CMS will implement the final rule regarding emergency preparedness requirements for Medicare and Medicaid Providers and Suppliers (Program Participants) on November 15, 2017. CMS published the “Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers” final rule on September 16, 2016 and the regulations were effective on November 15, 2016. The final rule outlines Program Participant requirements to adequately plan for both natural and man-made disasters. The final rule also requires planning for coordination with federal, state, tribal, regional, and local emergency preparedness systems. Further, CMS requires Program Participants to include a cyberattack response in their emergency preparedness plans. CMS refers Program Participants to the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) cyberattack checklist explaining how agencies should respond if they undergo a cyber-attack.
CMS addresses the three key areas for preserving patient safety and access to health care services during emergencies in the final rule: (1) safeguarding human resources; (2) maintaining business continuity; and (3) protecting physical resources. Additionally, CMS requires that each of the 17 impacted Program Participant categories include tailored Emergency Preparedness regulations within their respective conditions for certification or participation. Each Program Participant must comply with the new regulations to participate in the Medicare or Medicaid program. To that end, CMS has issued an advanced copy of the interpretive guidelines and survey procedures to be included in Appendix Z of the State Operations Manual (SOM). The CMS guidelines and survey procedures address Conditions of Participation or certification of the following 17 provider types: Religious Nonmedical Health Care Institutions; Ambulatory Surgical Centers (ASCs); Hospices; Psychiatric Residential Treatment Facilities (PRTFs); All-Inclusive Care for the Elderly (PACE); Hospitals; Transplant Centers; Long-Term Care (LTC) Facilities; Intermediate Care Facilities for Individuals with Intellectual Disabilities (ICF/IID); Home Health Agencies (HHAs); Comprehensive Outpatient Rehabilitation Facilities (CORFs); Critical Access Hospitals (CAHs); Clinics, Rehabilitation Agencies, and Public Health Agencies as Providers of Outpatient Physical Therapy and Speech-Language Pathology Services; Community Mental Health Centers (CMHCs); Organ Procurement Organizations (OPOs); Rural Health Clinics (RHCs) and Conditions for Coverage for Federally Qualified Health Centers (FQHCs); and End-Stage Renal Disease (ESRD) Facilities.
Compliance experts note that a Program Participant’s Emergency Preparedness Plan must include: (a) Risk Assessment and Emergency Planning; (b) Policies and Procedures for Compliance; (c) Communication Plan; and (d) Training and Testing. Plans will vary by provider type, services provided, operational structure and number of facilities. In general, however, the plan must address a variety of issues including: identifying those responsible for emergency response (leaders and responding teams); location of disaster control management; ensuring all facilities in a network are included in the plan; emergency contact numbers (internally and with governmental agencies such as police and fire); survey of available resources and capabilities; backup power and lighting; and identification of those with specialized disaster training.
Additional tips for emergency preparedness plan implementation include the following:
- Review Appendix Z to the SOM and additional requirements that apply to the organization;
- Ensure executive leadership and the Board of Directors are aware of CMS’ new requirements;
- View emergency preparedness as a compliance high-risk area that requires a plan to meet the new requirements;
- Ensure that all employees and staff receive education about the new regulation;
- Develop and implement the emergency preparedness plan;
- Develop a self assessment tool (checklist) that can address the emergency response; and
- Test the emergency preparedness plan against various disaster scenarios.