We saw heartbreaking examples of ill prepared health care providers in Texas and Florida during hurricane season, and some of the most vulnerable are individuals served by Medicare and Medicaid in senior living facilities, FQHCs, community mental health centers and dialysis facilities.
By tomorrow, November 15, 2017, most Medicare health care providers and suppliers should be compliant with the emergency preparedness (EP) rule that was published in 2016. Failure to comply could result in loss of certification from the Centers for Medicare and Medicaid Services (CMS). These new rules are more comprehensive than prior CMS standards and are focused primarily on 1) risk assessment with emergency preparedness planning, 2) policies and procedures, 3) communication plans, and 4) training and testing.
The list of providers and suppliers contains 17 types, including Hospitals, Long Term Care Facilities, Hospices, Home Health Agencies and Federally Qualified Health Centers – the full list is here. Whether your organization is required to comply or not, a family member may receive services that are affected, and your community is certainly affected. The best preparation for natural and man-made disasters involves regional collaboration among the wider community to share resources and plans for recovery.
A core element of a full HIPAA compliance program includes a Risk Analysis and Risk Management plan that incorporates a Contingency Plan for natural and man-made disasters. The requirements outlined in the CMS rule mirror HIPAA compliance around Risk Analysis, so if an organization follows HIPAA, conducts its annual Risk Analysis and follows its own Risk Management plan, most of the work toward compliance with the new CMS emergency preparedness rule is completed. That being said, each organization should evaluate the CMS rule on its own to ensure its policies cover the bases.
There is guidance about the new rule in a number of places, including FEMA, an organization that learns new lessons every year in response to hurricanes, flooding, drought and wildfires like those we have seen this year. Available here. The EP rule itself cites extensive additional resources.
A HIPAA compliance program like The HIPAA E-Tool® takes care of the risk assessment required by CMS. The Risk Analysis – Risk Management module is interactive, building action steps automatically as the assessment is completed. It is then archived for use the following year when the Risk Analysis must be completed again. The second and following years build on the work done in the beginning, allowing more time (and less cost) to devote to managing the facility and caring for patients.