Post on 08-Jul-2020
Healthcare Disaster Management
Readiness, Resilience, Recovery in Today’s Changing Healthcare Delivery System
Angie M. Santiago, CBCP September 2019
Introduction• Angie M. Santiago, CBCP Disaster Management Systems & Methodology Designer & Educator Healthcare Disaster Operations & Long-Term Recovery Conflict Management & Resolution
100 plus programs 400 + disaster plans 200 plus exercises 60 plus disaster declarations Member of:
Planners for Puerto Rico Institute of Sustainable Development Partnership for Inclusive Strategies NC CERT Association Association of Healthcare Emergency Preparedness Planners
Agenda• Introduction
• Quick Exercise
• Organizational Perspectives
• Terms
• Models & Standards
• Comparative Analyses
• Where is your organization?
• New Design Strategies
ARE YOU READY?
Exercise: Inclement Weather• A major weather event is coming through your neighborhood. Your
county or city’s emergency manager has issued a mandatory evacuation. You have 48 hours to leave.
• Write 3 reasons to: Stay Go
• Write a justification for each reason.
Models• International Focuses on risk reduction, lives, relief, conflicts, urban and rural planning and
global health.
• Public Health Respond to and recover from public health threats.
• Compliance Comply with regulation or contract requirement.
• Emergency Management & National Security Militaristic model to protect Critical Infrastructure & Key Resources (CIKR)
• Traditional Business Continuity Reduce the economic impact of an unplanned business disruption.
• Information Systems Disaster Recovery Protection of sensitive and critical data.
Compliance vs. Ntl. Security: Model Analysis
• Our DR plan needs to help us pass audit, attain or keep certification, win a grant or contract, get reimbursed, mitigate litigation etc.
Healthcare Sector
• It’s a tested consistent approach which can plug and play into any scenario.
• Missions and orders as stipulated in National Incident Management System (NIMS).
• Restores order public safety, infrastructure, continuity of government operations
National Security: FEMA
Compliance v. National Security Model: Drivers
Healthcare Sector• HHS, CMS, HIPAA• Joint Commission• CLIA, OSHA, FDA, CDC , ePCS
National Security: FEMA• Stafford Disaster Relief and Emergency
Assistance Act• Homeland Security Act of 2002• Post-Katrina Emergency Management Reform
Act• Disaster Recovery Reform Act of 2018• 9/11 Commission Act of 2007
Compliance vs. National Security Model:Framework / Standards
Healthcare Sector• ASPR 2017-2022 Health Care Preparedness and
Response Capabilities• National Health Security Preparedness Index• Hospital / Health Incident Command System• Joint Commission Emergency Management
Standards
National Security: FEMA• National Incident Management System • Federal Interagency Operational Plans• National Preparedness System• National Preparedness Goal• Homeland Security Exercise and Evaluation
Program (HSEEP)• PS PREP Voluntary Preparedness & Accreditation• Cybersecurity Framework
Compliance Model Revisited• How do the compliance vs. emergency management models prepare
the healthcare organization to plan for, respond to, and recover from an incident or disaster?
• How does a healthcare facility or federal agency measure their program’s effectiveness through compliance?
• Do you see your organization in these models?
BC / DR Model: Analysis
• Identify and mitigate risks to the organization which can cause a business disruption.
• Ensures the continuity of operations during a business disruption.• Reduce the economic impact of a business disruption.
Business Continuity
• Identify and mitigate risks to the organization’s data assets which can cause a business disruption.
• Ensures speedy response and recovery.
Information Systems Disaster Recovery
BC / DR Model:Disaster Framework / Standards
Business Continuity• NFPA 1600 • NFPA 232: Standard on• Protection of Records
Disaster Recovery• ISO 22031• NIST SP 800-34• PCI DSS• ePCS
HIPAA and DR: Why it’s not a “standard”?• §164.308(a)(7)
• (i) Standard: Contingency 08(a)(7)plan. • Establish (and implement as needed) policies and procedures for responding to an emergency
or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
• (ii) Implementation specifications: • (A) Data backup plan (Required).
• Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
• (B) Disaster recovery plan (Required). • Establish (and implement as needed) procedures to restore any loss of data.
• (C) Emergency mode operation plan (Required). • Establish (and implement as needed) procedures to enable continuation of critical business
processes for protection of the security of electronic protected health information while operating in emergency mode.
• (D) Testing and revision procedures (Addressable). • Implement procedures for periodic testing and revision of contingency plans.
• (E) Applications and data criticality analysis (Addressable). • Assess the relative criticality of specific applications and data in support of other
contingency plan components.
Let’s get back to healthcare
Flexible Rapid Intradisciplinary Design Strategies
MissionEnsure the delivery of patient care through workforce readiness and operational resilience.
Objectives
Ensure• Ensure readiness programs support
continuity of care mission.
Create• Create a disaster-ready workforce and
stakeholder community.
Create• Create resilient operational processes and
contingencies.
Invest in
• Invest in people, training, facilities, and technologies to support patient care and operational resiliency.
Principles
Intradisciplinary SustainableAffordableScalableSimple
Which framework?
“Command” and Coordinate: Incident Command System
Hospital Incident Command
• Incident Command System – 1970 developed by the US Forest Service to improve CA wildfire season response.
• Designed to improve response times, save lives, and reduce property
• Interagency Command & Control
• Mission base hierarchal roles
• Repeatable
• Authorized to perform only the task you are assigned
• HEICS: 1991
• Benefits: Standardized & centralized approach
• Risks: Reactive approach, Inflexible, resource intense, no prevention team
National Health Security Preparedness Index• 1. Health security surveillance: actions to monitor and detect health threats, and to identify
where hazards start and spread so that they can be contained rapidly;
• 2. Community planning and engagement: actions to develop and maintain supportive relationships among government agencies, community organizations, and individual households; and to develop shared plans for responding to disasters and emergencies;
• 3. Information and incident management: actions to deploy people, supplies, money, and information to the locations where they are most effective in protecting health and safety;
• 4. Healthcare delivery: actions to ensure access to high-quality medical services across the continuum of care during and after disasters and emergencies;
• 5. Countermeasure management: actions to store and deploy medical and pharmaceutical products that prevent and treat the effects of hazardous substances and infectious diseases, including vaccines, prescription drugs, masks, gloves, and medical equipment; and
• 6. Environmental and occupational health: actions to maintain the security and safety of water and food supplies, to test for hazards and contaminants in the environment, and to protect workers and emergency responders from health hazards while on the job.
• Source: https://nhspi.org/
Systems Design ThinkingWhat if we pulled successful design features from each system and situated them as independent or interdependent components?
Healthcare Resilience Program
Healthcare Organization
Crisis Communications
Contingency & Continuity
Medical Surge:Mass Casualty
Pandemic
IS Disaster Recovery
Incident Mgt.
Facilities: HazmatEnvironmental
Emergency Preparedness:
Life SafetyPersonal Readiness
Training & Exercises
Sub-programs designed to:
• Identify, prevent, and mitigate hazards or risks
• Save lives, prepare workforce
• Communicate during a crisis
• Ensure continuity of operations
• Respond to mass casualty or medical surge
• Respond to environmental dangers
• Recover technology that support critical operations
Larger View: HCRP
Healthcare Organization
Crisis Communications
Contingency & Continuity
Medical Surge:Mass Casualty
Pandemic
IS Disaster RecoveryIncident Mgmt.
Facilities: HazardsEnvironmental
Emergency Preparedness:
Life SafetyPersonal Readiness
Training & Exercises
Foundational Priorities
Infrastructure
Process
People
People: Patients, providers, staff, students, and volunteers are the most important asset to the delivery of safe patient care and administration of the healthcare system.
Process: Many clinical, business, and administrative functions are components within the healthcare system.
Infrastructure: From HVAC systems to ordering supplies, infrastructure and technology provides the capacity to deliver safe quality healthcare to the patient and community.
Components of HC Resiliency ProgramSub-Program Purpose
PEOPLE
Emergency Preparedness Identify and mitigate risks to organization, its workforce, assets, and stakeholders. Build a resilient workforce by fostering a preparedness culture. Procedures for minimizing loss of life or injury and protecting property damage.
Training & Exercise Workforce Training. Improving competencies. Train again.
PROCESS
Crisis Communications Create and disseminate informative communications during disasters in a controlled manner.
Contingency & Continuity Sustains mission and business operationsProcedures and guidance to sustain an organizations mission critical operations to an alternate site
Medical Surge Respond to mass casualties: increased patient surges due to influenza, pandemic, or mass injuries.
TECH
Incident ManagementIS Disaster Recovery Plan
System to identify and fix issues High availability systems or procedures to fail over or recovery to an alternate location.
Facilities, Environmental, Hazard Risk reduction & preventive measures. Plan and respond to facility or environmental related disasters.
Frameworks & Methodologies Program Framework
Emergency Preparedness
Incident Command System; National Incident Management System; Community Emergency Response Team
Crisis Communications
ICS - Joint InformationAssoc. of Risk & Crisis CommPublic Relations Society of America
Contingency & Continuity
NEW Open Source Integrated ModelDHS Healthcare Sector
Medical Surge State Medical AssistanceCDC; NIMS; DHHS,HCSIP
Disaster Recovery FedRAMPNEW Open Source Integrated Model
Facilities NFPAIFMA
Who:
• Patients, providers, payers, and healthcare facilities.
How:
• Intradisciplinary approaches which map back to mission, vision, strategy, and operations.
What:
• Flexible operational processes which account for unexpected occurrences or events.
• High available interdependent technologies.
How ready is your organization?
Emergency Preparedness
Contingency & Continuity Medical SurgeCrisis
CommunicationDisaster Recovery Facilities
Healthcare Resilience Program
Program Life Cycle2. Mitigation, Response &
Recovery Strategy
3. Plan & Document
4. Train
5. Exercise
6. Operations
7. Maintenance & Compliance
1. Hazard Risk Assessment
BIA
Disaster Recovery IT SolutionRequirements
Architect Solution
Build
Validate
Live
Ops & Maintenance
Recovery Strategy
What’s Next?• Analyze US and international emergency, disaster and business continuity
management systems and tools.
• Map systems’ domains, standards, regulations, AAR, lessons learned for each system against similar disciplines.
• Identify systems which may cause barriers to prevention, response, and recovery.
• Identify systems which may cause harm or injustices to the communities they serve.
• Assemble practitioners and community stakeholders to hold resiliency workshops.
• Co-design open source disaster education, disaster risk reduction systems, and tools.
Resources• BCM Legislation & Standards
• NIST: SP 800-34 Contingency Planning
• Personal Preparedness Ready.Gov
• Disaster Recovery Journal
• Disaster Recovery Journal Glossary
• Weather Channel
• NOAA
• FEMA: Incident Command System
Training
• National Preparedness Month: September
• AHEPP
• ASPR
• Download FEMA App
• International Disaster Database
• National Levee Database
• National Dam Inventory
Thank YOU!Angie M. Santiago, CBCP
angie@amsantiagoconsulting.com