The latest protocols for preparedness are more wide-sweeping & demanding than ever
With the increasing demands facing the healthcare field today, service disruptions can have dire consequences. Whether they originate from within or outside of the facility, all hospitals can face a range of emergencies that can potentially endanger employees, patients and visitors. From natural disasters and active shooters to fires and cyberattacks, many potential threats require hospitals to bolster their emergency preparedness to ensure they are ready and capable of responding.
Fostering internal preparation
“It is always better to plan early and to educate widely,” says Kevin Cleveland, AVP, Security Operations at HCA Healthcare. He’s a big fan of the all-hazards approach to emergency preparation. This means having a highly adaptable framework that considers the full scope of possible emergencies a hospital might face while focusing on developing the capacity and resources to respond flexibly to whatever the situation might require. This adaptability empowers our healthcare professionals, giving them the confidence that they are supported and can handle any situation that arises.
“While we might train for a specific kind of man-made or natural disaster, our plans are flexible enough to prepare our people for any number of scenarios. If something unusual happens that we had not anticipated, our framework and the education we provide our teams gives us a head start on managing that,” explains Cleveland.
A big part of this approach is staff education. HCA Healthcare employs tabletop exercises and drills to test responses and help people prepare for situations they might encounter. These exercises are not just about testing responses, but also about ensuring the effectiveness of the emergency plan. They are designed to get people not only thinking about what they would do in an emergency, but to test out specific components of the emergency plan such as evacuating the hospital. These drills and exercises reassure healthcare professionals that they are well-prepared and equipped to handle any type of emergency situation.
The Security Services Team has also developed “huddle cards,” designed to be used as training exercises with a small group of people. Each card describes a scenario and gives teams an opportunity to have an open discussion about the best way to handle it. “If you haven’t thought about what you would do in these situations before, then the time you take to react in a real-life scenario will increase,” says Andy Anderson, Director of Security Services at HCA Healthcare.
Another part of staff education teaches the “Run, Hide, Fight” protocol for active shooter situations. When your life is in imminent danger, the last step is to fight. If you find yourself in a situation where your only option is to fight, make sure that you know how you should attempt to fight and incapacitate or disrupt the shooter’s actions.
Strengthening equipment & infrastructure
But there are situations where Run, Hide, Fight may not be applicable. In a hospital setting, there will be people who can’t run or won’t run. To prepare for situations like this, Anderson looks to “harden” certain areas of hospitals to protect employees, patients and visitors from threats. For example, using building materials that are more difficult to breach can provide added protection for patients and staff.
Technology can play an important role in protecting patients, visitors and employees through robust security systems with modern features, such as smart cameras and sensors, and remote or on-site lockdown activation.
Security cameras can also be used to support emergency preparation in unconventional ways. For example, during evacuations, they can get real-time visual information on ambulance bays and helicopter pads to prevent confusion among hospitals, transfer centers and EMS companies. “We can see how many ambulances are actually in the bay and avoid miscommunication,” explains Cleveland. Cameras are also helpful when preparing for weather events, he adds. “We’ll leverage our security cameras to scan parking lots and construction areas to ensure everything is tied down and we’ve done all we can to minimize potential damage.”
Security during emergency situations
Visitor and perimeter management become security challenges during emergencies. “We need to manage the flow of people into the hospital and manage who is already inside,” says Cleveland. In the case of a severe weather event, for example, it’s important to know who is inside before a hurricane gets to a hospital, especially if it is projected to cause catastrophic damage. “It’s not necessarily a security risk, but it’s a risk the security team helps to manage.”
Emergencies such as natural disasters and fires also tend to attract the attention of the media and people concerned about their loved ones. However, adding more people to a volatile situation can create more problems, meaning security personnel might need to create a perimeter and manage who is approved to enter the facility.
Responding to cyber threats
In 2023, 725 large security breaches in healthcare were reported to the Department of Health and Human Services Office for Civil Rights.
Protecting systems and data from cybercriminals starts with employee awareness and training, cyber hygiene practices, and strong relationships with third-party technology partners and industry peers.
But even with the best preventive measures in place, all hospitals need to be prepared to deal with the impact of a cyberattack. “It’s becoming a matter of when you’ll have an event versus if you’ll have an event, so organizations need to be prepared beforehand,” says Matthew Webb, AVP of Product Security at HealthTrust.
Developing a cyber incident response plan is crucial. Will you need to switch to pen and paper for patient documentation and ordering medications? Will emergency cases or critical patients need to be diverted elsewhere? How will medical devices, especially smart devices, be impacted? How and what will you communicate to staff, patients, third parties and law enforcement? These are just some of the questions that should be addressed as part of comprehensive preparedness planning.
“An incident response plan can help minimize the impact of a cyberattack and maintain a hospital’s ability to provide safe, high-quality care during an attack,” says Chris Van Gorder, President and CEO of Scripps Health, which was hit by a ransomware attack in 2021. He recommends including information on action steps, communication channels, and the roles and responsibilities of key personnel.
Make sure to review, test and update your response plan regularly to take account of emerging cybersecurity trends and challenges. International cybercriminals are constantly changing and refining their skills to wreak havoc on hospitals’ ability to deliver care safely and protect patients’ private data. Collaborating with government agencies, insurers and cybersecurity experts can help you stay one step ahead of cybercriminals, says Van Gorder. “Cybersecurity threats in healthcare and other industries are ever-evolving. Hospitals need to adopt a collaborative approach to handling information—one that fosters a culture of knowledge sharing that helps the industry stay ahead of the ever-changing threat landscape.”
If you find this daunting, you’re not alone. Van Gorder believes there are unrealistic expectations put on healthcare providers to defend against cyberattacks. He’s calling on the federal government to create realistic cybersecurity requirements and provide cyber defense resources and funding to hospitals and other providers. This funding could go a long way to acquire the expertise and systems that can block cybercriminals. “Many healthcare providers don’t have the profit margins to allow for the sizeable investments in cybersecurity that are needed. Protecting our patients and the country’s healthcare infrastructure requires a collaborative and concerted effort,” Van Gorder adds.
Share Email Cybersecurity, Disaster & Emergency Preparedness, Facilities Management, On-contract product, Operations, Q3 2024
