sudok1 - Fotolia


CMS emergency preparedness rule for healthcare: Compliance tips

The CMS Final Rule details emergency response and business continuity regulations for healthcare. Noncompliance could result in the loss of Medicare and Medicaid benefits.

The Centers for Medicare and Medicaid Services (CMS) issued a final rule on Sept. 16, 2016, regarding emergency preparedness activities. The latest version goes beyond current regulations for healthcare organizations in the areas of emergency response and business continuity.

Interestingly, accrediting organizations -- such as the Joint Commission -- and state regulators already require healthcare institutions to have emergency preparedness programs in place. The new CMS emergency preparedness rule, however, provides additional requirements.

Of great importance is the fact that institutions not prepared in time for the compliance deadline of Nov. 17, 2017, may no longer be able to receive Medicare and Medicaid benefits (also known as Conditions of Participation), unless granted a waiver.

While the final CMS emergency preparedness rule doesn't specifically focus on disaster recovery, it does zero in on emergency management and, to an extent, business continuity. This article provides a summary of the actions to be taken and will provide tips to ensure your organization is compliant.

The full Final Rule in the Federal Register can be found in Vol. 81, No. 180, dated Sept. 16, 2016, under the name "Medicare and Medicaid Programs; Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers; Final Rule." The legislation is in Title 42 of the Code of Federal Regulations, Parts 403, 416, 418 and others. The document provides detailed guidance on all aspects of the Final Rule, and also describes the unique compliance requirements for 17 different types of healthcare providers covered.

Main provisions in the CMS emergency preparedness rule

According to CMS, the Final Rule addresses "three key essentials we believe are necessary for maintaining access to healthcare services during emergencies: safeguarding human resources, maintaining business continuity and protecting physical resources."

As such, the CMS has identified four key elements of what it believes is a suitable emergency preparedness framework for its many providers. The following table describes the four elements, what they mean and what you may need to do to achieve compliance with them.

CMS emergency preparedness rule, CMS Final Rule, emergency management

Additional Final Rule requirements

Continuity of operations is the primary focus of the final CMS emergency preparedness rule, as opposed to recovery of operations, as stated in the legislation. This is an important distinction, as the CMS assumes healthcare providers have plans in place to recover their operations in an emergency.

The Final Rule, by contrast, focuses on facilities, systems and resources that support the uninterrupted provision of patient care.

Among the facility-related elements addressed in the CMS emergency preparedness Final Rule are the following:

  1. Alternate sources of energy used to provide building temperatures conducive to patient health and safety; the safe and sanitary storage of provisions; availability of emergency lighting; and fire detection, extinguishing and alarm systems.
Continuity of operations is the primary focus of the final CMS emergency preparedness rule, as opposed to recovery of operations, as stated in the legislation.
  1. Provisions of sewage and waste disposal, including solid waste, recyclables, chemicals, biomedical waste and wastewater.
  2. Availability of a system to track the location of staff and patients in the hospital's care, both during and after an emergency.
  3. Resources to ensure safe evacuations from the hospital, addressing care and treatment of evacuees; staff responsibilities; transportation; identification of evacuation location(s); and primary/alternate communications with external sources of assistance.
  4. Space to shelter in place for patients, staff and volunteers who remain in the institution.

The above, and other requirements, must also be addressed to achieve compliance with the final CMS emergency preparedness rule.

Confirming compliance

Organizations like the Joint Commission may decide to audit institutions for CMS compliance, in addition to their own emergency response requirements. Health Insurance Portability and Accountability Act regulations, particularly certain parts of the Security Rule, may also factor into the audit/compliance process. Federal, state and local regulations may need to be included in the process. Given the Final Rule requirements and how they compare to existing regulations, perhaps the best strategy is to meet or exceed the CMS requirements as much as possible, and to ensure that all activities are fully documented.

Hospitals are likely to have well-organized emergency procedures already in place, and may need only some updating of their emergency programs. By contrast, other healthcare organizations may require considerable work to achieve compliance. It's time to move forward with reviewing and updating emergency programs.

Next Steps

Disaster recovery in healthcare is evolving

Look to the cloud for healthcare data recovery

How encryption is key for healthcare data

Dig Deeper on Disaster recovery planning - management