Making a CHC EM Program Work— Tools, Tips & Strategies
1 / 21

- PowerPoint PPT Presentation

  • Uploaded on

Making a CHC EM Program Work— Tools, Tips & Strategies. Amelia Muccio Director of Emergency Management NJPCA. Objectives. Tools, Tips and Strategies for Everyday Preparedness Accreditation Standards Planning, Training, Exercising Needs

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - justina-mccarthy

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Making a chc em program work tools tips strategies

Making a CHC EM Program Work— Tools, Tips & Strategies

Amelia Muccio

Director of Emergency Management



  • Tools, Tips and Strategies for Everyday Preparedness

  • Accreditation Standards

  • Planning, Training, Exercising Needs

  • Health Information Technology and Future of Center’s IT

  • Instilling a Culture of Preparedness

Chcs emergency preparedness
CHCs & Emergency Preparedness


  • 50 States and US Territories

  • 1,250 Centers

  • 20 million patients served annually


  • 20 Centers with 100 sites

  • 425,000 patients served annually

  • Provide services to at risk populations

  • Triage, screen and treat lower acuity patients “walking wounded”

  • Provide surge capacity during emergency

  • Provide mass vaccination

  • Serve as Point of Dispensing

  • Decompress healthcare system

  • Serve as Alternate Care Site


  • FQHC accreditation standards for emergency preparedness:

    • Bureau of Primary Health Care Policy Information Notice 2007-15 (PIN)

    • Joint Commission (JC)

    • Accreditation Association for Ambulatory Care (AAAHC)

    • National Committee for Quality Assurance (NCQA)

    • National Incident Management System (NIMS)

Personal preparedness
Personal Preparedness

  • Do you have a family communications plan?

  • Do you have a go bag?

  • Do you have a pet go bag?

  • Have you made arrangements for childcare if you are needed at work?

  • What about your other family members including elderly and pets?

Making a chc em program work tools tips strategies

  • Identifies potential emergencies and the direct/indirect effects these emergencies may have on CHC’s operation and demand for services

  • The risks identified should be prioritized based on likelihood of occurrence and severity

Risk management
Risk Management

  • Identifying and assessing risk, reducing it to an acceptable level and implementing mechanisms to maintain that level

  • Risk reduction (countermeasures, HVA)

  • Risk transference (insurance)

  • Risk acceptance (may happen)

  • Risk rejection (do nothing)

What threatens information
What Threatens Information?

  • Misuse

  • Disasters

  • Data interception

  • Computer theft

  • Identify/Password theft

  • Malicious software

  • Data theft/corruption

  • Vandalism

  • Human error

Planning elements
Planning Elements

  • Continuity of Operations

  • Command and Control

  • Staffing

  • Surge Patients

  • Medical and Non-Medical Supplies

  • Pharmaceuticals

  • Security

  • Evacuation

  • Decontamination

  • Isolation

  • Power Supply

  • Transportation

  • Water/Sanitation

  • Communications

  • Medical Records Security and Access


  • EOPs-how org will respond to emergencies

    • Basic plan

    • Functional annexes

    • Incident-Specific appendices

  • Procedures-SOPs

  • Preparedness plans-training needs

  • Corrective action/mitigation plans-activities required to implement lessons learned

  • Recovery plans-long term actions needed

Policies and procedures
Policies and Procedures

  • Establish security culture

  • Establish best security practices

  • Define goals and structure of security program

  • Educate personnel

  • Maintain compliance with any regulations

  • Ex: email policy, Internet usage, physical security

Business continuity plans
Business Continuity Plans

  • A comprehensive written plan to maintain or resume business operations in the event of a disruption

  • Continue critical business operations

  • Jeopardize normal operations

  • Most critical operations

  • May require alternate sites (hot, warm, cold)

  • What do we need to KEEP going?

Disaster recovery plan
Disaster Recovery Plan

  • A comprehensive written plan to return business operations to the pre-disruption state following a disruption

  • Restore IT functions (prep and restore)

  • Jeopardize the normal operations

  • Includes all operations



Plan testing training and exercising
Plan Testing, Training and Exercising

  • Testing is a critical to ensure a viable contingency capability

  • Conduct plan exercises

  • Tabletops are useful tools!

Exercises building block approach
Exercises—Building Block Approach

  • Seminar (Discussion)

  • Workshop (Discussion)

  • Tabletop Exercise (TTX) (Discussion)

  • Games (Discussion)

  • Drills (Operations)

  • Functional Exercises (FXE) (Operations)

  • Full Scale Exercises (FSE) (Operations)

Electronic health records
Electronic Health Records

  • Vulnerabilities discovered, reported to eHealth vendor and then patched

  • Patches take A LOT of time to fix

  • 2,211 days (vendor) vs. 284 days (Microsoft)

  • No one eHealth vendor in charge

Ehr vulnerabilities
EHR Vulnerabilities

  • Unauthorized users can compromise integrity and confidentiality

  • Unauthorized access to computer networks

  • Password protection (hacks and policies)

  • Subversive software (malware)

  • Disaster

Personal information security countermeasures
Personal Information Security Countermeasures

  • Password policies

  • Backup

  • Spoofing countermeasures

  • Malware detection and prevention

  • 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster

  • 50% of businesses that found themselves without data management for this same period filed for bankruptcy immediately

Security and assurance program
Security and Assurance Program

  • Protective measures include:

  • Firewalls and virus protection systems

  • Password procedures

  • Information encryption software

  • Computer access control systems

  • Computer security staff background checks (at initial hire and periodically)

  • Computer security staff training & 24/7 on-call technical support

  • Computer system recovery and restoration plans

  • Intrusion detection systems

  • Redundant & backup systems, & offsite backup data storage

Additional resources
Additional Resources

  • Planning/Trainings/Exercises

  • HAZMAT, MCI, workplace violence, severe weather, fit-testing, novel influenza, hostile patient, active shooter, foodborne outbreak, hostage situation, bomb scare, communications, ICS/NIMS, PINS, cyber security, power outages, COOP, business continuity, personal preparedness…