A few weeks ago, we posted on the background behind the new Medicare and Medicaid Emergency Preparedness regulation. Now we would like to provide more detail on the specific requirements. Again, these requirements very slightly between the different providers, but these four are common to all 17 providers and suppliers.

A Plan

While each of the 17 providers and suppliers have their own specific guidelines to follow, many of the rules are common to them all. To start with, the affected facilities must have an annually reviewed and updated emergency preparedness plan that is developed from a facility-based and community-based risk assessment. These can be challenging and burdensome tasks to undertake, and may require outside help and guidance.

Two components of COOP planning that must be included are delegations of authority and succession plans. These are essential to maintaining continuity in emergency situations.

Policies and Procedures

Affected suppliers and providers must also develop policies and procedures, that also must be reviewed and updated annually, addressing the following items:

  • Provision of subsistence (including food, water, medical and pharmaceutical supplies and alternate sources of energy – that can protect patient health and safety – emergency lighting, fire detection systems, sewage and waste disposal)
  • A system to track the location of on-duty staff and sheltered patients
  • Procedures for safely evacuating the facility
  • Means to shelter in place
  • A documentation system that preserves records and protects confidentiality
  • The development of arrangements with other hospitals and providers in the event of a limitation or cessation of operations

Communication Plan

The communication plan must include a method for sharing information and medical documentation for patients under the facility’s care as necessary with other health care providers, in order to maintain continuity of care. It must also include a means for releasing patient information in the event of an evacuation.

One of the major issues that could make the communication plan more complicated is that privacy violations are not given any leniency just because a disaster strikes. The HIPAA Privacy Rule is not suspended during a public health or other emergency.

Training and Testing

The training and testing piece of the Emergency Preparedness regulation will likely be one of the most challenging aspects of the regulation. The training and testing program, that is required to be reviewed and updated annually, must be provided to all staff, to include those providing services under arrangement and volunteers and must be documented. Two types of exercises must be provided to test the emergency plan and must also take place annually:

  1. A full-scale exercise that is community-based
  • When a community-based exercise is not accessible, an individual, facility-based exercise can suffice
  1. An additional exercise must be conducted that is either:
  • A second full-scale community-based or facility-based exercise
  • A tabletop exercise

These can be waived if the supplier or provider experiences an actual natural or man-made emergency that requires activation of the emergency plan and can be exempt for 1 year.

Conclusion

This can be a lot to take in, and can often be a struggle for those trying to balance tasks required to operate a business or organization. However, this is a time when compliance can actually aide an organization in building a more adaptive culture, if approached thoughtfully and strategically. Anneal Initiative’s approach is to build stronger organizations while at the same time bring them into compliance. If interested, do not hesitate to reach out to us with any questions.

For more information on any of these requirements or for help executing them, contact continuity@annealinitiative.com.