CMS Healthcare Security Risk Assessment


Healthcare Security Assessment

What is the CMS final rule on emergency preparedness?

It is now a new FEDERAL LAW that goes into effect in mid-November, 2016.

It requires 17 different kinds of Healthcare Organizations to expand their duties from deciding how to prepared for tornados, hurricanes, earthquakes, cold weather, active shooter, bomb threats, and any mass casualty event.

NOT IN COMPLIENCE– Federal Government will not reimburse the healthcare organizations for Medicare and Medicaid expenses unless they comply conducting complicated all-Hazard Healthcare Security Risk Assessments and training every year, starting in November 2016.

Healthcare Organizations Required under Federal Law

  1. Hospitals
  2. Religious Non-medical Health Care Institutions (RNHCIs)
  3. Ambulatory Surgical Centers (ASCs)
  4. Hospices
  5. Psychiatric Residential Treatment Facilities (PRTFs)
  6. All-Inclusive Care for the Elderly (PACE)
  7. Transplant Centers
  8. Long-Term Care (LTC) Facilities
  9. Intermediate Care Facilities for Individuals with Intellectual Disabilities   (ICF/IID)
  10. Home Health Agencies
  11. Comprehensive Outpatient Rehabilitation Facilities (CORFS)
  12. Critical Access Hospitals (CAHs
  13. Clinics, Rehabilitation Agencies, Public Health Agencies
  14. Community Mental Health Centers (CMHCs)
  15. Organ Procurement Organization (OPOs)
  16. Rural Health Clinics (RHCs) FED, Qualified Health Centers (FQHCs)
  17. End-Stage Renal Disease (ESRD) Facilities

The new CMS Rule requires healthcare providers to do Annual, All-Hazards Security Risk Assessments and have Annual Training, including not just regular disasters, but Emergency Preparations for all types of mass casualty events, like active shooters, lone wolf attacks and violence against staff members.

The CMS Final Rule was stalled in Committee for 3 years, since December 2013.  It took the Orlando mass casualty shootings to get it back on track.

We’ll walk you through every step of how to prepare for the CMS Hospital & Healthcare Facility Security Risk Assessment, including

  • How to gather the data
  • Detail threat data
  • Required Controls that CMS will be looking for in a Healthcare Security Risk Threat Assessment
  • Emergency Management Plans
  • How to conduct low cost, high impact Tabletop Exercises to meet the New Rule requirements

New Rule for CMS Emergency Preparedness of Healthcare Facilities

1. Emergency plan: Based on a risk assessment, develop an emergency plan using an all-hazards approach focusing on capacities and capabilities that are critical to preparedness for a full spectrum of emergencies or disasters specific to the location of a provider or supplier.

2. Policies and procedures: Develop and implement policies and procedures based on the plan and risk assessment.

3. Communication plan: Develop and maintain a communication plan that complies with both Federal and State law. Patient care must be well-coordinated within the facility, across health care providers, and with State and local public health departments and emergency systems.

4. Training and testing program: Develop and maintain training and testing programs, including initial and annual trainings, and conduct drills and exercises or participate in an actual incident that tests the plan.

The final rule also includes a number of local and national resources related to emergency preparedness, including helpful reports, toolkits, and samples. Additionally, health care providers and suppliers can choose to participate in their local healthcare coalitions, which provide an opportunity to share resources and expertise in developing an emergency plan and also can provide support during an emergency.

These regulations are effective 60 days after publication in the Federal Register. Health care providers and suppliers affected by this rule must comply and implement all regulations one year after the effective date.

CMS Healthcare Security Risk Assessment PDF