Creating Your Risk Assessment for CMS Rule Compliance

You’re familiar with the new regulations requiring healthcare facilities to have an emergency preparedness plan. You know that part of that plan is a risk assessment, using an “all hazards” approach. But what does “all hazards” mean?

At its heart, an all hazards risk assessment is an assessment of the risks associated with a broad spectrum of potential emergencies. What it doesn’t mean is making a comprehensive plan for every imaginable disaster situation. When looking at the many possibilities for an emergency situation in your area, it makes sense to answer three different questions:

  • What is the relative probability that an emergency like this could occur?
  • What is the level of disruption that could result were an emergency like this to occur?
  • How prepared are we for an emergency of this nature?

 

Types of emergencies

The first step can be most overwhelming, as there are so many different emergencies that can occur. It can help to think about them in broader categories.


Epidemics and Pandemics

This can include illnesses that spread quickly through large numbers in the community, as with a bad strain of influenza, or issues stemming from a particular behavior, such as a wave of overdoses associated with opiate abuse. Rural areas with many people working in animal agriculture might think specifically about zoonotic diseases, while communities with large amounts of international tourism might need to keep an eye out for illnesses generally more common in other parts of the world.

Texas Health Presbyterian Hospital in Dallas was well-prepared for the types of emergencies it expected to see in north Texas. It was somewhat less prepared to serve the diverse international community that lived in the neighborhood just across the road. When Ebola found its way into their emergency room, mistakes were made. The hospital not only keeps better tabs on international happenings, but it has a much more robust emergency plan than it did before, one which includes more extensive drills and training. Their risk assessment has shifted.


Natural Disasters

The types of natural disasters you might reasonably expect to experience tend to be highly regional—sometimes even local—in nature. Severe thunderstorms might occur almost anywhere, but one neighborhood could be prone to flooding while another neighborhood one block over might not, due to the natural topography of the land. Dust storms might be an issue in Albuquerque, with Buffalo more likely to experience a blizzard. It’s also to take community capacity into account when doing risk assessment. While that blizzard is considerably more likely in Buffalo, it would cause a much more harmful result in Albuquerque, where snow plows and salt trucks are in short supply.

Meteorological changes can also impact risk assessment. Wildfires, hurricanes, and other extreme events can be impacted by large-scale shifts in weather patterns. It’s important to remember that information about the likelihood of a given event may have changed dramatically in recent years.


Infrastructure Failure

This category includes a wide range of failures, from the collapse of a building or road to a simple power failure. Infrastructure failures can occur on their own, or as a result of a natural disaster or deliberate attack. The Fukushima Daiichi nuclear disaster of 2011 is a well-known example of the latter. While the community was well-prepared for the direct results of tsunamis in general, there was less preparation for a possible nuclear accident caused by a tsunami.

In the former category is the northeast blackout of 2003, in which a programming error led to a massive electrical outage covering multiple states as well as Ontario, Canada. There was a large uptick in fires caused by people using candles, as well as deaths from carbon monoxide poisoning as people attempted to use generators without adequate ventilation. Depending on your area, extreme heat or cold might drive community members to hospitals in the event of a power outage. So while the likelihood of infrastructure failure might be similar in many areas, the effect it has could vary from location to location.


Violence and Deliberate Attacks

Unfortunately, not all emergencies are unintended. The risk of deliberate attacks—including terrorism, mass shootings, and cyberattacks—all need to be taken into account in a risk assessment. Facilities with importance to the military or government need to consider that when evaluating their risk. Similarly, hospitals associated with a particular faith may need to think about the possibility of hate-based aggression.

A number of hospitals, along with many businesses were hit by a ransomware attack in 2017, in which vital information was encrypted, with a demand that the victim organizations pay ransom in bitcoin in order to restore access. This wave of data-related emergencies goes to show how important it is to involve all departments in disaster planning and risk assessment, including IT.

Everyone is at risk, but clear thinking and planning, not panic, is the solution.

It’s easy to become overwhelmed by the many emergencies that a healthcare facility might face, but an all hazards risk assessment isn’t intended to frighten, it’s meant to prepare. The sooner you start, the sooner you’ll feel confident in facing the future, whatever it may bring.

 

HT: Bright Grey Solution and Blue Diamond

admin