Although integrated planning requires involvement of the external community in your facility plans, healthcare facilities must first be internally integrated. Without a seamless team response, the facility will be unable to assist the outside community.

Response requirements are not always predictable and smooth. Disasters may damage the physical structure of a healthcare facility, as has happened in previous earthquake and flooding events, and the damage must be addressed while staff are responding to the external community disaster (O’Toole, Mair, and Inglesby 2002). In addition, the healthcare facility may be compromised because of failures to the infrastructure, such as the loss of electrical power, water systems, and communication lines. A thorough internal disaster plan should address contingency “work arounds” for all possible damage to the facility.


Adequate disaster response requires instant and multifaceted communications networks that are reliable and flexible. However, a mere forecast of a disaster can overwhelm vital communication services, and in most disasters, the communication lines are the first to overload or fail. Redundant phone systems, broadcast fax capability, and the ability to increase the number of dedicated wireless phones within the healthcare system should rank high on the facility’s communication to-do list.

A hospital’s first alert or notification of an event may be via public television or radio broadcasts, requiring that hospitals mobilize for an event of which they have little knowledge. As with any community, warnings provide critical information that empowers people at risk to take action to save lives, reduce losses, and speed recovery. The extra time from an early warning allows improved preparedness and activation of services. Unfortunately, our national warning system—the Emergency Alert System—does not reach all people at risk, and the warning capability for many natural disasters is inadequate or may go unheeded.

Testing Capabilities

The U.S. GAO (2003a) reports that less than half of the hospitals surveyed for bioterrorism preparedness in early 2003 had conducted drills or exercises simulating a bioterrorism incident. Although staff training in biological agents was widespread, hospital participation in drills was less common.

The drills, training, and exercises that test plans and abilities and spearhead organizational improvement are among the most important aspects of disaster preparedness. The primary benefit of exercises is to reveal areas needing improvement. When disasters are not threatening, drills and exercises allow participants to make corrective actions to ensure all systems are ready when needed.

Mental Health Preparedness

For every one physical casualty caused by a terrorism incident, there are an estimated 4 to 20 psychological victims (Warwick 2002). In the aftermath of the 9/11 attacks, the psychiatric department at St. Vincent’s Catholic Medical Center—just one of the many healthcare facilities in the affected New York area—provided counseling and support to more than 7,000 people and received more than 10,000 calls to their help line during the first two weeks following the disaster (Rosuck 2002).

Hospitals and healthcare services should make provisions for accommodating and managing the substantial acute mental health needs of the community when a natural disaster or terrorist event occurs (JCAHO 2003). Psychological casualties often include those who are treating the physically affected—healthcare providers. For this reason, departments such as nursing, human resources, and social work as well as the chaplaincy, organizational development, and mission staff should be included in mental health planning sessions. Specifically, your organization plan should address the provision of nutritional, housing, spiritual, psychological, and other psychosocial needs and integrate these with the community plan. A triage system for behavioral health must consider the following people:

  • Survivors, those who lost a loved one, rescue workers, and people who witnessed the events

  • Those who lost a home, business, or job as a result of the event

  • Anyone else who was deeply affected

Benchmarking Organization Preparedness

Healthcare facilities can internally assess and broadly “eyeball” levels of preparedness based on assessment data, plans, human resources information, equipment, training, and performance during exercises and actual incidents. Self-assessments, exercises, and procedures for comparison with other facilities are important tools (IAEM 2003). To get accurate data, however, readiness must be evaluated by objective parties against prospectively established standards. A thorough assessment includes evidence of readiness maintained over time.

Readiness is not defined by the creation of a plan or by its periodic testing. To improve preparedness efforts, actions must be documented and efforts made to learn from mistakes and strengthen weaknesses. The current lack of standardized methodologies to compare the events of one facility to those of another, to compare activities among different types of disaster events, or to compare those taking place in different locations hampers the best assessment efforts.

Yet despite the lack of a standardized assessment tool, much is still to be learned from the experiences of hospitals that have implemented emergency management plans in real-world situations.

Automated Tools for Assistance

A plethora of new tools and models is emerging to assist communities in preparing their healthcare sector for response. Two such tools are listed below.

The National Guard Bureau’s Automated Exercise and Assessment System, a free software program, is easily deployed on personal computers and can be used to test community readiness for incidents involving weapons of mass destruction. Communities receive immediate feedback on command decisions, observe the consequences of those decisions, and receive response assessments on multiple levels. Using their actual resources, a participating community can survey and enter those resources into the software’s database and for the next 12 to 14 hours work through one of 11 different scenarios with up to 41 different roles for participants.

Pros and Cons of an ITM Solution

There are a number of benefits to the deployment and implementation of a successful ITM program. Those benefits include consolidation, which typically drives cost and complexity, ease of management, and integrated reporting. The benefits of an ITM solution are not without a few drawbacks, which may include a lack of flexibility and potential performance issues if not scaled properly.

One of the most obvious and visible benefits of an ITM solution, and one of the most prevalent arguments made by ITM vendors, is the consolidation of a number of components and functions into a single, unified solution. Combining multiple functions into a single solution, and potentially a single appliance, will likely provide initial and ongoing cost savings.

Initial "capital" costs of an ITM solution are traditionally less than the costs of the individual components that comprise the ITM solution. Costs associated with vendor negotiations and licensing can be reduced from five or six vendors to a single ITM vendor. Additionally, the price of the appliance is typically substantially less than the sum of the components, through economies of scale and the use of common hardware and software. Likewise, the maintenance costs of a single appliance or solution are generally less than those of the separate components, which increases cost savings continuously over the product's life.

In the future, when the company needs another function provided by the ITM solution, it can be as simple as generating a purchase order and installing a license key that was received via e-mail. That alone often saves weeks of time and quite a bit of money for the organization. Although new policies and inputs may be needed, rearchitecting the network and lengthy vendor evaluation and negotiations will likely not be needed.

An often overlooked factor in cost savings is the cost to house the components in the data center. Just like traditional real estate costs, some organizations bill back data center costs to the business. Consider the significant reduction in costs, moving from several boxes consuming rack space to a single unit with comparable functions. Additionally, overall power consumption will be reduced, as will the cooling costs, two important factors today in data center costs. To a data center that is already at maximum capacity with existing equipment, being able to retrofit several devices to a single solution or the addition of a single box that previously would have needed half of a rack is a tremendous advantage. Adding an additional equipment rack or maintaining equipment in multiple locations adds additional costs, complexity, and overhead.

Having a single console to manage will reduce the amount of time required to maintain and manage the infrastructure. Although it is imperative to ensure that all components are regularly updated with any appropriate signatures such as antivirus and antispyware data files, equally important are the updates at the system level. Maintaining the operating system and application updates on one system will require less time and money than maintaining the updates on several systems.

Consider the benefits of deploying an ITM solution at each branch office or location when the equipment, maintenance, and management costs are multiplied across the organization. Additionally, whether conducting an audit or an assessment at one location or each of the branch offices, having one console to measure compliance and conduct audits and assessments will be tremendously useful and beneficial to the organization.

A unified console to manage the ITM components also requires less training and shorter timeframes for employees to learn and understand. Many ITM solutions also provide for granular user-account provisioning (including roles and responsibilities) that allows individuals to have access to maintaining or monitoring their respective components. Depending on the configuration of the ITM infrastructure, logging and alerting may be "unified" as well or at least provide for a consistent and uniform notification process that can be easily integrated into an SEM architecture. Likewise, the management of the ITM infrastructure from a single console allows an administrator to view all aspects and parameters of the system without needing to hop from system to system. The benefits of an integrated ITM reporting system can help with metrics, troubleshooting, return on investment studies and compliance, audits, and assessments (as noted earlier).

Some organizations consider the lack of flexibility of an ITM solution to be a significant drawback. For example, consider the ITM solutions that are available today. Although most vendors often do not attempt to develop their own solutions for all ITM functions, they partner or form alliances to deliver that integrated solution. If you are an organization moving toward an ITM infrastructure, are you willing to use the antivirus software that the vendor has chosen versus the one that you have or want to have? What about the firewall or the VPN connectivity solution? Although you do not have to license and use all of the components offered within an ITM solution, the cost savings, management, and benefits of an integrated solution may outweigh the inconveniences. It is unlikely that each component of the ITM will have been voted "best in class," but it is likely that the overall benefits of a well-integrated solution have that vote.

Some organizations are concerned with performance issues with available ITM solutions and feel that a single appliance cannot efficiently handle all functions without significant trade-offs. Just like any other solution, corresponding requirements need to be developed individually for each function. Once those requirements are developed, ITM solutions can be evaluated. Design and architecture of the ITM solution can be evaluated. Questions such as whether specific functions are sandboxed and managed to ensure that the required memory and processing power are provided should be answered. Having a significant peak in messages with large attachments that need to be scanned should not cause the firewall to block traffic or, worse yet, allow traffic to pass without the defined screening.

Although many of the ITM solutions today are appliances, there are some software-only platforms that operate on top of hardware and operating system platforms provided by the user. Although the vendor typically provides the specifications of those systems, it may or may not define security requirements to help ensure that the platform itself is secure. Customers should understand that if a system is an appliance, they may be prohibited by licensing or may not even have access to perform security updates to the core operating system.

Popular Posts