New CMS Rule Implementation Deadline Nears
Healthcare providers and suppliers have long been expected to have an emergency preparedness plan in place. However, a final rule from the Centers for Medicare & Medicaid Services posted last fall clarifies expectations and sets in motion penalties for those who aren't in compliance. The need for such carefully considered plans and procedures was on full display recently as healthcare providers and facilities worked tirelessly to keep patients safe in the wake of the damage and catastrophic flooding from Hurricane Harvey.
Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers was published in the Federal Register on Sept. 8, 2016 and went into effect on Nov. 16 of that year. It is a new CoP/CfC (condition of participation/condition for coverage), and all 17 supplier and provider types are impacted by the rule. The looming deadline for full compliance and implementation is Nov. 16, 2017.
A CMS spokesperson explained the new disaster preparedness requirements offer a comprehensive guidance to ensure providers and suppliers could sustain all hazard threats. Those threats include internal and manmade emergencies, as well as natural disasters most likely to occur in an area. Internal emergencies might include equipment or power failures. Manmade emergencies could cover cyberattacks or active shooters, and response to natural threats should incorporate thoughts on handling disruptions of essentials such as food and water if roads were impassable.
While there are a number of steps, the spokesperson said the regulations were written in a straightforward manner so there shouldn't be any confusion about expectations. Each provider and supplier group has its own set of regulations incorporated into its conditions or requirements for certification. The spokesperson noted the requirements are tiered and tailored to each group. For example, outpatient providers are not required to have policies regarding the provision of subsistence needs.
The specific guidance sets, which are downloadable from the CMS website, are more detailed but generally require:
- An an all hazards risk assessment to look at the best ways to respond and recover from a broad spectrum of manmade and natural disasters,
- Development of policies and procedures based on the risk assessment including subsistence needs and plans to evacuate, shelter in place, and track patients and staff during an emergency,
- Creation of a communications plan to ensure proper coordination with local, regional, tribal, state and federal emergency preparedness systems and agencies,
- Implementation of training and testing programs including drills and exercises to test the emergency plan, and
- Review and update of the risk assessment, policies and procedures, and communications plan at least annually, along with meeting yearly training and testing requirements.
Providers are required to conduct two testing exercises annually with one being a full-scale, community-based exercise. However, the regulation allows some flexibility with the recognition that a full-scale community drill might not be feasible so there are some options to replace that training with one that is based on the individual facility. Additionally, if an actual emergency occurs that tests the plan, the facility would be exempt from a full-scale exercise for one year following the emergency.
Who is Impacted
The spokesperson said CMS identified a need for more consistency in emergency planning and response in the wake of Superstorm Sandy. He said findings in an OIG report released after the 2012 hurricane led CMS to create more specific requirements and guidance to address preparedness gaps. The OIG report highlighted one hospital, noting the facility had adequate backup generators on the 13th floor to protect them from potential flooding. However, the fuel pumps to run the generators were located in the hospital's basement, which had quickly flooded. Ultimately, the hospital created a 'bucket line' in which staff passed fuel up 13 flights of stairs to keep the generators running until the hospital could be evacuated.
Another key finding from the OIG report was that a number of staff members struggled to use alternative procedures to deliver care in the face of power outages. Reliant on automated processes, a number of administrators reported having staff members who didn't know how to manually deliver IV therapy at the right rate or properly suction intubated patients by hand.
The CMS spokesperson said surveyors would monitor compliance during the certification and re-certification process or in post-event evaluations. While full implementation is expected by the November deadline, he did say there should be some flexibility in this first year if a training exercise hadn't yet been completed but was scheduled for the coming months.
Failure to comply with the final rule is anticipated to follow enforcement efforts in other areas ranging from citations with the opportunity to take corrective action all the way up to termination from participation in the Medicare and Medicaid program in the most egregious cases.
The main expectation, the spokesperson concluded, is for facilities to conduct a thoughtful and comprehensive assessment of threats and responses so that their patients, staff and community will benefit from that forethought in case of emergency.