Every day, millions of Americans put their lives in the hands of the healthcare system. From staff to patients and their family members, hospitals and their surroundings are potential hotbeds for emergencies.
The wake of COVID-19 has only made the challenging landscape of the healthcare system that much more difficult to manage. The effects of the pandemic underscore the importance of having a functional mass notification system in place.
While creating an all-encompassing mass notification system for hospitals is tough, there are a few key aspects that must be included in order to comply with state and federal standards. The system should, at its core, give full information during an emergency and permit a quick recovery afterward.
Healthcare mass notification systems support preconfigured templates that can be customized in advance for all anticipated emergencies. In dangerous situations, system administrators can then select the appropriate template rather than compose a message under potentially stressful circumstances — leading to errors made in the content of the message.
Prior to the pandemic, healthcare organizations were already utilizing mass notification systems (traditionally intended for emergencies) for other critical communications. According to Healthcare Facilities Today, mass notification systems have helped improve daily operational efficiency in healthcare organizations.
Many hospitals also utilize notification systems to help with personnel management. This is true in both catastrophe situations (e.g., a sudden rise in patients necessitates additional doctors and nurses, who are notified via a notification system) and everyday shift management and confirmation (e.g. you are confirmed for the Tuesday swing shift in burn unit 2).
This white paper dives into the importance of functional mass notification systems and how to leverage on the gains made within the industry to be sufficiently prepared.
Attacks on Healthcare in the Context of COVID-19
Several factors appear to have contributed to the rise in attacks on healthcare personnel during the epidemic. According to a National Nurses United survey of over 15 000 US registered nurses conducted in late 2020, about 20% of respondents said they had experienced an increase in on-the-job violence, which they attributed to COVID-19-related staffing shortages, changes in their patient population and visitor restrictions.
Terry Kowalenko, MD, professor and Chair of Emergency Medicine at the Medical University of South Carolina in Charleston said in a recent interview that COVID-19 has created an environment “ripe for aggression and violence. You take it out on those who are trying to help your loved ones.”
Since the WHO declared COVID-19 a pandemic in March 2020, attacks within the healthcare industry were reported from 56 countries around the world. Health workers have been victims of threats, assaults and demonstrations outside facilities.
These cases were frequently reported during lockdown periods that were designed to stop the spread of the virus. Ensuring access to health services is the cornerstone of successful health response. Any verbal or physical act of violence, obstruction or threat that interferes with the availability, access and delivery of such services is defined as an attack on healthcare by the World Health Organization (WHO).
Types of Attacks
According to Insecurity Insight, most COVID-19-related incidents of abuse or violence were triggered by people opposing health measures intended to contain the spread of the virus. Health workers also faced abuse or violence while traveling to and from work, and for speaking out against difficulties they experienced in their work, including the lack of personal protective equipment.
Threats or violence directed at health workers were frequently triggered by opposition to medical tests for COVID-19 diagnosis or by decisions to hospitalize an individual. These types of incidents usually took place at hospitals and while health workers were on duty.
Cyberattacks on healthcare systems also increased during the pandemic, placing a large threat on patient care and private data. In October 2020, the information technology desk at the University of Vermont (UVM) Medical Center began receiving multiple calls from staff, complaining of strange computer access problems.
All signs pointed to malicious software and, eventually, a file with instructions to contact the alleged perpetrators of the cyberattack was found. The center opted to lock down email, internet access and major parts of the organization’s computer network to prevent further damage.
For nearly a month, UVM Medical Center employees couldn’t use electronic health records (EHRs), payroll programs or other vital digital tools. For days, staff didn’t even know which patients were scheduled for appointments. Many surgeries had to be rescheduled, and cancer patients had to go elsewhere for radiation treatment.
Though the center never paid a ransom, the attack cost an estimated $50 million, mostly lost revenue, according to UVM Health Network Chief Medical Information Officer, Doug Gentile, MD. And, it took IT staff three weeks working 24/7 to ensure network systems and restore thousands of affected computers.
The ransomware attack on UVM Medical Center is like numerous others that have hit hundreds of hospitals in recent years: Hackers gain entry to a computer system, encrypt the files that run it and then demand payment for a decryption key to unlock access.
This is a very familiar story globally as more than 1 in 3 healthcare organizations around the world reported being hit by ransomware in 2020, according to a survey by IT professionals.
As mentioned above, the nature of attacks on healthcare related to COVID-19 varies across contexts and can range from the use of heavy weapons targeting health facilities to the stigmatization of healthcare workers who are treating COVID-19 patients.
Ultimately – whether they take the form of a cyber attack or a physical assault – these disruptions deprive people of urgently needed care, endanger healthcare providers and undermine health systems.
Stopping Attacks on Healthcare Facilities
Keeping hospitals safe needs to be a priority for stakeholders as we move past COVID-19. At a time when patients are dealing with multiple effects of the pandemic, cases of violence and cyberattacks only serve to create unnecessary chaos.
Above and beyond the security that is provided at healthcare facilities, government stakeholders need to come together to invest in systematic data collection programs on the attacks against health workers. This is a measure that will go a long way in ensuring that stakeholders are better prepared for attacks in the future.
Emergency Operations Plan: 6 Key Elements Checklist for Hospitals
Since the healthcare system itself forms part of any crisis response, administrators of healthcare facilities and hospitals must formulate a comprehensive disaster plan detailing their organization’s intended course of action in the case of any kind of catastrophe. The complexities of ensuring continuity of services throughout the myriad disasters that can occur puts hospitals at the forefront of emergency planning.
This hospital emegency operation plan includes mass casualty events, where loss of life and need for medical attention is so high that the medical system is overwhelmed, and mass effect events, or direct disruptions to the medical system’s ability to deliver care. An example of a mass casualty event would be the COVID-19 pandemic, while an example of a mass effect event would be Hurricane Katrina. This approach allows the hospital to act nimbly in crises of varying causes, durations, and scopes.
The standard hospitals follow when it comes to emergency planning is The Joint Commission’s Emergency Management Standard. It is a nonprofit organization that sets standards for and issues accreditation to healthcare organizations. To be certified as meeting The Joint Commission’s standard, facilities must undergo an evaluation every three years.
The Joint Commission has identified a hospital emergency operation plan’s six key elements: communication, resources and assets, safety and security, staff responsibilities, utilities, and clinical and support activities. Read on for a look at these components, along with a checklist of steps administrators can take to begin crafting each part of their emergency plan.
Hospitals rely on efficient communication even in non-emergency situations. During a crisis, the execution of an emergency operations plan can hinge on communication. Internal lines of contact must be clearly documented in any hospital emergency operations plan. Procedures for disseminating information to staff should also be outlined.
An effective disaster response will involve communication with other local first responders. When formulating an emergency operations plan, a hospital administrator/manager should ascertain exactly which agencies will be handling an emergency and identify appropriate contacts there. Having contact information for other groups and officials in the community who may act as sources of aid and information in a catastrophe is also useful.
Documenting attempts at making contact with outside agencies, as well as any conversations that take place, is a crucial step to meeting The Joint Commission’s standard for EOPs. Detailed records of incoming and outgoing communications must be kept throughout the emergency.
As with all aspects of an EOP, communication channels are reviewed and updated, with an eye on staff changes or agency responsibility shifts.
Steps to take toward meeting this requirement:
- Expand communication procedures during an emergency; do not radically overhaul
- Document communication protocols and channels
- Identify and document which agencies will provide emergency information
- Reach out to local first responders
- Stay up to date on changes in official procedure
- Capture the efficiency of plan metrics and evaluate
Resources and Assets
If an organization intends to be operational throughout an emergency, it needs to identify from where it expects to acquire and restore its stock of nonmedical supplies such as food, water, and clean bedding. Hospital administrators should document their inventory and its depletion rate to plan for lengthy periods without the ability to resupply.
Sufficient supplies to weather any catastrophe and effectively care for patients must be kept on site at all times. Administrators must avoid optimism about federal or local support. Disasters such as Hurricane Katrina have demonstrated that the government can itself be too overwhelmed by the crisis to effectively respond. A hospital emergency operations plan should assume that things will not go as planned.
Staff is considered an asset and must also be supported during an emergency. An EOP should document how staff will obtain transportation to and from work, appropriate shelter, and emotional counseling. Partnering with outside groups such as behavioral health agencies and volunteers who can lend their services in support of healthcare workers is a potential way to address this requirement.
Like every other aspect of the hospital emergency operation plan, resource and asset needs must be regularly revised to match current conditions. Continually monitoring demand on supply chains and finding alternate vendors will keep administrators ahead of the game.
Steps to take toward meeting this requirement:
- Identify supplies that will be needed at the beginning of a crisis and for actions such as an evacuation
- Determine how everyday supplies will be replenished if a disaster cuts off outside support
- Consider asking existing vendors to insert a “surge clause” in supply contracts in case of emergency
- Document procedures for conserving resources and assets
- Evaluate current resource needs and external demands periodically
Ready to see more? You can schedule a no-obligation demo of Regroup’s powerful notification system here.