Emergency Preparedness Rule – Are You Ready?

We saw heartbreaking examples of ill prepared health care providers in Texas and Florida during hurricane season, and some of the most vulnerable are individuals served by Medicare and Medicaid in senior living facilities, FQHCs, community mental health centers and dialysis facilities. 

By tomorrow, November 15, 2017, most Medicare health care providers and suppliers should be compliant with the emergency preparedness (EP) rule that was published in 2016. Failure to comply could result in loss of certification from the Centers for Medicare and Medicaid Services (CMS). These new rules are more comprehensive than prior CMS standards and are focused primarily on 1) risk assessment with emergency preparedness planning, 2) policies and procedures, 3) communication plans, and 4) training and testing.

The list of providers and suppliers contains 17 types, including Hospitals, Long Term Care Facilities, Hospices, Home Health Agencies and Federally Qualified Health Centers – the full list is here. Whether your organization is required to comply or not, a family member may receive services that are affected, and your community is certainly affected. The best preparation for natural and man-made disasters involves regional collaboration among the wider community to share resources and plans for recovery.

A core element of a full HIPAA compliance program includes a Risk Analysis and Risk Management plan that incorporates a Contingency Plan for natural and man-made disasters. The requirements outlined in the CMS rule mirror HIPAA compliance around Risk Analysis, so if an organization follows HIPAA, conducts its annual Risk Analysis and follows its own Risk Management plan, most of the work toward compliance with the new CMS emergency preparedness rule is completed. That being said, each organization should evaluate the CMS rule on its own to ensure its policies cover the bases.

There is guidance about the new rule in a number of places, including FEMA, an organization that learns new lessons every year in response to hurricanes, flooding, drought and wildfires like those we have seen this year. Available here. The EP rule itself cites extensive additional resources.

A HIPAA compliance program like The HIPAA E-Tool® takes care of the risk assessment required by CMS. The Risk Analysis – Risk Management module is interactive, building action steps automatically as the assessment is completed. It is then archived for use the following year when the Risk Analysis must be completed again. The second and following years build on the work done in the beginning, allowing more time (and less cost) to devote to managing the facility and caring for patients.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free