Issue Alerts

Our Resources
Download PDF Print Friendly Page Email Page

Is Your Emergency Preparedness Plan Consistent with CMS Standards?

The Centers for Medicare & Medicaid Services has new requirements for healthcare providers and suppliers

July 4, 2017

By: Brooke Bennett Aziere and Amanda M. Wilwert

Natural and man-made disasters in recent years have highlighted how disasters can disrupt the environment of health care and change the demand for health care services. As a result, the Centers for Medicare & Medicaid Services (“CMS”) issued a final rule establishing national emergency preparedness and coordination requirements for 17 different provider and supplier types including, but not limited to: Ambulatory Surgical Centers, Hospices, Hospitals, Critical Access Hospitals, Long-Term Care Facilities, Rural Health Clinics, Federally Qualified Health Centers, Psychiatric Residential Treatment Facilities, Community Mental Health Centers, and Intermediate Care Facilities for Individuals with Intellectual Disabilities.

In its rulemaking, CMS identified four core elements that are “common and well known industry best practice standards” for emergency preparedness programs: (1) an emergency plan; (2) policies and procedures; (3) a communication plan; and (4) training and testing programs. CMS mandates compliance with these core elements across all provider and supplier types, but tailors the specific compliance requirements depending upon provider and supplier characteristics.

Core #1 -- Emergency Plan
Providers and suppliers must develop and maintain an emergency plan that is reviewed and updated annually. The plan must be founded on a facility- and community-based risk assessment focusing on the specific location of a provider or supplier and the capacities and capabilities that are critical to preparedness for a full spectrum of emergencies or disasters. The risk assessment should include: identification of business functions essential to operations; identification of all contingencies for which the provider or supplier should plan; an assessment of the extent to which emergencies may cause a limitation of operations; and a determination of necessary arrangements with other facilities or entities to ensure essential services can be provided during an emergency.

The emergency plan must also address the provider’s or supplier’s patient population, including, but not limited to, persons at-risk; the type of services the provider or supplier has the ability to provide in an emergency; and continuity of operations, including delegation and succession planning to ensure that the lines of authority during an emergency are clear and that the plan is implemented promptly and appropriately. The plan must also include a process for ensuring cooperation and collaboration with local, tribal, regional, state, and federal emergency preparedness officials.

Core #2 -- Policies And Procedures
Providers and suppliers must develop and implement policies and procedures based on its risk assessment and emergency plan. These must be reviewed and updated annually. Policies and procedures must address at least eight elements including, but not limited to: evacuation or provision of shelter for patients; food, water, medical, and pharmaceutical supplies; alternate sources of energy; emergency lighting; fire detection, extinguishing, and alarm system; and a system of medical documentation that preserves patient information and protects confidentiality of patient information.
CMS requires providers and suppliers to develop a system to track the location of staff and patients in their care, both during and after an emergency. Hospitals are required to document the specific name and location of the receiving facility or other location for patients who leave the facility during an emergency. Long-Term Care Facilities, Intermediate Care Facilities for Individuals with Intellectual Disabilities and others are required to track on-duty staff and sheltered patients both during and after an emergency. Outpatient facilities are only required to track staff during and after an emergency.

Core #3 -- Communication Plan
The third core element requires development and maintenance of a communication plan that complies with both federal and state law. Generally, seven items must be included in the communication plan including: names and contact information for employees; primary and alternate means of communication; and a method for sharing information and medical documentation for patients with other providers. The primary focus is the coordination of patient care within the facility, across health care providers, and with state and local public health departments and emergency systems.

Core #4 -- Training And Testing Programs
Providers and suppliers are required to develop and maintain training and testing programs. These must be reviewed and updated annually. Providers and suppliers must conduct initial and annual trainings with all new and existing employees and workforce members. Providers and suppliers must also conduct drills and exercises or participate in an actual incident twice a year to test their plans and programs. The rule provides flexibility for a provider or supplier to choose the type of exercise a facility conducts for its second annual testing requirement.

Parting Takeaway
All providers and suppliers will be required to adopt fundamental emergency preparedness capabilities to best ensure the safety of their patients’ health as a condition of participation in Medicare and Medicaid programs. Requirements in the rule must be implemented by November, 15, 2017.

The full text of the final rule can be found at CMS has also posted guidance available at

For More Information
Foulston Siefkin’s health care lawyers maintain a high level of expertise regarding federal and state regulations affecting the health care industry. The firm devotes significant resources to ensure our attorneys remain up-to-date on daily developments. At the same time, the relationship of our health care law practice group with Foulston Siefkin’s other practice groups, including the taxation, general business, labor and employment, and commercial litigation groups, enhances our ability to consider all of the legal ramifications of any situation or strategy. For additional information, contact Brooke Bennett Aziere at 316.291.9768, or For more information on the firm, please visit our website at

Established in 1919, Foulston Siefkin is the largest law firm in Kansas. With offices in Wichita, Kansas City, and Topeka, Foulston Siefkin provides a full range of legal services to clients in the areas of Administrative & Regulatory, Agribusiness, Antitrust & Trade Regulation, Appellate Law, Banking & Financial Services, Commercial & Complex Litigation, Construction, Creditors’ Rights & Bankruptcy, E-Commerce, Education & Public Entity, Elder Law, Emerging Small Business, Employee Benefits & ERISA, Employment & Labor, Energy, Environmental, Estate Planning & Probate, Family Business Enterprise, Franchise, General Business, Government Investigations & White Collar Defense, Health Care, Immigration, Insurance Defense Litigation, Insurance Regulatory, Intellectual Property, Life Sciences & Biotechnology, Mediation/Dispute Resolution, Mergers & Acquisitions, Native American Law, OSHA, Public Policy and Government Relations, Product Liability, Professional Malpractice, Real Estate, Securities, Tax Exempt Organizations, Taxation, Water Rights, and Workers Compensation.

PDF File View as PDF