The Centers for Medicare & Medicaid Services (CMS) has updated its website with information to assist providers and suppliers in complying with its new emergency preparedness final rule. The information specifically addresses the rule’s training and testing requirement, one of four standards providers and suppliers must meet. CMS encourages providers and suppliers to participate in a full-scale, community-based exercise with their local and/or state emergency agencies and to have completed a tabletop exercise before the new requirements are implemented on Nov. 15. More information can be found in the attached memo; questions should be directed to firstname.lastname@example.org.
Prepared by Yale New Haven Center for Emergency Preparedness and created in collaboration with several subject matter experts to map the CMS Emergency Preparedness Conditions of Participation; the linked document is available for use as a resource for emergency and disaster related program, policy, communication, training and exercise elements of regulatory and accreditation standards. The crosswalk should be used as a guide,not a substitute for existing federal, local, or accrediting organization guidance.
The Centers for Medicare & Medicaid Services (CMS) has issued a final rule establishing emergency preparedness requirements for facilities participating in Medicare and Medicaid. The final rule requires these providers and suppliers to meet four standards:
Emergency plan: Based on a risk assessment, develop an emergency plan using an all-hazards approach focusing on capacities and capabilities that are critical to preparedness for a full spectrum of emergencies or disasters specific to the location of a provider or supplier.
Policies and procedures: Develop and implement policies and procedures based on the plan and risk assessment.
Communication plan: Develop and maintain a communication plan that complies with federal, state and local laws. Patient care must be well-coordinated within the facility, across health care providers, and with public health departments and emergency management agencies.
Training and testing program: Develop and maintain training and testing programs, including initial and annual trainings, and conduct drills and exercises or participate in an actual incident that tests the plan.
CHA is pleased that, in response to hospital concerns outlined in the attached comment letter, CMS provided flexibility in locating new generators and will not require relocation of existing generators. Further, CMS will not require increased hours of testing as it had originally proposed, acknowledging that no evidence exists that such testing would improve facilities’ ability to respond to a disaster.
CHA is reviewing the final rule and will provide more information in the coming weeks. The rule becomes effective Nov. 16; hospitals will have one year to become compliant.
CHA has prepared a draft comment letter regarding the Centers for Medicare & Medicaid Services (CMS) proposed rule on emergency preparedness requirements for Medicare and Medicaid participating providers and suppliers.
CHA’s letter specifically addresses the hospital provisions; additional comments regarding other settings will appear in CHA News later this week. Due to CHA’s advocacy efforts, CMS intends to announce an extension of the deadline for comments until March 31. CHA anticipates a formal announcement in the Federal Register on Friday, Feb 21. In the meantime, CHA welcomes member feedback on the draft letter.
CHA appreciates CMS’ comprehensive approach to establishing such important regulation, and while CMS made efforts to align with Joint Commission and other industry standards, CHA has identified a number of areas where the proposed regulations are insufficient and must be clarified to improve consistent application of the standard nationwide.
Hospitals are required by laws, regulations, and accreditation requirements to plan for disasters. Proposed regulations from the Centers for Medicare & Medicaid Services may have an effect on these requirements.
Because law may impact all stages of emergency preparedness and response, and is a required consideration under the Joint Commission standards, legal issues should be incorporated into hospital emergency planning.
CDC’s Public Health Law Program can help hospitals incorporate law into emergency preparedness.
The Privacy Rule protects individually identifiable health information from uses and disclosures that unnecessarily compromise the privacy of an individual. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur.
These pages address common emergency preparedness issues related to the release of protected health information for planning or response activities. In addition, please view the Civil Rights Emergency Preparedness page to learn how nondiscrimination laws apply during an emergency.
Hospitals may release individually-identifiable patient information to another hospital or health facility for the purpose of diagnosis or treatment of a patient.
A hospital may release individually-identifiable patient information to a public or private entity authorized by law or by its charter to assist in disaster relief efforts, to notify, or assist in the notification of (including identifying or locating), a family member, a personal representative of the patient, or another person responsible for the care of the patient, of the patient’s location, general condition or death.However, unless the following steps interfere with the ability to respond to the emergency, the hospital must follow the following steps before disclosing information if the patient is present and has the capacity to make health care decisions:
Obtain the patient’s agreement to the disclosure;
Provide the patient with the opportunity to object to the disclosure (if the patient objects, no disclosure may be made); or,
The hospital may reasonably infer from the circumstances based on the exercise of professional judgment that the patient does not object to the disclosure. If the patient is not present or is unable to agree or object, then the hospital may determine whether the disclosure is in the best interests of the patient and, if so, disclose only the information that is directly relevant to the disaster relief organization’s involvement with the patient’s health care.
Note: a “public or private entity authorized by law or by its charter to assist in disaster relief efforts” could include Red Cross, other hospitals, first responders, etc.
Unless the patient has requested that information be withheld (“no information” or “John Doe” patients, information about the general condition (undetermined, good, fair, serious, critical, deceased) and location of an inpatient, outpatient or emergency patient may be released to other third parties only if the inquiry specifically contains the patient’s name. This is the maximum information that may be released under this provision of the law (this provision is meant to allow visitors, clergy, florists, etc. to find patients) – however, CHA recommends that hospitals use their discretion when exercising this authority. For example, it is reasonable to give a room number to a florist who asks, “Which room is Bernice Hathaway in?” However, disclosing this information to the media would likely not comply with the HIPAA “minimum necessary” standard. And of course, a hospital should not notify other third parties of a patient’s death before the next-of-kin is notified.
If there are mass casualties, the spokesperson may release basic patient information such as the aggregate number of victims, their sex and their general conditions. However, individually-identifiable patient information may not be released without the patient’s consent.
Reference: California Civil Code Sections 56.10(c)(15), 56.1007, and 56.16; 45 C.F.R. Section 164.510 (a) and (b)(4).
Senate Bill 1953 (SB 1953) was signed into law on September 21, 1994. The bill was an amendment to and furtherance of the Alfred E. Alquist Hospital Seismic Safety Act of 1983 (Alquist Act). SB 1953 (Chapter 740, 1994), is now chaptered into statute in Sections 130000 through 130070 of the Alfred E. Alquist Hospital Facilities Seismic Safety Act, and part of the California Health and Safety Code. The regulations developed as a result of this statute are deemed to be emergency regulations and became effective upon approval by the California Building Standards Commission and filing with the Secretary of State on March 18, 1998. An overview of SB1953 is available through this link.
The Facilities Development Division formed the Seismic Retrofit Program Unit which is now referred to as the Seismic Compliance Unit. This Unit, headed by Hussain Bhatia, is comprised of structural engineers and senior architects responsible for review and approval of the following submittals to OSHPD:
Seismic Evaluation Reports (structural and non-structural)
Design criteria and conditional approvals of voluntary seismic compliance projects
NFPA 99: establishes criteria for levels of health care services or systems based on risk to the patients, staff, or visitors in health care facilities to minimize the hazards of fire, explosion, and electricity.
NFPA 1600: The National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission), recognized NFPA 1600 as the National Preparedness Standard. It is widely used by public, not-for-profit, nongovernmental, and private entities on a local, regional, national, international and global basis, and has been adopted by the U.S. Department of Homeland Security as a voluntary consensus standard for emergency preparedness.
The Centers for Medicare & Medicaid Services (also known as CMS) was formerly known as the Health Care Financing Administration (HCFA).
CMS is the federal agency responsible for administering the Medicare, Medicaid, SCHIP (State Children’s Health Insurance), HIPAA (Health Insurance Portability and Accountability Act), CLIA (Clinical Laboratory Improvement Amendments), and several other health-related programs.