As states start to lift or relax restrictive measures implemented at the outset of the COVID-19 pandemic, many businesses are preparing reopen in some capacity. As highlighted in K&L Gates’ recently published Reopening Checklist, much thought and care must be given to the implementation of safety measures for employees. For many businesses, this means taking steps to ensure third-party service providers and their personnel are not putting the company’s employees or, where applicable, a company’s customers at risk. Many businesses have already implemented state of the art COVID-19 focused safety measures, policies, protocols, and training programs that they can continue or modify as restrictions are lifted.
The same may not be true, however, for the smaller third-party service providers with which businesses do business. Third-party service providers may supply personnel who are interacting with company employees or customers at a company’s worksite, at the third-party service provider’s worksite, at another third-party worksite, or in a public space. Below we describe the guidance issued by the U.S. Department of Occupational Safety and Health Administration (OSHA) on preparing workplaces for COVID-19 (the OSHA COVID-19 Guidance)[1] as it applies to third-party service providers. We also provide some thoughts on reviewing contractual arrangements with third-party service providers to ensure appropriate compliance with worker health and safety laws.
OSHA COVID-19 Guidance on Third-Party Service Providers: Operational Considerations and Preemptive Mapping of Third-Party Service Providers
The OSHA COVID-19 Guidance is designed to be a planning resource to help businesses identify risk levels in their workplaces related to potential COVID-19 spread and determine appropriate control measures to put in place to mitigate that risk. It is not a standard or regulation, and it does not replace any existing obligations covered by OSHA standards or the Occupational Health and Safety Act.
With respect to third-party service providers, the OSHA COVID-19 Guidance encourages businesses to “[t]alk with companies that provide your business with contract or temporary employees about the importance of sick employees staying home and encourage them to develop non-punitive leave policies.”[2] Operationally, this means that a business should engage in an active dialog regarding COVID-19 workplace safety and health measures with their third-party service providers. In general, this means that businesses should consider informing their third-party service providers of updated guidance issued by OSHA, the Centers for Disease Control, local health authorities, and other entities and encouraging third-party service providers to follow all applicable guidance and best practices. Businesses may even consider inquiring about the measures that third-party service providers are taking regarding COVID-19. For example businesses can inquire regarding third-party service provider protocols for temperature testing, symptom screening, and social distancing. However, businesses must remain mindful of not overstepping legal boundaries in these discussions, which could cause joint employment or independent contractor misclassification concerns.
Businesses should also ask their own employees to alert them if their employees observe third-party providers’ personnel violating applicable workplace safety and health laws, government guidelines, or company policies. For example, employees should report if third-party service provider personnel are violating social distancing, hand washing, or face covering mandates. Businesses should also consider updating policies and notices to establish clear reporting mechanisms and procedures that are appropriate for the business’ size, workforce, and other individual circumstances. By doing so, businesses can emphasize that harassment and retaliation, including for raising safety concerns, will not be tolerated, and employees should use the established reporting mechanism if there are issues. Managers, executives, and any other designated person receiving those reports should have a clear protocol to follow for handling such reports. Such a protocol could include reminding the third-party provider’s personnel and third-party provider of any of the business’ COVID-19 health and safety policies that apply to third-party provider personnel at the business’ worksite.
Businesses must be careful, of course, to ensure that they themselves are following their own workplace safety and health policies. For example, if businesses implement symptom and temperature screening protocols applicable to all individuals who enter the workplace, businesses should be sure they not making exceptions to those protocols for their own employees or for third-party vendor personnel. Also, in the event businesses engage third-party service provider personnel to perform services offsite, such as at customer or other independent locations, businesses should work cooperatively with their third-party service providers to ensure that appropriate diligence is being performed regarding the health and safety protocols at the offsite locations. For example, if a business engages third-party service providers to perform catering at an event venue, the parties should confirm that the venue management has appropriate procedures and supplies in place to protect all individuals who enter the venue (e.g., hand sanitizing stations, social distancing, food sanitation protocols).
We recommend that before reopening a workplace, a business review its current OSHA compliance plan and the OSHA COVID-19 Guidance and consider preemptively mapping the various ways that third-party service providers may interact with the business over the next six months. Does a third-party come in to run the in-house cafeteria, provide janitorial services, or supplement the customer service function? Does the business have a major piece of equipment that periodically breaks down and requires service? Does a temporary staffing agency provide the business with seasonal workers? Are auditors coming in at the end of a quarter to perform an audit, and review financial work papers and count physical inventory? Are businesses hosting a conference at a hotel run by a third-party and its personnel? All of these third-party service provider scenarios implicate different health and safety issues for which planning should occur before the service providers are arriving on site to perform their services.
Dust Off Your Contracts with Third-Party Service Providers
Once businesses have assessed their own policies, preemptively mapped their third-party service providers, and started engaging in a dialogue with those third-party providers, businesses should review their contracts with each third-party service provider to determine whether modifications should be made in light of the COVID-19 pandemic. The following are some areas businesses may want to consider:
-
Require the third-party provider to provide relevant insurance in an amount no less than required by law (and while businesses are thinking about this, they should review their insurance coverage as well). Depending on the nature of the business, this insurance should include unemployment, workers’ compensation, general liability, employment practices liability, commercial automobile liability, and professional liability insurance. Note that many standard property and liability policies exclude “pollution” coverage, which is often defined to include disease outbreak. If this is the case, consider whether a special rider or environmental insurance may be needed. A business may also wish to request a copy of the third-party provider’s applicable insurance agreements to ensure that the business is listed as a third-party beneficiary or as an additional insured where applicable and to ensure that applicable insurance coverage amounts have been procured if the business has not already obtained such proof of coverage.
- Consider including new forms of insurance requirements in light of lessons learned from the COVID-19 pandemic, such as business interruption or supply chain insurance.
- Clearly place on the third-party provider the obligations to:
- handle workers’ compensation and unemployment claims involving its employees; and
- train its employees, including regarding occupational safety and health compliance.
- Require all third-party personnel to sign and deliver to the business an acknowledgement that they are not the business’ employee and are not entitled to any benefits offered by the business.
- Contain sufficient representations regarding the third-party provider’s compliance with applicable legal mandates and guidance regarding COVID-19, including the OSHA COVID-19 Guidance.
- Obligate the third-party provider to abide by certain of the business’ policies, including policies related to COVID-19 workplace health and safety measures, such as temperature and symptom check policies, personal protective equipment policies, and policies regarding COVID-19-related infection and exposure reporting. A business should provide these policies to third-party providers in a way that can be later confirmed and should require them to attest to the distribution of the policies to their employees. A business should also reserve the right to change these policies at its sole discretion and ensure that it is providing third-party providers with any relevant updates.
- Require the third-party provider to give the business appropriate COVID-19-related information regarding its employees, where necessary, to ensure the health and safety of its employees or customers and that are consistent with applicable laws and guidance, including equal employment opportunity and privacy laws and guidance.
- Confirm which party is primarily responsible for maintaining a safe worksite in compliance with the Occupational Safety and Health Act and similar state laws and regulations as they pertain to the third-party provider’s employees.
- Clarify whether the company or the third-party provider will be responsible for supplying personal protective equipment to the third-party provider’s personnel. If the third-party provider is responsible, make sure that the agreement allows the business to approve the equipment and enforce its use.
- Include sufficiently broad indemnification language running from the third-party provider to the business to cover all claims, losses, and liabilities (including attorneys’ fees) arising out of or resulting from illness, injury, or death of any third-party service provider personnel or any other person resulting from the negligent acts or omissions of the third-party, or from the third-party’s breach of any of its representations, warranties, or obligations under its contract with the business.
- Include waiver of liability language, pursuant to which the third-party agrees to require its personnel to prospectively waive the right to sue the business for injuries or damages arising out of their provision of services or activities. In most jurisdictions, liability waivers that protect a party from liability arising out of that party’s negligence are enforceable as long as they are clear, unambiguous, and have been fairly negotiated between the parties, although the enforceability of such agreements pertaining to COVID-19 has not yet been litigated. To ensure that the language is clear and the third-party personnel fully understand the risks and rights they intend to waive, a company may want to consider including express language that specifically notes the potential risk of exposure to COVID-19. A business should request copies of the written waivers by third-party personnel before they are allowed to begin performing services for the business.
- Provide the business a right to inspect the third-party’s records to verify compliance with the contract.
- Allow the business to promptly suspend or terminate the contract without a penalty in the event the third-party breaches any of its representations, warranties, or obligations concerning COVID-19 workplace safety and health measures in the contract or in the event of an event beyond the company’s reasonable control, such as a forced closure of the worksite pursuant to an executive or public health order.
- Provide the business the ability to seek injunctive relief in the event of a breach or threatened breach by third-party of any of its representations, warranties, or obligations concerning COVID-19 workplace safety and health measures.
This Is All Overwhelming – How Do I Get Started?
The proactive mapping of third-party service provider relationships, planning for operational health and safety measures, and review of service provider contracts are a few small pieces of the larger pie of creating a step-by-step plan to reopen your business. We are seeing many businesses form cross-functional “Reopening Committees” tasked with overseeing all operational, financial, and health/safety measures needed to reopen workplaces safely and in a manner that is not overly burdensome on their businesses. We believe getting involvement from senior leaders from different business functions and setting the proverbial “tone-at-the-top” with those committees will be key to protecting the health and safety of our national workforce and its constituencies as we reopen for business throughout the United States.
Notes:
[1] https://www.osha.gov/Publications/OSHA3990.pdf.
[2] Id.