OSHA Compliance Department and Medical Department meet to create medical protocols for each respective job function. By consulting information obtained in the interview, and reviewing current OSHA regulations, NMS creates a medical protocol that fulfills all OSHA requirements. Risk factors such as exposures, age, job capacity, and work environment are considered. A list of medical procedures are generated that provides surveillance of the employees health. The final medical protocol is fully vetted and approved by NMS's Corporate Medical Director.


Upon being awarded the program by the organization, NMS holds a second meeting with its Administration and IT Department. During this meeting, the Medical Surveillance program is introduced and protocols are explained in detail. Administration and IT work conjunctively to create customized Physical Examination forms, communicate standards to each clinic, and create the online environment for the organization to access NMS's employee tracking system, the Health Depot.

Upon the completion of the Program Creation steps, the Medical Surveillance Program is executed.

Program Execution

Roster Review and Examination Scheduling

The program is first executed with a roster review. All employees who are under the umbrella of the Medical Surveillance program are entered into an NMS database. Demographics and exam expiration dates are reviewed and entered. 30-60 days prior to the exam expiration, NMS begins to contact employees to make arrangements for their annual examination.

Clinic Management

NMS makes arrangements with the clinic and gives specific instructions and direction on the type of examination that is to be administered. NMS communicates the OSHA medical standards to the clinical staff including the examining physician. NMS provides the clinic documentation on medical guidelines.

Baseline Health Assessment

The examination is performed in accordance to the medical protocol that was designed by NMS. The employee's health is documented to create an initial assessment that will be used as a comparative basis for future screenings, and as a starting point - the employee baseline medical finding is documented to prevent an attempt to claim an illness after the commencement of employment.

Medical Review Process

Upon completion of the baseline health assessment, NMS's "Clearing House" rigorously reviews the medical record in accordance of the medical guidelines. All abnormalities or potential risk factors are investigated. Any employees who list questionable medical history are contacted personally for consultation with the NMS Medical Director.

Reporting of Results to Organization

After the completion of the medical review, NMS reports the results to the client with a fit or unfit rating through a secure, encrypted connection in their employee tracking system, the Health Depot

Reporting of Results to Employee

All and any abnormal findings are noted on the medical record. NMS creates a letter documenting the abnormal findings and provides a copy of the physical exam to the employee, which is a mandatory requirement of OSHA. The letter serves as a medical record that the employee uses when visiting his/her personal physician for treatment of the problem.

On-Going Surveillance

One of the most important facets of the medical surveillance program is the continual process of screening employees. By screening employees on a year-to-year basis, all findings can be compared from one year to the next. As NMS performs its on-going surveillance, it makes comparison of prior year's results. This promotes a healthy workforce. It ensures that the organization is not only compliant, but is taking an active role in ensuring the health of its workers.

On-Going Consultation

As the program progresses, inevitably organizations change, and expand. Similarly OSHA laws adapt to new industrial markets. To adjust to these changes, NMS continually provides on-going consultations to the organization and acts a knowledge base for any expansions or changes in their current business model.

Medical Record Retention

Upon the completion of a medical screening, NMS becomes the custodian of the medical record for the organization. The records are stored and retained in compliance of OSHA regulations.


All invoices are sent directly from NMS to the organization. Rather than from various clinics, a single monthly invoice is sent to the appropriate department and can be customized to include cost-center numbers for quicker processing. Simple invoicing allows for the organization to eliminate administration.


As organizations assess their management options for an OSHA compliant Medical Surveillance program, the SCP not only provides the best standardized approach but also the best value in terms of removed risk and cost. Because of the "Clearing House" model for medical review, medical results are put through the proverbial "wringer" to ensure fit employees are in-line with the program's guidelines. The centralization of tasks means the program is managed by NMSs corporate structure and not satellite locations. Compiled together, all of the elements add a layer of protection to the organization. The SCP assumes the risk for the program which removes the liability from the organization.

In addition, because of the standardized pricing model, organizations can forecast their medical surveillance expenses within 99% of the predicted cost. The SCP allows for organizations to make exam requests that have set prices similar to ordering a widget or product.


In today's business climate, with the need for organizations to follow and adhere to OSHA regulations, an organization must provide a comprehensive medical surveillance program for its employees that is cost effective. The benefits of medical surveillance is that by promoting a healthy working staff, employees are more productive. In addition, organizations reduce the risk of injury and health claims. However, because of the burden that is needed to carry out an effective program, organizations must contribute various resources in terms of staff, capital and time. With various flaws in other market solutions, NMS's SCP model was built to provide a standardized turnkey program. The SCP not only removes liability from the organization but allows the organization to concentrate on more direct business matters by alleviating the administrative burden of managing medical surveillance. Thus, what was once an organizational responsibility becomes the responsibility of NMS.


    1. World Bank Data, United States, GDP, 2010
    2. Bureau of Labor Statistics, “Employment Status of the Civilian Noninstitutional Population, 1942 to date” (accessed May 6, 2008); and Bureau of Labor Statistics
    3. OSH Act of 1970, United States Congress
    4. Population Bulletin, Vol. 63, No. 2, June 2008, U.S. Labor Force Trends, Lee, Marlene A; Mather, Mark
    5. OSHA Federal Regulations; Standards
    6. Remarks of Joseph A. Dear, Assistant Secretary of Labor for Occupational Safety & Health, Before the Food Group, October 4, 1995
    7. Health Facilities Management Magazine, “Joseph Dear Steps Down As the Chief of OSHA”, March 1, 1997