INTEGRATING INTERNAL PREPARATIONS

Although integrated planning requires involvement of the external community in your facility plans, healthcare facilities must first be internally integrated. Without a seamless team response, the facility will be unable to assist the outside community.

Response requirements are not always predictable and smooth. Disasters may damage the physical structure of a healthcare facility, as has happened in previous earthquake and flooding events, and the damage must be addressed while staff are responding to the external community disaster (O’Toole, Mair, and Inglesby 2002). In addition, the healthcare facility may be compromised because of failures to the infrastructure, such as the loss of electrical power, water systems, and communication lines. A thorough internal disaster plan should address contingency “work arounds” for all possible damage to the facility.

Communications

Adequate disaster response requires instant and multifaceted communications networks that are reliable and flexible. However, a mere forecast of a disaster can overwhelm vital communication services, and in most disasters, the communication lines are the first to overload or fail. Redundant phone systems, broadcast fax capability, and the ability to increase the number of dedicated wireless phones within the healthcare system should rank high on the facility’s communication to-do list.

A hospital’s first alert or notification of an event may be via public television or radio broadcasts, requiring that hospitals mobilize for an event of which they have little knowledge. As with any community, warnings provide critical information that empowers people at risk to take action to save lives, reduce losses, and speed recovery. The extra time from an early warning allows improved preparedness and activation of services. Unfortunately, our national warning system—the Emergency Alert System—does not reach all people at risk, and the warning capability for many natural disasters is inadequate or may go unheeded.

Testing Capabilities

The U.S. GAO (2003a) reports that less than half of the hospitals surveyed for bioterrorism preparedness in early 2003 had conducted drills or exercises simulating a bioterrorism incident. Although staff training in biological agents was widespread, hospital participation in drills was less common.

The drills, training, and exercises that test plans and abilities and spearhead organizational improvement are among the most important aspects of disaster preparedness. The primary benefit of exercises is to reveal areas needing improvement. When disasters are not threatening, drills and exercises allow participants to make corrective actions to ensure all systems are ready when needed.

Mental Health Preparedness

For every one physical casualty caused by a terrorism incident, there are an estimated 4 to 20 psychological victims (Warwick 2002). In the aftermath of the 9/11 attacks, the psychiatric department at St. Vincent’s Catholic Medical Center—just one of the many healthcare facilities in the affected New York area—provided counseling and support to more than 7,000 people and received more than 10,000 calls to their help line during the first two weeks following the disaster (Rosuck 2002).

Hospitals and healthcare services should make provisions for accommodating and managing the substantial acute mental health needs of the community when a natural disaster or terrorist event occurs (JCAHO 2003). Psychological casualties often include those who are treating the physically affected—healthcare providers. For this reason, departments such as nursing, human resources, and social work as well as the chaplaincy, organizational development, and mission staff should be included in mental health planning sessions. Specifically, your organization plan should address the provision of nutritional, housing, spiritual, psychological, and other psychosocial needs and integrate these with the community plan. A triage system for behavioral health must consider the following people:

• Survivors, those who lost a loved one, rescue workers, and people who witnessed the events

• Those who lost a home, business, or job as a result of the event

• Anyone else who was deeply affected

Benchmarking Organization Preparedness

Healthcare facilities can internally assess and broadly “eyeball” levels of preparedness based on assessment data, plans, human resources information, equipment, training, and performance during exercises and actual incidents. Self-assessments, exercises, and procedures for comparison with other facilities are important tools (IAEM 2003). To get accurate data, however, readiness must be evaluated by objective parties against prospectively established standards. A thorough assessment includes evidence of readiness maintained over time.

Readiness is not defined by the creation of a plan or by its periodic testing. To improve preparedness efforts, actions must be documented and efforts made to learn from mistakes and strengthen weaknesses. The current lack of standardized methodologies to compare the events of one facility to those of another, to compare activities among different types of disaster events, or to compare those taking place in different locations hampers the best assessment efforts.

Yet despite the lack of a standardized assessment tool, much is still to be learned from the experiences of hospitals that have implemented emergency management plans in real-world situations.

Automated Tools for Assistance

A plethora of new tools and models is emerging to assist communities in preparing their healthcare sector for response. Two such tools are listed below.

The National Guard Bureau’s Automated Exercise and Assessment System, a free software program, is easily deployed on personal computers and can be used to test community readiness for incidents involving weapons of mass destruction. Communities receive immediate feedback on command decisions, observe the consequences of those decisions, and receive response assessments on multiple levels. Using their actual resources, a participating community can survey and enter those resources into the software’s database and for the next 12 to 14 hours work through one of 11 different scenarios with up to 41 different roles for participants.

Sidebar 1.1. The Utstein Template: A Research Solution

The ability to measure readiness and improvement in preparedness efforts or response has been stifled from a lack of a universally accepted, organized methodology for standardized, objective evaluations of the interventions applied in dealing with disasters. Without these, the conversion of data into important information that promotes the prevention of future events or mitigation of the effects, should they occur, will not be forthcoming—making it impossible to learn from our experiences.

The Utstein Template and Guidelines is a research methodology designed by the Task Force on Quality Control of Disaster Management, the World Association of Disaster and Emergency Medicine (WADEM), and the Nordic Society for Disaster Medicine (TFQCDM/WADEM 2003). Edited for publication by Drs. K.O.Sundnes and M.L.Birnbaum, this work is supported by six collaborating organizations, including the World Health Organization and the United Nations Department of Humanitarian Affairs. The template introduces a structural framework for investigating the medical and public health aspects of disasters, ensuring appropriate design, conduct, and reporting for evaluation and research.

“This structural framework includes (1) a standardized, universal set of definitions; (2) a conceptual model for disasters; (3) indicators and standards; (4) descriptions of 14 basic societal functions bound together by a coordination and control function; and (5) a disaster response template and two research templates. The templates are to be used in the design, conduct, analysis, and reporting of research and/or evaluations of interventions directed at preventing hazards from becoming a disaster-producing event, mitigating the effects of such an event on the affected society, and/or responses to a disaster.”

The Weill/Cornell Mass Prophylaxis/Vaccination Campaign Staffing Model, created in 2003 by Hupert and Cuomo of the Department of Public Health at Weill Medical College of Cornell University, is described as an interactive planning tool designed to “estimate the number and type of staff required to operate [mass prophylaxis] clinics” to provide a community with critical medical supplies in an efficient and timely fashion. The model will provide as output the number of sites and types of staff required to complete an inoculation campaign in a selected time frame. It allows planners to formulate realistic mass prophylaxis contingency plans for their target populations. Healthcare organizations can access this tool at www.ahrq.gov/research/biomodel.htm (Hupert and Cuomo 2003).

Sidebar 1.2. Case Examples: Hospital and Healthcare Lessons Learned

We benefit from real events. By examining the experiences of other healthcare organizations and the actions taken, valuable lessons are learned. The following reports summarize some of the lessons learned from healthcare facilities in recent disasters.

Hurricanes Dennis and Floyd, Eastern Seaboard, summer 1999. Pitt County Memorial Hospital (North Carolina) was completely isolated, lost electrical power intermittently, lacked water, and experienced failure of the pressurized water system. It established an external connection to its water supply, and tankers from 18 fire departments provided water. An on-site well provided an alternate water source. Having adequate fuel filters on hand to keep rental generators going and an extra fuel oil truck were important (Carpenter 2001).

Northridge earthquake, Los Angeles, January 1994. Granada Hills Community Hospital flooded when a 2,500-gallon reserve water tank ruptured on the roof. Departing from its disaster plan, the facility was required to take a spontaneous approach to quickly evacuate and salvage equipment and supplies. “Have some very basic task assignments drawn up so that when you do have community volunteers, you don’t turn them away,” said Richard Colon, director of environmental services and food services at Granada Hills. “It frees up your staff to do other things” (Carpenter 2001).

Murrah Federal Building bombing; Oklahoma City, Oklahoma; April 1995. A huge influx of victims, overeager volunteers, and the media created problems for local hospitals. The local hospital representatives interviewed for the article warn others to “be watchful of the media—they arrived inside ambulances or in cars carrying patients. One crew purchased lab coats and stethoscopes and snuck in to film interviews” (Carpenter 2001). This infiltration of the media led to a total facility lockdown. Based on experiences at the Murrah Federal Building, a preauthorized visitors list is recommended, and it is suggested that media and volunteers be escorted to their designated areas and kept there (Carpenter 2001). A citywide medical disaster plan with standardized communications and terminology should be fully integrated and include every emergency medical service agency, emergency department, hospital, pharmacy, and supplier. After the Oklahoma City bombing, unsolicited donations came by the truckloads, including medical supplies. The Oklahoma Hospital Association estimated that wasted medical supplies totaled more than $1.5 million. It is thus recommended that such offerings be anticipated and planned for (O’Toole, Mair, and Inglesby 2002).

Ice storm, Maine, January 1998. Inches of ice placed the VA Medical Center (Togus) on emergency generators for 90 hours. Barrels of oil were shuttled in, and emergency generators were trucked in and rotated among outbuildings. Electricity needs were paramount, and with only one electrical outlet per room and in key spots throughout the facility, those needs were not met. The lesson is to prepare for long, sustained power outages that can force the organization into an entirely new routine (Carpenter 2001). Powerless for four weeks, the staff of St. Mary’s Regional Medical Center (Lewiston) used empty hallways to house the elderly with medical needs, home care patients, and those on oxygen tanks or dialysis. Staff also provided care at shelters. The Maine Hospital Association created a storm clearinghouse to heip members deal with personnel, supply, and equipment shortages (Weinstock 1998).

Taking care of little details ahead of time pays off. Jeannie Cross, assistant vice president of the Healthcare Association of New York State, recommends stocking up on D-cell batteries for flashlights and making sure the hospital association has cell-phone numbers of its members. “A regular phone number [landline system] does no good if the phone lines are down,” stated Cross.

Red River flooding; Grand Forks, North Dakota; April 1997. Staff ripped up the parking lot at Altru Health System, dug up the dirt, and piled it up to keep the water out as long as possible. Staff shared that “laying the groundwork for evacuation, thinking innovatively and remembering to keep in contact with the city emergency operations center and other agencies might be all a hospital facility manager could do to prepare for such a huge disaster” (Carpenter 2001).

Midair collision; Zion, Illinois; February 2001. A plane crash into the roof of a five-story cancer treatment facility forced the evacuation of 54 patients. “I don’t think anybody across the country knows that the fire department takes over your building in case of disaster,” stated Michael White, vice president in charge of the facilities and security departments, “you’re somewhat at their mercy.” Local fire officials set up command posts to guard against a fire outbreak and to control access (Carpenter 2001).

Wildfires; Flagler County, Florida; summer 1998. Four huge fires forced evacuation of all 43,000 residents of Flagler County, including Florida’s Memorial Hospital, which evacuated patients to two other facilities in its system. Hospital officials reported that “In a crisis, there’s no such thing as being over prepared.

Ambulances from all over the state responded.” Two lessons were learned from this experience: (1) cell and regular phone lines jam quickly and (2) employees are willing to work, even without knowing the status of their family members or houses (Gibson 1998).

Massive flooding; Houston, Texas; June 2001. Flooding from Tropical Storm Allison knocked out emergency power, water, and telecommunications to portions of the Texas Medical Center campus. All Texas Medical Center hospitals experienced flooding and reduction in services to varying degrees, with Memorial Hermann Hospital and Memorial Hermann Children’s Hospital forced to evacuate 540 patients over a 36-hour period. When patients are transferred, the sending hospital is responsible for providing staff for their care. Nearly 4,000 employees were deployed by bus to help care for patients (Carpenter 2001).

Pros and Cons of an ITM Solution

There are a number of benefits to the deployment and implementation of a successful ITM program. Those benefits include consolidation, which typically drives cost and complexity, ease of management, and integrated reporting. The benefits of an ITM solution are not without a few drawbacks, which may include a lack of flexibility and potential performance issues if not scaled properly.

One of the most obvious and visible benefits of an ITM solution, and one of the most prevalent arguments made by ITM vendors, is the consolidation of a number of components and functions into a single, unified solution. Combining multiple functions into a single solution, and potentially a single appliance, will likely provide initial and ongoing cost savings.

Initial "capital" costs of an ITM solution are traditionally less than the costs of the individual components that comprise the ITM solution. Costs associated with vendor negotiations and licensing can be reduced from five or six vendors to a single ITM vendor. Additionally, the price of the appliance is typically substantially less than the sum of the components, through economies of scale and the use of common hardware and software. Likewise, the maintenance costs of a single appliance or solution are generally less than those of the separate components, which increases cost savings continuously over the product's life.

In the future, when the company needs another function provided by the ITM solution, it can be as simple as generating a purchase order and installing a license key that was received via e-mail. That alone often saves weeks of time and quite a bit of money for the organization. Although new policies and inputs may be needed, rearchitecting the network and lengthy vendor evaluation and negotiations will likely not be needed.

An often overlooked factor in cost savings is the cost to house the components in the data center. Just like traditional real estate costs, some organizations bill back data center costs to the business. Consider the significant reduction in costs, moving from several boxes consuming rack space to a single unit with comparable functions. Additionally, overall power consumption will be reduced, as will the cooling costs, two important factors today in data center costs. To a data center that is already at maximum capacity with existing equipment, being able to retrofit several devices to a single solution or the addition of a single box that previously would have needed half of a rack is a tremendous advantage. Adding an additional equipment rack or maintaining equipment in multiple locations adds additional costs, complexity, and overhead.

Having a single console to manage will reduce the amount of time required to maintain and manage the infrastructure. Although it is imperative to ensure that all components are regularly updated with any appropriate signatures such as antivirus and antispyware data files, equally important are the updates at the system level. Maintaining the operating system and application updates on one system will require less time and money than maintaining the updates on several systems.

Consider the benefits of deploying an ITM solution at each branch office or location when the equipment, maintenance, and management costs are multiplied across the organization. Additionally, whether conducting an audit or an assessment at one location or each of the branch offices, having one console to measure compliance and conduct audits and assessments will be tremendously useful and beneficial to the organization.

A unified console to manage the ITM components also requires less training and shorter timeframes for employees to learn and understand. Many ITM solutions also provide for granular user-account provisioning (including roles and responsibilities) that allows individuals to have access to maintaining or monitoring their respective components. Depending on the configuration of the ITM infrastructure, logging and alerting may be "unified" as well or at least provide for a consistent and uniform notification process that can be easily integrated into an SEM architecture. Likewise, the management of the ITM infrastructure from a single console allows an administrator to view all aspects and parameters of the system without needing to hop from system to system. The benefits of an integrated ITM reporting system can help with metrics, troubleshooting, return on investment studies and compliance, audits, and assessments (as noted earlier).

Some organizations consider the lack of flexibility of an ITM solution to be a significant drawback. For example, consider the ITM solutions that are available today. Although most vendors often do not attempt to develop their own solutions for all ITM functions, they partner or form alliances to deliver that integrated solution. If you are an organization moving toward an ITM infrastructure, are you willing to use the antivirus software that the vendor has chosen versus the one that you have or want to have? What about the firewall or the VPN connectivity solution? Although you do not have to license and use all of the components offered within an ITM solution, the cost savings, management, and benefits of an integrated solution may outweigh the inconveniences. It is unlikely that each component of the ITM will have been voted "best in class," but it is likely that the overall benefits of a well-integrated solution have that vote.

Some organizations are concerned with performance issues with available ITM solutions and feel that a single appliance cannot efficiently handle all functions without significant trade-offs. Just like any other solution, corresponding requirements need to be developed individually for each function. Once those requirements are developed, ITM solutions can be evaluated. Design and architecture of the ITM solution can be evaluated. Questions such as whether specific functions are sandboxed and managed to ensure that the required memory and processing power are provided should be answered. Having a significant peak in messages with large attachments that need to be scanned should not cause the firewall to block traffic or, worse yet, allow traffic to pass without the defined screening.

Although many of the ITM solutions today are appliances, there are some software-only platforms that operate on top of hardware and operating system platforms provided by the user. Although the vendor typically provides the specifications of those systems, it may or may not define security requirements to help ensure that the platform itself is secure. Customers should understand that if a system is an appliance, they may be prohibited by licensing or may not even have access to perform security updates to the core operating system.