Incident Response Guidelines

Each crisis event will involve unique factors that will affect how the initial and often inexperienced first‐line responders or ad hoc response groups respond, as well as how the follow‐on and typically predefined and experienced incident and crisis management teams (CMTs) will manage to an event. It is problematic to attempt to completely define predetermined response plans and management guidelines, as each situation will be unique and each response guideline will require the necessary degree of flexibility needed to reflect the fluid management and operational requirements of each crisis event. That said, companies can plan ahead and determine the most likely risk events, as well as a sensible set of response options that can be used to guide less experienced managers through what is often a confusing and highly stressful situation, or provide a quick checklist for those with more experience to ensure complacency does not set in and uniformity of response measures are maintained.

Response guidelines should be considered as such: guidelines. They should not be considered restrictive, unless the implementing staff requires clear and strict instructions for dealing with particular crisis events. They effectively provide a sensible first responder and manager handrail which ensures that advice and guidance is offered where needed, and specific instructions are provided where necessary. It also ensures that key management requirements are not missed during an emergency, and that a logical and structured approach to resolving a situation is provided. Common sense and sound leadership at all times should take precedence. In addition, companies might wish to consider including a liability exemption for such documents, as such guidelines cannot prevent a crisis from occurring, and are not surefire measures by which to prevent injuries, property loss, or damage. These guidelines are purely mitigation tools for individuals to use during an emergency, helping focus a response and bring control and structure to often confusing situations. Response guidelines are useful for even the most experienced of crisis professionals, as they provide a checklist to walk a manager through response considerations as an event occurs, providing focus, structure, and consistency. Additional elements can then be added to enhance the response measures as required. Those drafting response guidelines should also consider the environment in which such documents will be utilized—often fast moving, high stress, and under considerable pressure. Therefore, the response guidelines should contain enough information to bring understanding to the user, without requiring significant time to read through and implement recommendations or gather information.

Response guidelines support the company in developing uniformity and transparency across the organization, ensuring that the basic tenets of response are understood and applied evenly, within what can often be complex and compartmentalized organizations. They can also be used in conjunction with information capture reports, helping managers both practically deal with a problem, as well as share critical information between multiple participants. These policies and procedures also evidence the company's efforts to manage its risks, and can form an important aspect of its duty of care approach. In addition, such measures might offset business risks, as well as reputational and liability risks if a crisis event results in a subsequent investigation or lawsuit. Such response guidelines are not designed to constrain innovation or lateral thinking, but should be configured to provide the foundations of a response system, as well as share simple and useful procedures for managing crisis events in the best way possible. The principles that should be applied when developing response guidelines are illustrated in Exhibit 5.1, and should conform to the following considerations:

• Resourced.: The response guidelines should have the correct resources available to allow plans to be implemented, in terms of education for users as well as the materials needed to implement responses.
• Supported.: Response guidelines should be supported by all management levels in order to ensure that activities have prior buy‐in and that consistent approaches are in place.
• Rehearsed.: Ideally, response measures will have been practiced prior to an emergency so that managers and users are familiar and comfortable with the guidelines and requirements.
• Integrated.: Integration both within the company and with external agencies is critical to ensure that response guidelines are effective. Technological integration is also required.
• Leveraged.: Response guidelines should seek to leverage organic and external resources and capabilities in order to augment a user group's capabilities and capacity.
• Flexible.: Response guidelines should be inherently flexible in order to meet the unique factors that invariably accompany each crisis event. They should guide, rather than be rigidly enforced.
• Measured.: Response guidelines should provide a calm, measured, and mature response to crisis events, reducing panic or knee‐jerk reactions.
• Clear.: Response guidelines should be clear and easy to follow—meeting the knowledge, capabilities, and experiences of a wide and diverse user audience.
• Pragmatic.: Response guidelines should be pragmatic and realistic. They should provide the right level of support to resolve a problem—simplicity and realism are vital.
  
  

 

Exhibit 1: Response Guidelines Principles

The following response guidelines offer suggestions for how simple and user‐friendly management protocols can be developed to meet the requirements of a wide user audience, for a variety of threats a company or organization might face. Each guideline should be considered as an isolated tool, providing sufficient instructions and prompts to assist first responders and crisis managers in dealing with singular events. A degree of repetition will be evident within some guideline protocols as each management response guideline should be self contained and able to operate in isolation. At the end of each guideline response is a blank organization contact list that can be used to guide managers to the correct organizations to liaise with, alert, or mobilize for each type of risk event. This should be linked to the Business Continuity Management Plan communications and interface plans and should be simple enough for those not trained or experienced in applying crisis management policies and procedures to use effectively, but should also be designed to support a range of incident response and crisis management teams as well. It should be remembered that these plans will need to be clear, simple, and succinct when used in order to offer guidance to managers while they concurrently face the stresses and challenges of coping with the crisis event itself. Companies should seek to tailor such responses to suit their corporate policies and objectives, making plans short or more detailed depending on their need and level of risk, as well as the business activity and its operating environment.

Aspects of the response guidelines and data call section will be repetitive of other components of the Business Continuity Management Plan. This is necessary in some areas so that each section can operate in isolation, if required.

Understanding and Implementing Standards and Guidelines for Emergency Management

Several regulations, guidelines, and standards have improved the management of emergencies and disasters in the United States over the last two decades. Such publications have been developed and released by organizations and government agencies such as ASTM International (formerly the American Society for Testing and Materials), the Occupational Safety and Health Administration (OSHA), the Environmental Protection Agency (EPA), the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), the Department of Veterans Affairs (VA), and the National Fire Protection Association (NFPA).

The principles within these standards and guidelines regarding

• mass-casualty incidents,

• hazardous materials,

• decontamination, and

• emergency management program development.

Multiple- and Mass-Casualty Incident Standards

ASTM standard F-1288, Standard Guide for Planning for and Responding to a Multiple Casualty Incident, covers planning, needs assessment, training, interagency coordination, mutual aid, and other important issues as they relate to multiple-casualty incidents. It identifies key terms and activities and explains how the incident management process is organized at the scene (ASTM 1990).

In addition to that standard, George Washington University recently developed a peer-reviewed model for mass-casualty response that integrates the functional requirements of medical, public health, and emergency management agencies in the Medical and Health Incident Management System (MaHIM) (available online at http://www.gwu.edu/~icdrm/). The model was based on the definition of a mass-casualty incident involving 5,000 casualties, 10 percent of which would be considered significant (Barbera and Macintyre 2002). Casualty refers to any human accessing health or medical services, including mental health services and fatality care, as a result of a hazard impact. The MaHIM model clarifies the types of activities that may become necessary at the community-health-system level and how they would be organized in a mass-casualty incident.

It is a useful tool for jurisdictional and regional system development, education, and planning. The Department of Health and Human Services (U.S. DHHS 2002) and the Department of Homeland Security (U.S. DHS 2003) promote this type of management-system framework and are considering applying MaHIM to support current public health and hospital bioterrorism preparedness (CDC 2003). MaHIM is entirely consistent with broader efforts to create a national incident-management system (The White House 2003).

Hazardous-Materials Legislation

A sentinel event occurred in 1985 in Bhopal, India, in which thousands were killed and injured as a result of the release of a toxic gas from a nearby industrial facility. Congress responded to the concerns of such a disaster occurring in the United States by enacting the Superfund Amendments and Reauthorization Act (SARA) of 1986, amending the Comprehensive Environmental Response, Compensation and Liability Act of 1980.

SARA Title III

The basic purpose of SARA Title III, also known as the Emergency Planning and Community Right-to-Know Act, was to promote emergency planning to respond to chemical releases and to ensure that information regarding chemicals in the community is available to the public and emergency response agencies. These goals are accomplished by

• establishing state emergency response commissions and local emergency planning committees (LEPCs) with responsibility to develop emergency plans to be followed in the event of a chemical release and

• implementing a series of notification and reporting requirements to state and local emergency planning activities with respect to type and quantities of specific chemicals.

Environmental Protection Agency

As part of SARA Title III, the EPA will not enforce HAZWOPER for environmental consequences stemming from necessary and appropriate actions such as decontamination during the phase of an emergency response where an imminent threat to human health and life is present. However, once this phase passes, every attempt should be made to contain the runoff and dispose of it properly (Makris 1999).

Beyond industrial or transportation accidents involving hazardous materials, recent events have directed major emphasis on preparedness for occurrences involving weapons of mass destruction. Because of this threat, hospitals and health departments have become much more involved in communitywide emergency preparedness efforts.

One question that has been hotly debated is how SARA Title III, or more specifically HAZWOPER, applies to healthcare facility preparedness for these types of hazardous materials. OSHAs position until lately had been that if the contaminating substance was unknown, staff performing decontamination at a hospital who were not in the immediate area of the release were required to wear Level B personal protective equipment (PPE), including a mask supplied by an external air source.

Many experts disputed the necessity of this elevated measure of pro tection, contending that Level C PPE using a full face mask with powered or nonpowered canister filtration systems was adequate for hospital decontamination (Macintyre et al. 2000). In September 2002, OSHA took the position that as long as the choice of PPE was based on a risk assessment conducted by the employer, the agency would not require any particular level of PPE and respiratory protection (Fairfax 2002).

Decontamination

Healthcare facilities that do not prepare for the potential arrival of contaminated patients face a dilemma. Refusing to assess and, if necessary, stabilize a contaminated patient is a violation of the Emergency Medical Treatment and Active Labor Act (U.S. GAO 2001). Employees who have not been adequately trained or equipped to deal with the situation can refuse to participate, leaving the facility only one choice: to dial 911 and request support from the local public safety system. These same resources, however, may already be fully involved at the site of the release.

Department of Vetemns Affairs

The VA developed a mass-casualty decontamination program that is based on a site-specific hazards vulnerability and capability analysis of the facility and surrounding community. Permanent or semipermanent showering facilities (in smoking shelters, along an external wall, etc.) are seen as advantageous over temporary tent-type facilities because of the speed of setup and lower expense (VA 2002a). Macintyre et al. (2000) believe that the following aspects are key to an effective decontamination protocol:

1. Event recognition

2. Activation

3. Primary triage

4. Patient registry

5. Collection of clothing and personal property

6. Decontamination

7. Secondary triage

8. Treatment and post-incident activities (e.g., media and family relations, medical surveillance, critique, etc.)

Healthcare-facility-decontamination training programs should follow NFPA standard 473, Standard for Competencies for EMS Personnel Responding to Hazardous Materials Incidents (Beatty 2003). NFPA 473 (this standard may be reviewed at http://www.nfpa.org/PDF/473.pdf?STC=nfpa) identifies the levels of competence required of emergency medical services personnel who respond to hazardous-materials incidents (NFPA 2002a). It specifically covers requirements for basic (Level I) and advanced (Level II) life-support personnel in the prehospital setting. This standard also provides information on training, recommended support resources, medical treatment considerations, patient decontamination, and hazardous-materials characteristics and references.

Emergency Management Standards

Joint Commission on Accreditation of Healthcare Organizations

In January 2001, JCAHO updated its emergency preparedness standards (standards EC.1.4, EC.2.4, and EC.2.9.1^[1.] found in the Environment of Care, or EC, section), adopting the four phases of comprehensive emergency management: mitigation, preparedness, response, and recovery. Other key additions to the emergency management standards were requirements for a hazards vulnerability analysis (HVA), the requirement that healthcare organizations implement an incident command system (ICS) consistent with that used by their community, and the acceptance of tabletop exercises for one of two required annual drills. Specific requirements for drills include the following:

• A facility designated as business occupancy must execute one drill annually.

• Hospitals, long-term-care organizations, ambulatory care facilities, and behavioral health facilities not classified as business occupancy must conduct drills twice a year at least four months, but not more than eight months, apart.

• Facilities offering emergency services or designated as disaster receiving stations must base one exercise on an external disaster, and it must include volunteer/simulated patients who must be triaged, put on stretchers or in wheelchairs, and transported through the system as if they were actual patients.

• An organization must participate in a community drill that is relevant to its priority emergencies and that will assess communications, coordination, and the effectiveness of the organization’s and the community’s command structures.

The events of terrorism that took place in the United States in fall 2001 brought several more changes to the overall 2002 standards, including clarification on the process and products of the HVA (in particular, that procedures should be developed for each priority hazard identified), a requirement for cooperative planning with other healthcare facilities in the geographic area, and procedures for emergency credentialing. In 2003, components of the hospital emergency management standards were extended to long-term care, ambulatory care, behavioral health care, and home health care settings (Environment of Care News 2002). For 2004, the EC standards have been renumbered and reformatted but have not undergone any substantive changes in requirements.

National Fire Protection Association

NFPA emergency management Standard 99, entitled “Healthcare Facilities,” contains very similar requirements to JCAHO (NFPA 2002b). One big difference between the standards is the additional material in the annexes of the NFPA standard: explanatory material, references, and additional planning considerations (NFPA 2002a).

NFPA Standard 1600, Emergency Management and Business Continuity Programs, has gained international recognition and consensus among the public and private sectors. This standard articulates the generic elements of these programs and serves as the basis for an emergency management program evaluation and accreditation system by state, local, and tribal governments (NEMA 2001). Thus, NFPA 1600 represents a standard for communitywide emergency management programs (NFPA 2002c).