Accrediting organizations want healthcare organizations to continually improve. As well as, healthcare organizations are also wanting to continually improve their own processes to improve patient care, internal processes, their physical environment, and reduce costs. The one area that seems to get the least amount of attention is emergency preparedness. Why is that? The most common reason is that leadership in many organizations tend not to focus their attention on scenarios that “may never happen.” This is understandable, until it does.

Healthcare organizations are one of the most regulated industries in the country. They are also one of the most dangerous places to work. When something bad happens, they are one of the first places the community seeks assistance from. Emergency preparedness plays a huge role. Preparation and support by leadership is imperative for an organization to have a successful emergency preparedness program.

Let’s take a look at what an accrediting organization needs to ensure a healthcare organization has a successful program in place. 

There are four key elements to an emergency preparedness program:

1. Emergency Preparedness Plan
2. Policies & Procedures
3. Communication Plan
4. Training & Testing Program

‍

EMERGENCY PREPAREDNESS PLAN

The Emergency Preparedness Plan must be an all-hazards approach. This means that it must be able to respond to any disaster that impacts your facility. The plan must be based upon a risk assessment and the risk assessment must be based upon the facility and community. Essentially, there must be two risk assessments. There is a facility-based risk assessment and a community-based risk assessment. The organization must participate in a healthcare coalition, and this is typically where the organization will be able to participate in the community-based risk assessment. As we have been reviewing many organizations’ risk assessments, it has been interesting to see the number that have not been risking cybersecurity high. This has typically been risked as either medium or low. There is a lot of industry information supporting healthcare facilities start focusing on cybersecurity.

POLICIES AND PROCEDURES

Healthcare facilities must have policies and procedures that support the Emergency Preparedness Plan. The organizations must have policies and procedures on all the following:

• Provision of subsistence needs for staff and patients including:

o   Food, water, medical and pharmaceutical supplies

o   Alternate sources of energy to maintain the following:

§  Temperatures to protect patient health and safety

§  Emergency lighting

§  Fire detection, extinguishing, and alarm systems

§  Sewage and waste disposal

• If there were a loss of the primary power source, how required heating and cooling of the hospital will be maintained during an emergency, as necessary.
• Maintenance of necessary services including, but not limited to:

o   Access to medical gasses

o   Treatment of soiled linens

o   Disposal of biohazard materials for different infectious diseases

• A system to track the location of on-duty staff and sheltered patients in the hospital’s care during an emergency.
• Safe evacuation from the organization’s facility(s).
• Primary and alternate means for communication with external sources for assistance.
• A means to shelter in place for patients, staff, and volunteers who remain in the facility.
• A system of medical documentation that preserves patient information, protects confidentiality of patient information, and secures and maintains the availability of records.
• The use of volunteers in an emergency and other emergency staffing strategies, including the process and role for integration of State and Federally designated health care professionals to address surge needs during an emergency.
• A method for contacting off-duty staff during an emergency and procedures to address other contingencies in the event staff are not able to report for duty.
• The development of pre-arrangements with other hospitals and other providers to receive patients in the event of limitation or cessation of operations to maintain the continuity of services to hospital patients.
• The role of the organization under a waiver declared by the Secretary of Health & Human Services, in accordance with section 1135 of the Social Security Act.

These policies and procedures must be separate from the Emergency Operations Plan and must be reviewed a minimum of every two years.

COMMUNICATION PLAN

The Communication Plan must also support the Emergency Operations Plan. This plan can be included in the Emergency Operations Plan and must be detailed. It must include the following information:

• Names and contact information for the following:

o   Staff

o   Entities providing services under arrangement

o   Patients’ physicians

o   Other hospitals and critical access hospitals

o   Volunteers

• Contact information for the following:

o   Federal, State, tribal, regional, and local emergency preparedness staff

o   Other sources of assistance

• Primary and alternate means for communicating with the following:

o   Hospital’s staff

o   Federal, State, tribal, regional, and local emergency management agencies.

• A method for sharing information and medical documentation for patients under the organization’s care, as necessary, with other health care providers to maintain the continuity of care.
• In the event of an evacuation, a means to release patient information as permitted under 45 CFR 164.510(b)(1)(ii).
• A means of providing information about the general condition and location of patients under the facility’s care as permitted under 45 CFR 164.510(b)(4).
• A means of providing information about the hospital’s occupancy, needs, and its ability to provide assistance to the authority having jurisdiction, the Incident Command Center, or designee.

Contact information for staff, entities providing services under arrangement, patients’ physicians, other hospitals and critical access hospitals, and volunteers should be reviewed at least annually. It is important for new staff and departing staff and any other contact information to be updated throughout to make sure it is current. When determining primary and alternate communicating methods, it is important for the organization to ensure that it selects means of communications that are compatible with communication systems of other facilities, agencies, and state and local officials that it plans to communicate with during emergencies. This is a critical piece of information to review during planning. The Communication Plan must be reviewed a minimum of once every two years.

TRAINING AND TESTING

The final piece to the program is the training and testing program. Healthcare facilities determine what their staff are trained on. However, it must be based on what their expected role would be during a disaster. The testing of the Emergency Operations Plan must include a full-scale functional community-based exercise. If the organization cannot participate in the community-based exercise they must have documentation as to why. Then they would be able to perform a full-scale functional hospital-based exercise in place of the community-based exercise. The second exercise can be either a full-scale functional community-based exercise, a full-scale functional hospital-based exercise, or a tabletop exercise. All the exercises must test the response of the organization and include an evaluation of the response. The testing program must be reviewed and updated at least every two years.

We do see that healthcare facilities are performing exercises. The smaller facilities do sometimes struggle with participation in a community-based exercise. This seems to be based on staffing and lack of participation in the healthcare coalition. Earlier, the lack of attention to cybersecurity was mentioned as not being a high risk to many healthcare facilities. We also tend to not see many disaster exercises related to cyber attacks either. I encourage healthcare facilities to make this a priority going forward. Take the opportunity to test your disaster response on different possibilities other than the traditional disasters such as tornadoes, hurricanes, and HAZMAT. There is an opportunity to think outside of the box and focus on disasters that are emerging and could cause a lot of chaos if and when they should impact your facility. 

STAY PREPARED!

‍