The early October wildfires in Northern California and recent spate of hurricanes in the Southeast and Puerto Rico reinforce the fact that the healthcare community is in need of more stringent attention to organised and community-supported Emergency Management.

Regulating healthcare facilities

With the potential for catastrophes in the future, the Centers for Medicare and Medicaid Services (CMS) has been working on "All-Hazards" Emergency Preparedness for several years and published CMS-3178 - The Final Rule for Healthcare Emergency Preparedness on September 16, 2016. 

The purpose of this new regulation is to:
(1) Establish consistent emergency preparedness requirements across provider and supplier networks,
(2) Establish a more coordinated response to natural and man-made disasters, and
(3) Increase patient safety during emergencies.

This is not a sleepy regulation that gives the healthcare industry up to five years to prepare, like HIPAA (Healthcare Insurance Portability and Accountability ACT). This rule mandates that if healthcare facilities do not comply by November 15, 2017, they risk not receiving Medicare and Medicaid reimbursements in December.

Who does this affect? This applies to seventeen Medicare and Medicaid provider sectors, ranging from Ambulance Service companies to hospice providers, clinical laboratories and everything in between. 

The seventeen disciplines

  1. Hospitals
  2. Religious Nonmedical Health Care Institutions (RNHCIs)
  3. Ambulatory Surgical Centers (ASCs)
  4. Hospices
  5. Psychiatric Residential Treatment Facilities (PRTFs)
  6. All-Inclusive Care for the Elderly (PACE)
  7. Transplant Centres
  8. Long-Term Care (LTC) Facilities
  9. Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID)
  10. Home Health Agencies (HHAs)
  11. Comprehensive Outpatient Rehabilitation Facilities (CORFs)
  12. Critical Access Hospitals (CAHs)
  13. Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient Physical Therapy and Speech-Language Pathology Services
  14. Community Mental Health Centers (CMHCs)
  15. Organ Procurement Organizations (OPOs)
  16. Rural Health Clinics (RHCs) and Federally Qualified Health Centers (FQHCs)
  17. End-Stage Renal Disease (ESRD) Facilities
Demand for hardware and software from security integrators
Security Integrators should prepare for demand for hardware and software to support the theme of this regulation

Beyond the techno jargon and acronyms, the goals of the Rule recognise that there are systemic gaps
that must be closed by establishing consistency and encouraging coordination across the Emergency
Preparedness sector of the United states and its possessions. For example, “The Rehabilitation Center” in Hollywood Hills, Florida that had a portable generator and window air conditioning units because of the extreme heat, causing fourteen deaths, probably would have avoided that tragedy had there been better planning and training for a long-term power failure.

“You can’t just back up a generator to a nursing home and plug it in,” said Bob Asztalos, a Florida lobbyist at a recent Florida state hearing. Ironically, this facility was “across the street” from a major hospital and some pre-planning and installation of an “emergency” generator connection with the hospital’s power plant could also have helped immensely. There were several other factors to this tragedy-refer to this website for a CBSN video about the facility.

Las Vegas shooting

The Oct. 1 mass shooting in Las Vegas where over twenty area hospitals were dealing with victims further reinforces the need for better “community-wide” support and communications.

Further, there are four requirements that facilities must fulfill complete before the deadline:

  • Risk Assessment and Planning Document
    Each individual facility must (internally or externally) perform a Risk Assessment to identify the areas that must be dealt-with to conform with the Final Rule.

  • Policies and Procedures
    Based on the Risk Assessment, develop an emergency plan using an all-hazards approach focusing on capabilities and capabilities that are critical for a full spectrum of emergencies, or disaster specific to the respective location(s).
  • Communications Plan
    Develop and maintain a communications plan to ensure that Patient care must be well coordinated within the facility, across healthcare providers and with State and Local public health departments and emergency systems

  • Training and Testing Plan
    Develop and maintain training and testing programs, including initial and annual re-training, conducting drills and exercises (full-participation and tabletop) in an actual incident that tests the plan.
Hospital waiting room
The Rule specifically aims at smaller facilities such as Eldercare Homes and Laboratories that are more focused on patient service

Hardware and software demand

What does this mean to the healthcare security and support community? While this rule does not apply specifically to healthcare security and safety departments, consultants who have experience in healthcare risk, vulnerability and threat assessments are best positioned to provide the necessary assessments in a timely manner.

Security Integrators and other support vendors should also be ready for a demand for the following hardware and software to support the mandates of this regulation:

  1. Intelligent Access Control
  2. Visitor Management
  3. Mass Evacuation Alert Programs and Systems
  4. More extensive use of video surveillance so management can quickly assess an incident
  5. Interoperability appliances that community on public service networks
  6. Backup systems for all electronic functions from the Network Architecture to the simplest of healthcare support tools
  7. Electrical Upgrades
  8. Provision of Fresh Water and disposal of Sewage capabilities when the facility infrastructure fails
  9. Additional HVAC support through the facility’s backup systems
  10. Vendors for Fuel and other types of off-site support
  11. Suppliers of day-to-day supplies and medicine
  12. Communications support in the event of landline and cell phone failures

What should the healthcare community do?

What does this mean to the healthcare community? This Rule is not intended to focus only on large and medium-sized hospitals. It specifically aims at smaller facilities such as Eldercare Homes and Laboratories that are more focused on patient service rather than preparing the facility for a disaster.

Download the entire rule and resource information from the ASPR-TRACIE website. ASPR-TRCIE has been a leader in providing for those desiring additional support in this and other areas of healthcare emergency preparedness. While this rule focuses on Emergency Preparedness, it obviously touches on Business Continuity, Facility Management, Community Relations, Human Resources and other disciplines in the healthcare community. Make sure the C-Suite is aware of this rule and emphasize the timeliness.