By Tara Gibson - March 10, 2020
Healthcare organizations participating in the Medicare and Medicaid programs are required to develop all-hazards emergency preparedness plans under the CMS' Emergency Preparedness Rule. This requirement is becoming increasingly difficult to comply with due to five significant trends.
In 2018, we conducted a survey among hundreds of healthcare safety leaders in order to determine what the biggest safety concerns are for hospitals and healthcare facilities throughout the U.S. The results of the survey showed the three biggest concerns are severe weather events, active assailants, and cyberattacks; but, due to a discrepancy between the concerns and actual events, there are gaps in preparedness plans for other types of emergencies - notably system outages and workplace violence.
There is a reason for this discrepancy. Severe weather events, active assailants, and cyberattacks are higher profile events than system outages and workplace violence. Furthermore, there is no official requirement to report system outages and it is widely accepted workplace violence is underreported. Therefore, when asked what their biggest safety concerns are, respondents to our survey most probably responded with the events that had been reported, rather than those that hadn't.
If we asked the same questions today, concerns about Emerging Infectious Diseases (EIDs) would feature in the top three considering CMS' recent inclusion of EIDs in its State Operations Manual and the current threat of a coronavirus epidemic. However, whereas (hopefully) the threat of a coronavirus epidemic will be short-term, there are five longer term trends that can impact emergency preparedness in healthcare. Ironically, three of these involve our respondents' biggest concerns.
Last September, the U.S. dodged what was potentially the most devastating hurricane ever to reach mainland America when - due to warmer than usual sea temperatures in the Atlantic - Hurricane Lorenzo broke down 2,000 miles off the east coast and headed towards Europe. While global warming was responsible for preventing one of the most severe weather events on record, there is a rising trend for severe weather events attributable to climate change.
The National Oceanic and Atmospheric Administration (NOAA) tracks the number, frequency, and cost of natural disasters, and last year the agency produced a graph (below) demonstrating the trend in events costing a billion dollars or more. Significantly, the NOAA noted that inland flooding (blue bars) and severe storms (green bars) are making an increasingly large contribution to the number of billion dollar natural disasters in the U.S.
Since 2000, the FBI has published several active assailant studies that break down attacks by location. The attacks recorded in the “Health Care Facilities” category only include those that have occurred within a physical facility, rather than any that have occurred on a hospital campus or parking lot. Consequently it is difficult to ascertain whether any active assailant attacks listed in the “Other” category would have impacted healthcare operations or the safety of healthcare personnel.
Nonetheless, the data compiled by the FBI shows a dramatic increase in the number of active shooter attacks in the health care facilities category. In the 2000/2013 study, only 4 of 160 attacks (2.5%) occurred in healthcare facilities. The rate increased to 5% in the 2014/2015 study when 2 of 40 attacks took place in a health care facility, and to 8% in the 2016/2017 study - resulting in seven deaths and eight serious injuries. The high rate of active assailant attacks continued in the 2018 study.
Like workplace violence, not all cases of cyberattacks on health care facilities are reported. This because cyberattacks on healthcare facilities only have to be reported when Protected Health Information is accessed by unauthorized third parties. However, it is possible to tell from data released by the Department of Health and Human Services’ Office for Civil Rights that not only are cyberattacks are on the increase, the number of patient records exposed is also on the increase.
Not only do cyberattacks result in data breaches, they can also affect healthcare operations when essential systems are knocked out by the attacks. A successful cyberattack might not only have an impact on the provision of healthcare, but also on security, administrative functions, and communications if the healthcare facility has not yet fulfilled the requirements of the CMS Communication Plan to implement an alternate system of communications for emergencies.
While it has been well-chronicled the aging population will place greater strain on healthcare resources, what's not been so well documented is that 30% of actively licensed providers are over the age of sixty (PDF); and, as these providers reach retirement, healthcare organizations may find it hard to fill empty vacancies. It has been forecast that, by 2030, the number of healthcare providers will need to increase by over 3.5 million just to maintain the provider-to-patient ratios that exist today.
The increasing age of healthcare providers has consequences for emergency preparedness inasmuch as a higher percentage of providers will be unable (or unwilling) to report for work during natural disasters. Several solutions have been suggested to address this challenge, including reducing the hours older healthcare providers work now in order to allow younger recruits into the industry - who will not only fill the projected shortfall, but also be more able (or willing) to report for work during natural disasters.
Another consequence of an aging population is that healthcare organizations will be faced with a higher demand for home health care. According to the Bureau of Labor Statistics, the number of healthcare providers working in home health care increased by more than 60% between 2004 and 2014 (see image below), and it has been projected there will be more than 4.4 million home health care aides employed by healthcare organizations by 2024.
This scenario presents a number of challenges for healthcare managers. How do you check on the wellbeing of so many remote workers? How do you manage them during periods of severe weather? How do you warn them of events in their areas that might present a risk of danger? How do you alert them not to remotely log into databases that might have been compromised in a cyberattack? How do you cover the workload of a home health aide who is unable (or unwilling) to attend patients' homes?
Emergency preparedness managers can't control the weather, the mindsets of active assailants, or the intentions of cybercriminals. Nor can they reverse the aging process or the demands of an aging population for home health care.
What they can do is prepare health care facilities and healthcare personnel for all eventualities by running safety drills and implementing communication solutions that can better protect healthcare personnel in emergency situations.
Tara is a Marketing Coordinator on the Rave Mobile Safety marketing team. She loves writing about all things K-12, State & Local, Higher Ed, Corporate, and Healthcare, and manages the Rave social media channels. When she's not working, she's taking care of her smiley, shoe eating, Instagram-famous fur baby, Enzo!
Amid our current climate, K-12 schools and districts are focusing school safety efforts primarily on how to reopen...