How to Implement an Emergency Preparedness Program

In our previous blog, we discussed the Emergency Preparedness for Medicare and Medicaid-participating Providers and Suppliers Final Rule issued on September 16, 2016 (CMS-3178-F) . In particular, as to the goals CMS wishes to achieve through the adopted regulatory approach to promote continuity of services by healthcare providers in case of a disaster. In this blog post, we will focus on what providers and suppliers should consider when establishing their emergency preparedness program to set the proper foundation to undertake activities related to their emergency preparedness plan.

Let’s start from the top by defining the concept of an emergency preparedness program. In order for any organization to achieve an appropriate level of preparedness for an emergency or natural disaster that impacts its ability to provide essential services to its stakeholders, it must engage in a series of planning activities. These include performing a risk analysis to identify potential threats and assess their impact on the organization, establishing an overall strategy to respond to potential disaster scenarios and ensure continuity of operations, implementing policies and procedures that support preparedness and disaster management activities, training the workforce on the organization’s adopted emergency preparedness policies and procedures, and performing periodic reviews to assess the organization’s ability to respond to an emergency or disaster situation. Given the evolving nature of organizations from an organizational, operational, and industry dynamics standpoint, organizational planning for emergency preparedness today may imply a set of requirements (e.g. locations, services, personnel, other stakeholders) and a resulting plan that is completely different from emergency preparedness planning and requirements in the past, and which will surely be different form the planning and requirements in the future. Therefore, the previously described activities (e.g. performing a risk analysis, establishing a continuity strategy, defining policies and procedures) must be reviewed on a continuous basis, and therefore emergency preparedness is not a project, a closed set of activities with an identifiable start and finish dates, but rather, it is a program, where a set of activities must be performed continuously. Hence, an emergency preparedness program is a set of activities that must be performed periodically for an organization to define, implement, and review plans that will allow the organization to recover operational capabilities within established timeframes.

The most important aspect of initiating an emergency preparedness program is for the organization to understand the need for an emergency preparedness program and how it fits within the organization’s overall risk management framework. In this sense, understanding the need for an emergency preparedness program, clearly establishing its purpose, and defining associated goals is the responsibility of an organization’s Board of Directors or similar governance body. Once the purpose and goals of the emergency preparedness program are defined and agreed, it will be necessary to identify executive leadership that can act as sponsors for the emergency preparedness program. These sponsors will define objectives to meet the goals established by the Board of Directors, set associated recovery targets (including timeframes), select a program implementation approach, as well as ensuring that adequate and sufficient organizational resources are allocated to the emergency preparedness program. At this point, the organization should establish a governance structure that is specifically chartered with overseeing the emergency preparedness program and ensure that it is continuously meeting established goals and objectives. The executive leadership previously identified as sponsors chartered with the definition of program objectives are ideal candidates for inclusion in the governance structure, which can be established as a Steering Committee. The roles and responsibilities of the Steering Committee can include approving key artifacts generated by the emergency preparedness program, such as the risk analysis and emergency preparedness strategy. In addition, the Steering Committee should ensure that program goals and objectives approved by the Board of Directors are being met and ensure corrective action plans are implemented.

Once the emergency preparedness program has been duly established and chartered, the organization can then move on to program implementation and control activities. These activities may be delivered using the organization’s adopted project management framework. It is important to distinguish between initial implementation activities when an organization is establishing an emergency preparedness program for the first time, and the reality that once initial implementation is completed, the activities associated with the emergency preparedness program must continue to be executed as defined by the Steering Committee in order to meet program goals and objectives established by the Board of Directors. The Final Rule defines the minimum set of activities that Medicare and Medicaid providers and suppliers must undertake as part of their emergency preparedness programs, which were described in the previous blog:

• Risk assessment and emergency planning
• Policies and procedures
• Communication plan
• Training and testing

The Final Rule establishes requirements as to the frequency in which organizations must review and update elements of their emergency preparedness program. Therefore, the policies and procedures adopted by providers and suppliers must reflect these requirements. More importantly, emergency preparedness program activities must implement the adopted policies and procedures. The review and update requirements in the Final Rule are as follows (citations correspond to hospital emergency preparedness requirements; citations are different for other provider types):

• The emergency preparedness plan resulting from the risk assessment activities must be reviewed and updated at least annually. (42 CFR §482.15(d)(2))
• The emergency preparedness policies and procedures based on the emergency preparedness plan must be reviewed and updated at least annually. (42 CFR §482.15(b)(2))
• The emergency preparedness communications plan, which must comply with Federal, State, and local laws must be reviewed and updated at least annually. (42 CFR §482.15(c))
• The emergency preparedness training and testing program that is based on the emergency plan, risk assessment, policies and procedures, and the communication plan must be reviewed and updated at least annually. (42 CFR §482.15(d))
  • As part of an annual review and update, staff are required to be trained and be familiar with policies and procedures in the operation of their facility and are held responsible for knowing these requirements. Annual reviews help to refresh these policies and procedures which would include any revisions to them based on the facility experiencing an emergency or as a result of a community or natural disaster. (42 CFR §482.15(d)(1)(ii))
  • The provider must conduct exercises to test the emergency plan at least annually. (42 CFR §482.15(d)(2))

In the next article, we will discuss specific CMS guidance and make recommendations related to the risk assessment and the emergency preparedness plan.