Connecticut Mandates Reporting of Patient Violence Data

In response to escalating violence against healthcare workers, Connecticut has enacted Public Act 24-19, which took effect on October 1, 2024. This legislation was spurred by tragic events, including the murder of a home health nurse, and aims to provide better protection for those delivering care in patients' homes. The law mandates that home health agencies collect specific risk assessment data on clients, a measure intended to preemptively alert staff to potentially dangerous situations. The new law requires home health and home health aide agencies to gather information on a client's psychiatric history, any history of violence towards healthcare workers, substance use, and domestic abuse. This information must be made available to the employees assigned to care for that client. However, the legislation stipulates that agencies cannot deny services based solely on the information collected, creating a delicate balance between worker safety and patient access to care. Annually, by January 1st, home health agencies are required to report each instance of verbal, physical, or sexual abuse by a client against a staff member to the Department of Public Health (DPH). The DPH, in turn, will report on these trends to the state legislature. This establishes a centralized data collection system intended to inform future policy and improve safety protocols. This new reporting structure presents significant data governance challenges for both the healthcare agencies and the DPH. Agencies must now implement robust and secure systems for collecting, storing, and sharing this highly sensitive patient data, ensuring compliance with HIPAA while making the information accessible to frontline staff. For the DPH, the challenge lies in aggregating and analyzing this new stream of data to identify meaningful trends that can lead to effective violence prevention strategies. The creation of this new dataset raises important questions about data architecture and privacy. Securely managing information about a patient's history of violence requires careful consideration of access controls, data encryption, and audit trails to prevent unauthorized access or misuse. While all providers in Connecticut are required to connect to the statewide Health Information Exchange (HIE), Connie, this new mandate specifies reporting to the DPH, not directly to Connie. For data platform architects in healthcare, this legislation highlights the growing need for systems that can handle increasingly diverse and sensitive data types. The challenge is to design data pipelines and analytics platforms that can integrate this new safety-related data with existing clinical records to provide a more holistic view of patient encounters, while adhering to stringent privacy regulations. This includes implementing technical safeguards and clear governance policies to manage access and use of such sensitive information. The law also introduces a grant program to help agencies fund safety technology, such as emergency alert systems and tracking devices, and provides for potential Medicaid rate enhancements for timely reporting of workplace violence incidents. This incentivizes the adoption of new technologies and data collection practices aimed at improving the safety of healthcare workers in the field. This initiative in Connecticut reflects a broader national conversation about the safety of healthcare workers and the role of data in mitigating risks. As more states consider similar measures, the healthcare technology sector will face increasing demand for innovative solutions that can balance the critical need for information with the imperative to protect patient privacy. The success of these initiatives will depend on the development of secure, interoperable data platforms and clear data governance frameworks.