This crosswalk provides a view of the CMS Emergency Preparedness
Rule for hospitals in comparison with The Joint Commission (TJC),
National Fire Protection Association (NFPA), Title 22, and
Hospital Preparedness Program (HPP) requirements.
TJC is an independent, not-for-profit organization which
accredits and certifies health care organizations and
programs. Joint Commission accreditation and certification is
recognized nationwide as a symbol of quality that reflects an
organization’s commitment to meeting certain performance
The Centers for Medicare & Medicaid Services (CMS) has released a
new Appendix Z of the State Operations Manual (SOM), which
contains interpretive guidelines and survey procedures for the
emergency preparedness final rule. The new rule affects 17
providers and suppliers;
Appendix Z applies to all 17 providers and suppliers included
in the final rule. The advance copy of the interpretive
guidelines can be downloaded from the CMS website.
The Centers for Medicare & Medicaid Services (CMS)
its website with information to assist providers and
suppliers in complying with its new emergency
preparedness final rule. The information specifically
addresses the rule’s training and testing requirement, one of
four standards providers and suppliers must meet. CMS encourages
providers and suppliers to participate in a full-scale,
community-based exercise with their local and/or state emergency
agencies and to have completed a tabletop exercise before the new
requirements are implemented on Nov. 15. More information can be
found in the attached memo; questions should be directed to
Prepared by Yale New Haven Center for Emergency Preparedness and
created in collaboration with several subject matter experts to
map the CMS Emergency Preparedness Conditions of
Participation; the linked document is available for use as a
resource for emergency and disaster related program, policy,
communication, training and exercise elements of regulatory and
accreditation standards. The crosswalk should be used as a
guide,not a substitute for existing federal, local, or
accrediting organization guidance.
The Centers for Medicare & Medicaid Services (CMS) has issued a
rule establishing emergency preparedness requirements for
facilities participating in Medicare and Medicaid. The final rule
requires these providers and suppliers to meet four standards:
Emergency plan: Based on a risk assessment, develop an emergency
plan using an all-hazards approach focusing on capacities and
capabilities that are critical to preparedness for a full
spectrum of emergencies or disasters specific to the location of
a provider or supplier.
Policies and procedures: Develop and implement policies and
procedures based on the plan and risk assessment.
Communication plan: Develop and maintain a communication plan
that complies with federal, state and local laws. Patient
care must be well-coordinated within the facility, across health
care providers, and with public health departments and emergency
Training and testing program: Develop and maintain training and
testing programs, including initial and annual trainings, and
conduct drills and exercises or participate in an actual incident
that tests the plan.
CHA is pleased that, in response to hospital concerns
outlined in the attached comment letter, CMS provided flexibility
in locating new generators and will not require relocation of
existing generators. Further, CMS will not require increased
hours of testing as it had originally proposed, acknowledging
that no evidence exists that such testing would improve
facilities’ ability to respond to a disaster.
CHA is reviewing the final rule and will provide more information
in the coming weeks. The rule becomes effective Nov. 16;
hospitals will have one year to
CHA has prepared a draft comment letter regarding the Centers for
Medicare & Medicaid Services (CMS) proposed rule on emergency
preparedness requirements for Medicare and Medicaid participating
providers and suppliers.
CHA’s letter specifically addresses the hospital provisions;
additional comments regarding other settings will appear in CHA
News later this week. Due to CHA’s advocacy efforts, CMS
intends to announce an extension of the deadline for comments
until March 31. CHA anticipates a formal announcement in
the Federal Register on Friday, Feb 21. In the meantime, CHA
welcomes member feedback on the draft letter.
CHA appreciates CMS’ comprehensive approach to establishing such
important regulation, and while CMS made efforts to align with
Joint Commission and other industry standards, CHA has identified
a number of areas where the proposed regulations are insufficient
and must be clarified to improve consistent application of the
Hospitals are required by laws, regulations, and accreditation
requirements to plan for disasters. Proposed regulations from the
Centers for Medicare & Medicaid Services may have an effect on
Because law may impact all stages of emergency preparedness and
response, and is a required consideration under the Joint
Commission standards, legal issues should be incorporated
into hospital emergency planning.
CDC’s Public Health Law Program can help hospitals incorporate
law into emergency preparedness.
The Privacy Rule protects individually identifiable health
information from uses and disclosures that unnecessarily
compromise the privacy of an individual. The Rule is carefully
designed to protect the privacy of health information, while
allowing important health care communications to occur.
These pages address common emergency preparedness issues related
to the release of protected health information for planning or
response activities. In addition, please view the Civil
Rights Emergency Preparedness page to learn how nondiscrimination
laws apply during an emergency.
Hospitals may release individually-identifiable patient
information to another hospital or health facility for the
purpose of diagnosis or treatment of a patient.
A hospital may release individually-identifiable patient
information to a public or private entity authorized by law or by
its charter to assist in disaster relief efforts, to notify, or
assist in the notification of (including identifying or
locating), a family member, a personal representative of the
patient, or another person responsible for the care of the
patient, of the patient’s location, general condition or
death.However, unless the following steps interfere with the
ability to respond to the emergency, the hospital must follow the
following steps before disclosing information if the patient is
present and has the capacity to make health care decisions:
Obtain the patient’s agreement to the disclosure;
Provide the patient with the opportunity to object to the
disclosure (if the patient objects, no disclosure may be made);
The hospital may reasonably infer from the circumstances
based on the exercise of professional judgment that the patient
does not object to the disclosure. If the patient is not present
or is unable to agree or object, then the hospital may determine
whether the disclosure is in the best interests of the patient
and, if so, disclose only the information that is directly
relevant to the disaster relief organization’s involvement with
the patient’s health care.
Note: a “public or private entity authorized by law or by its
charter to assist in disaster relief efforts” could include Red
Cross, other hospitals, first responders, etc.
Unless the patient has requested that information be withheld
(“no information” or “John Doe” patients, information about the
general condition (undetermined, good, fair, serious, critical,
deceased) and location of an inpatient, outpatient or emergency
patient may be released to other third parties only if the
inquiry specifically contains the patient’s name. This is the
maximum information that may be released under this provision of
the law (this provision is meant to allow visitors, clergy,
florists, etc. to find patients) – however, CHA recommends that
hospitals use their discretion when exercising this authority.
For example, it is reasonable to give a room number to a florist
who asks, “Which room is Bernice Hathaway in?” However,
disclosing this information to the media would likely not comply
with the HIPAA “minimum necessary” standard. And of course, a
hospital should not notify other third parties of a patient’s
death before the next-of-kin is notified.
If there are mass casualties, the spokesperson may release
basic patient information such as the aggregate number of
victims, their sex and their general conditions. However,
individually-identifiable patient information may not be released
without the patient’s consent.
Reference: California Civil Code Sections 56.10(c)(15),
56.1007, and 56.16; 45 C.F.R. Section 164.510 (a) and (b)(4).
Senate Bill 1953 (SB 1953) was signed into law on September 21,
1994. The bill was an amendment to and furtherance of the Alfred
E. Alquist Hospital Seismic Safety Act of 1983 (Alquist Act). SB
1953 (Chapter 740, 1994), is now chaptered into statute in
Sections 130000 through 130070 of the Alfred E. Alquist Hospital
Facilities Seismic Safety Act, and part of the California Health
and Safety Code. The regulations developed as a result of this
statute are deemed to be emergency regulations and became
effective upon approval by the California Building Standards
Commission and filing with the Secretary of State on March 18,
1998. An overview of SB1953 is available through this link.
The Facilities Development
Division formed the Seismic Retrofit Program Unit which is
now referred to as the Seismic Compliance Unit. This Unit, headed
by Hussain Bhatia, is comprised of structural engineers and
senior architects responsible for review and approval of the
following submittals to OSHPD:
Seismic Evaluation Reports (structural and non-structural)
Design criteria and conditional approvals of voluntary
seismic compliance projects
NFPA 99: establishes criteria for levels of health care services
or systems based on risk to the patients, staff, or visitors in
health care facilities to minimize the hazards of fire,
explosion, and electricity.
NFPA 1600: The National Commission on Terrorist Attacks Upon the
United States (the 9/11 Commission), recognized NFPA 1600
as the National Preparedness Standard. It is widely used by
public, not-for-profit, nongovernmental, and private entities on
a local, regional, national, international and global
basis, and has been adopted by the U.S. Department of
Homeland Security as a voluntary consensus standard for emergency
The Centers for Medicare & Medicaid Services (also known as CMS)
was formerly known as the Health Care Financing Administration
CMS is the federal agency responsible for administering
the Medicare, Medicaid, SCHIP (State Children’s Health
Insurance), HIPAA (Health Insurance Portability and
Accountability Act), CLIA (Clinical Laboratory Improvement
Amendments), and several other health-related programs.