(1) As used in this rule:
- (a) "Authorized staff" means the personnel who are responsible for creating and tracking electronic health record flags.
- (b) "Disruptive behavior" includes physically aggressive, harassing, or destructive behavior.
- (c) "Electronic health record (EHR) flag" means an alert generated within the electronic health record of a patient that notifies providers that a patient may pose a potential safety risk to themselves or to others due to the patient’s history of violent or disruptive behavior.
- (d) "Flagging system" means a system used to identify, communicate, monitor and manage potential threats of violence or disruptive behavior by patients or other individuals, including caregivers or support persons, who may encounter health care providers and personnel.
- (e) "Visual flags" means paper-based physical cues, including wristbands, signage, color-coded indicators, symbols and other visible cues built within the care environment to facilitate immediate recognition of potential threats of violence or disruptive behavior without having to access an electronic health record. Visual flags, when used, must communicate essential information in a clear, respectful, and non-stigmatizing manner to promote safety and provide neutral alerts or reminders that guide appropriate action without assigning negative labels or implying violence.
- (2) Effective May 1, 2026, a special inpatient care facility (SICF) shall implement flagging systems with the capabilities and functions to communicate potential threats of violence or disruptive behavior to providers and personnel using EHR flags and visual flags.
(3) An SICF must establish and implement written protocols and procedures for implementing and using flagging systems. The flagging system must address, at a minimum, the following:
- (a) Criteria and process for initiating flags, continuing flags, inactivating flags, and reactivating EHR flags and visual flags.
(b) Requirements for new and revised EHR flags and visual flags that include:
- (A) The reasons for initiating or revising the flag; and
- (B) Specific recommended actions that agency providers and personnel should take when interacting with a flagged individual.
(c) For EHR flags:
- (A) Designating authorized staff to initiate an EHR flag.
- (B) Training and education requirements for personnel authorized to initiate an EHR flag, including training on identifying and preventing bias in the assignment of such flags, and instruction on reducing unconscious bias to ensure that EHR flags are not unfairly or disproportionately applied to individuals belonging to groups subjected to historical and contemporary discrimination.
- (C) Provider and personnel responsibilities when an EHR flag is present.
- (D) Evaluating and identifying potential threats of violence or disruptive behavior.
- (E) Consistent practices for assigning, tracking, monitoring, and documenting information in the EHR flag.
- (F) Reviewing EHR flags every 12 months at a minimum and updating EHR flags, as necessary, for purposes of determining whether to remove or maintain a flag.
- (G) Communication and collaboration about flagged conduct or behaviors recorded in an EHR.
- (H) Safety protocols and precautions for engaging with patients with an EHR flag.
- (I) Patient privacy in relation to personnel safety, including compliance with state and federal privacy laws when communicating information through the electronic health record regarding an EHR flag.
- (J) Requiring that every flag-related action, including but not limited to initiation or reactivation, be supported by documentation for the action.
- (K) Establishing a process by which a patient, or a person authorized to make health care decisions on behalf of the patient, such as a caregiver or support person, may request review and removal of an EHR flag.
(d) For visual flags, education and training for authorized staff on:
- (A) Identifying circumstances and assessing behaviors and actions of patients and other individuals that may increase risk for potential violence or disruptive behavior;
- (B) Consistent approaches to initiating a visual flag; and
- (C) Safety protocols and precautions to take when encountering patients or other individuals when a visual flag is present.
(4) Providers and personnel of an SICF may not take any of the following actions based solely on the presence of an EHR flag:
- (a) Deny services to which the patient would otherwise be eligible.
- (b) Make decisions regarding the patient’s access to care.
- (c) Prevent or restrict the right of the patient to file a complaint with the appropriate federal or state agency concerning the patient’s right to privacy.
- (d) Deny or restrict the patient’s right to access or obtain the patient’s protected health information.
- (e) Contact, report or disclose information to law enforcement, unless it is necessary to prevent or lessen serious or imminent threat to the health or safety of an employee, patient, caregiver, support person, or the public.
- (f) Deny, restrict or withhold medical or nonmedical care that is appropriate for the patient.
- (g) Punish or penalize the patient.
Statutory/Other Authority
ORS 413.042 & ORS 441.025
Statutes/Other Implemented
ORS 441.025, ORS 441.020 & ORS 441.201
History
PH 16-2026, adopt filed 01/29/2026, effective 02/01/2026