Healthcare Providers Face New Rules For “All Hazards” Emergency Planning
Home  |  Settings  |  Marketing Options  |  About Us  |  FAQs    Join SourceSecurity.com on LinkedIn
REGISTERTerms
Leadership

Healthcare Providers Face New Rules For “All Hazards” Emergency Planning

Each individual facility must perform a Risk Assessment to identify the areas that must be dealt with to conform with the Final Rule
While the timing is not ideal, this Rule is the result of tragedies of unprecedented proportions

On September 16, 2016, six weeks before America’s ‘historic’ election, the U.S. Centers for Medicare and Medicaid Services (CMS) published CMS-3178 - The Final Rule for Healthcare Emergency Preparedness. The purpose of this new regulation is to: establish consistent emergency preparedness requirements across provider and supplier networks, establish a more coordinated response to natural and man-made disasters and increase patient safety during emergencies.

Regulating Healthcare Facilities

This is not a sleepy regulation that gives the healthcare industry up to five years to prepare, like HIPAA (Healthcare Insurance Portability and Accountability ACT). This rule mandates that if healthcare facilities do not comply by November 15, 2017, they risk not receiving Medicare and Medicaid reimbursements in December.

Who does this affect? This applies to seventeen Medicare and Medicaid provider sectors, ranging from Home Healthcare workers to major Cancer Treatment centers, medical laboratories and everything in between.

Beyond the techno-jargon and acronyms, the goals of the Rule recognize that there are systemic gaps in the emergency Planning and Implementation process that must be closed by establishing consistency and encouraging coordination across the Emergency Preparedness sector of the United States and its possessions.

I have discovered numerous cases
where nobody on the overnight
shift or weekends knew how to
operate important life-support
critical systems

Healthcare Requirements Rule

While the timing is not ideal, this Rule is the result of tragedies of unprecedented proportions. In Hurricane Katrina, dozens of hospital and eldercare home patients died. During Superstorm Sandy, countless hospital ‘backup systems’ were flooded or insufficient for the need. There was also the Anthrax Scare of last decade and the recent H1N1 Epidemic – they were all catalysts for development of this type of rule. In addition, as I have traveled around the country conducting countless assessments, I have discovered numerous cases where nobody on the overnight shift or weekends knew how to operate important life-support critical systems like generators, or who to call when the fuel runs out.

Requirements To Be Provided

The requirements that are to be provided are:

Risk Assessment and Planning Document

Each individual facility must (internally or externally) perform a Risk Assessment to identify the areas that must be dealt with to conform with the Final Rule.

Policies and Procedures

Based on the Risk Assessment, develop an emergency plan using an all-hazards approach-focusing on capabilities and capabilities that are critical for a full spectrum of emergencies, or disaster specific to the respective location(s).

Communications Plan

Develop and maintain a communications plan to ensure that Patient care must be well coordinated within the facility, across healthcare providers and with State and Local public health departments and emergency systems

Training and Testing Plan

Develop and maintain training and testing programs, including initial and annual re-training, conducting drills and exercises (full-participation and tabletop) in an actual incident that tests the plan and the staff’s ability to work together and accomplish the goals of the exercise.

The Rule specifically aims at smaller facilities that are more focused on patient service rather than preparing for a major disaster
Security Integrators should prepare for demand for hardware and software to support the theme of this regulation

Healthcare Security Department

Apparently, this Rule was developed in late 2013 and sent to the White House and while preparing to close the books, the Obama team discovered the document in September 2016 and quickly approved it, making it law in 60 days and giving 365 days for the healthcare community to comply with the regulations.

While this rule does not apply directly to the ‘healthcare security’ departments, consultants who have experience in healthcare risk, vulnerability and threat assessments are best positioned to provide the necessary assessments in a timely manner.

Security Integrators should be prepared for a demand for the following hardware and software to support the theme of this regulation:

  • Intelligent Access Control
  • Visitor Management
  • Mass Evacuation Alert Programs and Systems
  • More extensive use of video surveillance so management can quickly assess an incident
  • Interoperability with appliances that serve the community on public service networks

Backup systems for all electronic functions from the Network Infrastructure to the simplest of healthcare support tools.

The Rule specifically aims at
smaller facilities like Behavioural
Health Facilities, Eldercare Homes
and small laboratories

 

What Should The Healthcare Community Do?

This Rule is not intended to only focus on large and medium-sized hospitals. It specifically aims at smaller facilities like Behavioral Health Facilities, Eldercare Homes and small laboratories that are more focused on patient service rather than preparing for a major disaster.

The healthcare community should:

  • Download the 186-page rule from Ultra Safe or Federal Resister website.
  • While this rule focuses on Emergency Preparedness, it obviously touches on Business Continuity. The healthcare community should make sure that the C-Suite is aware of this rule and emphasize the timeliness.
  • Begin following the three-step process to implement the changes or retain a consultant with healthcare experience to perform the assessment and support your organization as the respective plans evolve.
  • There is a possibility that the new Administration may give the healthcare community additional time to complete the steps necessary to be compliant, but it is doubtful that it will be eliminated.

Download PDF Version

Follow us for latest editorial and commercial opportunities


Please rate this article


Related videos
Bookmark and Share
Featured White Paper

The evolution of cards and credentials in physical access

Physical access control has been a key component of many organisations’ security strategies for several decades. Like any technology, access control has evolved over the years, and solutions now offer more security and convenience than ever before. From swipe technologies, such as the now antiquated magnetic stripe, to a variety of contactless technologies and mobile access credentials, businesses now have several choices when it comes to access control.

This White Paper will examine the technologies available today and the bright future of mobile access, as well as clarify why you should ensure that each component of the access control ecosystem is as secure as possible.


See privacy and cookie policy