earl j.motzer, ph.d. scott cormier · earl j.motzer, ph.d. retired hospital ceo retired adjunct...
TRANSCRIPT
Earl J.Motzer, Ph.D.
Retired Hospital CEORetired Adjunct Graduate School ProfessorVolunteer Federal Force Multiplier DHS, FBI, HHS, NSC & ODNI
Scott Cormier
Vice President,
Emergency Management, Environment of Care and Safety
Medxcel
Critical Infrastructure DefinedHealthcare and Public Health Sector Coordinating CouncilVulnerability and Risk AssessmentsWorkplace ViolenceHealthcare Active Shooter New CMS Conditions of Participation for Emergency ManagementTerrorist & Counterintelligence Attacks
Systems and assets, whether physical or virtual, so vital to the United States that their incapacitation or destruction …would have a debilitating impact on security, … economic security, … public health or safety, or any combination of those matters. §1016(e) of the USA Patriot Act of 2001 (42 U.S.C. §5195c(e))
• Voluntary Partnership-not tied to regulation or funding
• Critical Infrastructure Protection Advisory Council (CIPAC)
• FACA-exempted
• Protected Critical Infrastructure Information (PCII)
By providing a venue for public and private sector partners to collaborate, we:
Promote risk management activities;Share threat information;Socialize best practices; and Develop useful tools and policies;
to mitigate impacts of disasters and enhance resilience of the entire health care system to minimize disruptions in care for all Americans.
6
Security Resilience
7
• Implement recommendations of the Healthcare Industry Cybersecurity Task Force
• Support cyber-dependent critical infrastructure
• Support DHS Regional Assessment of NY County Healthcare Resilience Coalition supply chain challenges
• Work to coordinate federal activities• Pilot our comprehensive risk assessment tool
with Healthcare Coalitions and health systems• Finalize public version of tool by November
2017
• Engage Sector partners in Gotham Shield exercise
• Foster relationship with FEMA Nat’l Business Operations Center
Cybersecurity
Supply Chain
Risk Assessment Tool
Response
8
The HSIN-HPH web portal is designed specifically for those responsible for collecting, analyzing, and using information for the protection of our nation’s healthcare and public health infrastructure. HSIN-HPH was developed to give the government and private sector a tool that enables the timely exchange of information for preparing for and responding to disease outbreaks, natural disasters, terrorist attacks, and other all-hazards events. The content of the site includes:
Incident information – continuous updates during all-hazards events Alerts, warnings and notifications of credible threatsEffective practices and protective measures for sector organizationsPolicy analysis and research reportsAccess to other subject matter experts
https://www.empcenter.org/wp-content/uploads/2017/09/CF_Resilient_Hospitals_Handbook_edits-cm_Version3b2.pdf
https://www.fbi.gov/file-repository/active_shooter_planning_and_response_in_a_healthcare_setting.pdf/view
THAM
RIST-V
RIST-C
Dashboard Navigator
Multi-facility Viewer
Threat and Hazard Assessment Module (THAM) uses Internet-available, authoritative data sources to calculate likelihood of occurrence across event types
Aligned with Joint Commission & CMS Emergency Preparedness Rule standards & best practices
Includes:Comprehensive narrative methodology (event type descriptions + likelihood of occurrence calculation for each)Automated tool using self-populating data fields from authoritative national or sector level sources w/embedded user guide
13
14
Rapid Infrastructure Survey Tool
Assess Vulnerability & Consequence/Criticality components of risk using survey-based approach
Used in conjunction with THAM to link V&C-related info to individual threats/hazards
Baseline framework of tools derived from DHS Rapid Survey Tool, with additional info drawn from:
Joint Commission & CMS Emergency Preparedness StandardsNIST Cybersecurity FrameworkHPH Sector SME Inputs
15
16
17
18
19
Objective allocation of scarce resources
Valuation
MitigationRisk
Assessment
Valuation
t
Zig Zag
122454%36%
Running in a zig zag pattern did NOT reduce the percentage of hits. It did however, reduce the chance that the runner will get hit in the torso or head.
Crouch
102055%50%
# Trials# Shots Fired% Hits% Center Mass or head hits (out of total shots fired)
Straight Line122152%47%
The runners were moving so fast that in three of the test runs (25%), the shooters were unable to fire a second round
Regulatory Compliance• Three phase approach to compliance assurance• Compliant facilities means safe facilities
Emergency Management & Safety• Local, regional and national support teams• Business plan continuity
Facility Operations
Environment of Care• Baseline assessment, review of your data and a plan of
action.• Security, hazardous materials, fire safety, medical
equipment and utility systems
Practicing an integrated model to best serve large healthcare systems
STATISTICS
Number of Births >84kED Visits >3MOutpatient Visits >23MSurgical Visits – Outpatient >400kEquivalent Discharges >1.5M
2,500 Sites of Care:141 Hospitals
24 States and the District of Columbia
150k Associates
40k Affiliated Physicians
More than 22k Available Beds
Approximately 20% of Catholic Health Services in the U.S.
From 2002 to 2013, incidents of seriousworkplace violence were four times more common in healthcare than in private industry on average.
Definition: Violent acts, including physical assaults and threats of assault, directed toward persons at work or on duty.
Definition: Workplace bullying is repeated, unreasonable behavior directed towards a worker or group of workers, that creates a risk to health and safety.
Address concerns about threatening or potentially
threatening behavior that could result in violence.
Formal training
Patients and family members, visitors, staff, or
other persons brought to the attention of the team
What they do:
Healthcare facility administratorsCounselorsCurrent employeesMedical and behavioral health professionalsResidential lifePublic safetyLaw enforcement personnel
Who they are:
Type 1: No relationship to workplace
Type 2: Customers or clients
Type 3: Employment relationship (current or former)
Type 4: Relationship with employee
Establish Crisis
Management Team
1
Planning and Team Training
2
Violence Vulnerability Assessment
(DATA)
3
Policy, Procedures,
andProtocols
4
Professional Threat
Assessment
5Training and
Communication for Staff
6
Organizational Collaboration
7
Incident Response
(timely)
8
Evaluate Efficiency
9
Sustain Process
10
Objectifying and dehumanizing othersChallenging authorityRegularly becoming argumentativeAlienating customers or clientsOriginating and spreading lies about othersVerbal abuseSuicidal thoughtsAngry outbursts/ signs of frustration
Arguing frequently or intenselyBlatantly ignoring policies/proceduresSetting traps for othersStealing/vandalismSuicidal threats/intent to harm othersConveying unwanted sexual attention/violence by voice, email, letterHolding others responsible for others/feeling persecuted
Hands on violenceVery dangerous, clear intent to hurtRisk of psychological harmRequires law enforcement or mental health intervention
DiffusingIf employee, immediate manager or supervisorRecord incidentNotify chain of command
Call for Help
Active Shooter is not:Person with a gunHostage situationMurder or murder/suicide
Active Shooter: Actively engaged in killing or attempting to kill people in a populated area.
Mass Killing:Three or more killed.
7 incidents between 2000-2017
It’s not part of a bundle
s between 2000-2017
Learn the signs of a potentially volatile situation and ways to prevent an incident.
Learn the best steps for survival when faced with an active shooter situation.
Be prepared to work with law enforcement during the response.
What is a healthcare setting?Hospital (teaching, critical access)ClinicPhysician practiceMedical schoolFree standing MRIOncology clinicAmbulatory surgery centerLong term care
Vulnerable populationHazardous materialsOpennessVisitors“Duty to Act” and “Abandonment” concernsAbility to provide care
Updated guidance released February 2017Additional content includes
Warm zone operationsUpdated law enforcement tacticsIEDsUnified commandPSYStart triageQuick guideWorkplace violence
December 14, 201220 Children, six adults killedPerpetrator also killed mother and himselfShot through glass panel in door to enter16 killed hiding in bathroom6 killed hiding in classroom, 9 fled and survived15 survived hiding in class bathroom with window coveredOthers survived in barricaded closet
People tend to make a choice of run or hide, and stick with it.
During the process of running, you may need to hide and fight, but keep running.
Is running abandonment?Is there an ethical or moral obligation to stay?Can you require someone NOT to run?Helpless patients
Operating roomVentilatorsNon-ambulatory
Golden Rule:Less People in Hot Zone = Less Victims
Healthcare facilities can be largeMultiple buildingsMultiple floors/wingsEducational campus
Response depends on where it is occurringRun, hide, fight are un-numbered optionsSituations are fluid
Training will decrease deathsIndividual facilities will make a plan appropriate for themPre-planning how to “barricade” at the unit level will decrease deathsAs shooter moves, response will changeSelf preservation is a personal issuePeople do heroic things, but not by policy
PanicResearch shows warnings do not induce panicPeople need accurate information and clear instructions
Codes vs. Plain LanguageCommunication barriers (multi-lingual, hearing impaired, learning disabled)
https://healthinfotranslations.org
Share plan with respondersConsider pre-placed maps and access badgesExercisesEquipment cache locationIntegrating into the care/security teamsTransport or treat at the facility decisionsIntegrated command postWarm zone operationsCasualty collection pointsHemorrhage control
A survey conducted in 2008 showed only six hospitals had an active shooter policyA team was formed to develop a model active shooter and hostage policyPolicy was not mandatoryPlaced on SharePoint siteBy 2009
16 hospitals had adopted the policy4 held active shooter exercises
But we still had this:“Under no circumstances are staff, patients and visitors to flee from the area or leave the facility unless instructed to do so by law enforcement officers or to protect themselves from imminent physical dangers.”
Aurora Colorado Shooting: July 20, 2012
Sandy Hook Elementary School Shooting: December 14, 2012
Executive Team MeetingNeed for a standardized policyIncentivesVerification of implementationLeadership ResponsibilityCompany–wide; both clinical and non-clinical sites
90 Days to ImplementAdopt PolicyTraining for all StaffFacility Executive to Sign AttestationPolicy and Attestation posted to facility SharePoint page
It’s great to implement a plan, but tougher to maintain it.
• Ambulatory Surgical Center • Hospital• Clinics, Rehabilitation and
Therapy • Immediate Care Facility –
Intellectual Disability• Community Mental Health Center • Long Term Care Facility• Comprehensive Outpatient
Rehab • Organ Procurement Organization• Critical Access Hospital
• Program for the All Inclusive Care for the Elderly
• End Stage Renal Disease • Psychiatric Residential Treatment
Facility• Home Health Agency • Religious Non-Medical
Healthcare Institution• Hospice• Rural Health Care-FQHC• Transplant Center
Risk Assessment and Planning Policies and Procedures
Communication Plan Training and Testing
Emergency Preparedness
Program
• Outpatient providers are not required to have policies and procedures for the provision of subsistence needs
• Home health agencies and hospices required to inform officials of patients in need of evacuation
• Long-term care and psychiatric residential treatment facilities must share information from the emergency plan with residents and family members or representatives
14
• Under the Policies and Procedures, Standard (b) there are requirements for subsistence needs and temperature controls.
• Additional requirements for hospitals, critical accesshospitals, and long-term care facilities are located within the Final Rule under Standard (e) for Emergency Power and Stand-by Systems.
During the period 1981 to 2013, 103 terrorist attacks on hospitals in 43 countries on every continent, killing 775 people and wounding 1,217.
55 of the attacks were deadly (19 resulted in the death of 10 or more people).
Availability of healthcareSuspension of healthcare programsDegradation of health infrastructureFlight of healthcare workersOutbreaks of illnesses and diseaseInability to treat existing conditions
Consumption and sharing of media glorifying violent extremist acts in attempting to mobilize others to violence.Loitering, standing, parking or unattended vehicles in the same area over multiple days with no reasonable explanation.Photography or videography focused on security features, including cameras, security personnel, gates and barriers.Unattended packages, bags and suitcases.
Unusual or prolonged interest in or attempts to gain sensitive information about security measures of personnel, gates and barriers; peak days and hours of operation, and access controls such as alarms or locks.
Individuals wearing bulky clothing or clothing inconsistent with the weather or season, or wearing official uniforms or being in authorized without official credentials.
Individuals presenting injuries consistent the use of explosives or explosive material without a reasonable explanation .
Harden the perimeter through the use of fencing, bollards and video.
Reduce the number of public entrances open 24/7 and staff them if possible. At some point it may be necessary to use metal detectors for humans and vehicles including ambulances.
Modify all job descriptions to include a security role, especially to emphasize “If you see something, say something timely”
Conduct mandatory training at least annually for all employees, contractors, students, licensed practitioners, volunteers, managers, CEO and Board of Directors.
Meet regularly with community leaders and responders to coordinate emergency planning (including reducing the crime scene footprint, assistance program, legal requirements, at least annual exercises, behavioral health issues, news media/press releases, use of plain language communication, facility tours on all three shifts, understanding improvised explosive and nuclear devices, unified command, facility clearing/evacuation/lockdown.
Law Enforcement, Fire, EMS, EM, Judicial, City/County Executives/Politicians, Coroner, Media, Clergy, Behavioral Health, Other Healthcare Facilities, Physician, Nurse, Public Health, CERT, MRC, SMEs, Engineers, Cyber
Education, Chamber of Commerce, Legal, Financial,Aging, Non-Profit, Real Estate, Transportation
Pre-planned and alternate areas for evacuation/assembly, infectious disease/radiation/chemical/nuclear/ biohazard exposure checklists, family assistance center, psychological first aid, media, command post, etc.
Operate a security badging system that accounts for all on campus.
Belong to one or more physical and cybersecurity intelligence organizations that monitor social media as well to provide timely action for appropriate action.
Be alert to major events occurring in the area to take appropriate action on a timely basis.
Intelligence activities concerned with identifying individuals engaged in espionage or sabotage or subversion or terrorism.
Espionage is the acquisition of information through clandestine means and as proscribed by the laws of the country against which it is committed. CI embraces all activities, human and technical, whether home or abroad, undertaken to identify, assess, neutralize and exploit foreign intelligence threats.
Data breaches involving personal information result in a broad to individuals and organizations, including identity theft, targeting of individuals with knowledge of sensitive information and internal business processes, and other activities that use personal information of U.S. citizens to undermine national security.
Do not provide personal, financial or sensitive information about yourself, your family or associates.
Beware of opening attachments or clicking on links.
Install and maintain up-to-date anti-virus and anti-malware software. Transmit electronic safely using encryption and known websites.
Share electronic files and photographs only with those you know as they contain embedded metadata.
Select highest level of privacy.
Regularly monitor your credit history.
Maintain positive control of electronic devices.
Report all suspicious work activity to your supervisor.
PhishingSpearphishingSocial Media DeceptionHuman TargetingUnsolicited Telephone and/or Text MessagesIdentity ImpersonationInsider Threat
Thank you for all you do in keeping our patients, staff, and visitors safe!
Earl Motzer: [email protected]
Scott Cormier: [email protected]