Awareness of Public Health Preparedness Requirements – CMS

Emergency management and homeland security are collaborative spaces.  Think of these areas a Venn diagram, with overlapping rings.  Some of the related professions overlap with each other separately, but all of them overlap in the center.  This overlap represents the emergency management and homeland security space.  What’s important in this representation is the recognition that emergency managers and homeland security professionals, regardless of what specific agency they may work for, need to have awareness of that shared space and the areas of responsibility of each contributing profession.  One of the biggest players in this shared space is public health.Presentation1

For nearly a year, public health professionals have been talking about new requirements from CMS, which stands for The Centers for Medicare and Medicaid Services.  How does Medicare and Medicaid impact emergency management?  CMS, part of the Department of Health and Human Services (HHS) covers over 100 million people across the US – far more than any private insurer.  As an arm of HHS and a significant funding stream within public health, they set standards.

The most relevant standard to us is the Final Rule on Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.  The rule establishes consistent emergency preparedness requirements across healthcare providers participating in Medicare and Medicaid with the goal of increasing patient safety during emergencies and establishing a more coordinated response to disasters.

The CMS rule incorporates a number of requirements, which include:

  • Emergency planning
  • Policies and procedures
  • Communications planning with external partners
  • Training and exercises

These are all things we would expect from any emergency management standard.  Given the different types of facilities and providers, however, the implementation of the CMS rule can be complex.  A new publication released by the HHS ASPR (Office of the Assistant Secretary for Preparedness and Response) through their TRACIE program (Technical Resources, Assistance Center, and Information Exchange), provides some streamlined references to the CMS rule.  It’s a good document to study up on and keep on hand to help keep you aware of the requirements of one of our biggest partners.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

FEMA and NOAA are NOT Leaderless

VMS Vulnerabilities Can Have Serious Consequences

Few things piss me off more than headlining incorrect information.  Right or wrong, headlines ARE the news for many members of the public who choose to not consume the content of the article.  As either a cause or symptom of our politically divisive climate, many seem to be dismissive of facts and jump to conclusions.  Within the past week, I’ve seen several news articles and Twitter posts claiming that FEMA and/or NOAA are ‘leaderless’. The one that finally did me in was this article from Emergency Management Magazine.

Without venturing into politics, I think it’s very unfortunate that permanent heads of these two agencies have yet to be appointed and confirmed.  Having these posts filled is as important to these agencies psychologically as it is practically.  That said, processes and progress are not stopping at either of these agencies because new heads have yet to be appointed.

First of all, each agency has an acting head.  At FEMA, Bob Fenton is the acting Administrator.  He has a history with FEMA going back to 1996, including a number of high-level leadership roles.  Despite rumors on social media, federal assistance will occur without an appointed FEMA Administrator – and in fact federal assistance, including disaster declarations, have been occurring since Fenton took over as acting Administrator on January 20.  Similarly, NOAA is not without an agency head.  Benjamin Friedman has been performing the duties of NOAA Administrator and Under Secretary of Commerce for Oceans and Atmosphere.  Similar to Fenton, Friendman has a significant leadership history within NOAA and has continued to lead the agency on an interim basis.

Second, both philosophically and practically, organizations have leaders within, not just at the top of the org chart.  There are a number of principals and deputies, program managers, and other functionaries – appointees and civil servants alike – within both organizations that continue to do what they do every day to turn on the lights and provide services to the public and other agencies.  They provide leadership within their areas of responsibility and get work done.

While I understand and agree with the premise of the concern that these agencies don’t have fully appointed agency heads, it’s misleading to the public and insulting to their acting administrators as well as the professionals within these agencies to say they are leaderless.  We continue to see the work we would expect from these agencies, such as new NIMS content and preparedness grants, and diligent weather information, as well as plenty of behind the scenes work that provides us with services every day.  Speak out about the lack of fully appointed agency heads if you like, but don’t say these agencies are without leadership.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Public Area Security National Framework

The Transportation Security Administration (TSA) recently released this report in cooperation with a variety of stakeholders which provides information and guidance on preparedness, prevention, and response activities to strengthen the public spaces of transportation venues.  While the focus of the document is on airports, the information in the document is great not only across all transportation venues, but other public spaces as well.  I think there are great takeaways for other areas of vulnerability, such as malls, convention centers, event spaces, and others.

To be honest, there is nothing particularly earthshattering in this document.  The document is brief and identifies a number of best practices across emergency management and homeland security which will help agencies and organizations prevent, protect, prepare, and respond to threats, particularly attacks.  That said, the document does accomplish providing concise information in one document on key activities that absolutely should be considered by entities which control public-access spaces.  I would also suggest that this document is still 100% relevant to those which have some access controls or entry screenings.

Information in the document is segmented into three key tenets: Information Sharing, Attack Prevention, and Infrastructure and Public Protection.  Within these tenets are found recommendations such as relationship building, communication strategies, vulnerability assessments, operations centers, planning, training, and exercises.  Most of the recommendations provide examples or leading best practices (although no links or sources of additional information, which is a bit disappointing).

The framework is worth a look and can probably serve as an early foundation of activity for those who haven’t yet done much to prepare their spaces for an attack.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Can we Require Preparedness?

The City of Pittsburgh recently lost an effort to require emergency preparedness training for security officers and building service employees.  The Commonwealth Court ruled that the City did not have the authority to require such an ordinance.  This is just another example we’ve seen with difficulties across the US with requirements for preparedness measures.  Why is it so challenging?  It often comes down to the legality of the requirement.

When it comes to the interface of local jurisdictions with states, we often see the concept of home rule providing one of the greatest challenges.  Some interpretations of home rule laws identify that states can’t require local (often to include county) jurisdictions to conduct certain activities, such as have certain plans, attend training, or conduct exercises.  In some states, we see law or regulation that states that if a jurisdiction is to have an emergency plan, then there is a required format of said plan.  But if there is no stick, there is often a carrot.

If requirements can’t be established, then incentives are often the best alternative.  Again, in the local/state relationship, states have grant allocations which can be provided to local governments.  Grant rules can be established that identify certain requirements as conditions of funding.  This tends to be highly effective, especially when funding is expected to continue year after year, and the grants continue to reinforce sustained maintenance on these requirements, such as periodic updates to emergency plans.  Generally, I see no down side to this alternative, so long as the required initiatives are well thought out and realistic given the amount of funds the jurisdiction is receiving.  To ensure effectiveness, however, there must be accountability and quality control measures in place to monitor execution of these requirements; such as reviewing plans, After Action Reports, and auditing training programs. This same methodology is typically how DHS/FEMA is able to get states and funded urban areas (UASIs) to comply with their wishes for various initiatives.

Outside of government, requirements can still be difficult.  While regulations may be put into place for certain industries and under certain conditions, we often have to rely on other, more practical, means of getting businesses, industry, and even not for profits on board.  This often comes with certifications.  An example would be ISO certifications, which some businesses and industry need to compete in certain markets.  Yes, there is even an ISO standard for emergency management.

Unfortunately, many entities, be they public, private, or even individuals, don’t want to be bothered with preparedness.  Most will agree that it’s a good idea, but it takes time, money, and effort.  It’s long been said that you can’t legislate preparedness, and that is often true.  Even if a requirement is able to be established, the extent of implementation can range widely, depending on the internal motivations and resources available to the entity.  Establish whatever requirements you want, but I guarantee there are some that will barely meet those requirements, and in doing so likely not meet the actual intent of the requirement; while others who are believe in the requirement and have available resources, will exceed the requirement.  Largely, organizations are motivated by funding and certification standards.

I’m interested in the perspectives you have on requiring preparedness, both in the US as well as other nations.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Customization of ICS

Even since before the National Incident Management System (NIMS), I’ve seen individuals and organizations have a desire to customize the Incident Command System (ICS).  This has always been troubling to me, as customization is fully contradictory to using a standardized system.

ICS offers an abundance of flexibility.  If you are familiar enough with the system, its foundational features, and the intent of the roles and responsibilities within the system, you can meet practically every need utilizing these functions and features.  Is ICS perfect?  No.  Is it the best we have?  Yep, it sure is.  Having many years as a practitioner, trainer, and evaluator of ICS, I’m confident that it can meet 95% of needs that an organization will have.

Generally, I find the argument that many organizations who insist on customization put forward is that the rigidity of ICS does not accommodate their needs, structure, and culture. On the occasion that I’ve had to sit down with the organization’s personnel and ask questions about what they are trying to accomplish, it becomes quite clear that they simply don’t have a good understanding of ICS.  Some can be fairly obvious, such as moving the Safety Officer position to Operations.  Others require a bit more analysis, such as creating an element in the Operations Section to address security needs of their own facility.  Security of your own facility is actually a responsibility of the Facilities Unit within Logistics, not an Operations responsibility.

Foundationally, let’s consider the main purpose of ICS – interagency coordination.  ICS is a standardized system which supports integration, cooperation, and unity of effort between and among multiple organizations.  One of the main reasons I see organizations struggling to fit elements into an ICS organization chart is because some simply don’t belong there.  If you have functions internal to your own agency, even if they are used during emergency operations, but don’t interact with others, I honestly couldn’t care if you organize them within ICS, so long as they are accounted for within your own organization’s own chain of command.  There is no doctrine or best practice that requires organizations to account for every internal function within an ICS org chart.

The other reason, which I eluded to earlier, for organizations trying to customize ICS for their purposes, is a lack of understanding of ICS.  While I’m aware that some people who have done this might only have taken ICS 100, giving them only a scratched surface of ICS knowledge, which they easily misapply since they don’t have a good understanding of the fundamental concepts of ICS.  However, I’m aware of plenty of individuals who have taken ICS 300 and possibly ICS 400 who still fall into this trap.  I feel this situation stems from a result of misapplied learning, which ultimately comes from poor ICS curriculum.  (If you want to read more on my opinions on how ICS Training Sucks ⇐visit here).

ICS training should not only provide learning to support operational implementation of ICS concepts, but also adequate preparedness activities, such as integrating ICS into plans, policy, and procedures.  Current training leaves many people feeling they know enough about ICS to integrate it into these important documents, but they feel compelled to be creative, when not only is creativity generally not required, it flies in the face of a standardized system.  ICS has an abundance of flexibility which can accommodate a multitude of functions; one just has to relate these to the fundamental features of ICS to identify where they might go.  I’m not opposed to creating a new organizational element, just make sure that it fits appropriately, without duplicating efforts, usurping responsibility from another standard element, or violating span of control.

Consider this: will your organization chart integrate with others?  If so, how?  Is there operational integration or is it through an agency representative?  If the answer is the latter, there is less concern, but if there is an expectation for operational integration or shared functions, such as Planning or Logistics, sticking to the standards is even more important.

I’m interested to hear your thoughts on ICS customization, the reasons behind it, and the ramifications of it.  Fire away!

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

My DHS Idea Campaign

No, it’s not my DHS Idea.  It’s theirs.  DHS’, that is.  The ‘My DHS Idea Campaign’ has been developed to solicit input from the private sector about homeland security matters that concern them and what they view as priorities.  This information will help inform the legally required 2018 Quadrennial Homeland Security Review, which is slated to be provided to Congress in December of 2017.

Information on the campaign is provided below.  From the link provided, you can browse ideas submitted by others and submit your own ideas.  If you are a member of the private sector, please take a look and provide your input.

-TR

 

download

My DHS Idea Campaign

The U.S. Department of Homeland Security (DHS) would like to hear from you about the homeland security issues that concern you and your community.

DHS is in the process of completing a major strategic review of the Department’s programs and priorities, and will deliver its finished product – the 2018 Quadrennial Homeland Security Review – to Congress in December 2017.  As part of the review, DHS is inviting members of the private sector to participate in the online “My DHS Idea” campaign.

These are some of the important missions staff of DHS performs every day:

  • Counterterrorism;
  • Border security;
  • Immigration enforcement;
  • Trade enforcement and facilitation;
  • Drug interdiction;
  • Disaster preparedness and response; and
  • Cyber security.

What homeland security issues do you care about?  What areas should DHS prioritize?  What are the most pressing risks facing your community and the nation as a whole?

Using the IdeaScale platform, you can post your own ideas to address the homeland security challenges that are important to you and your community, comment on other people’s ideas, and vote on the issues and approaches you think are the most important for DHS to consider.  This interactive format allows everyone on the site to see the issues that are most important to other participants, and which ideas generate the most interest and support.  The Department’s Office of Policy staff will moderate and contribute to discussions on an occasional basis incorporating key ideas into the strategy review process as appropriate.

You can find the link to the DHS IdeaScale site at https://homelandsecurity.ideascale.com/.  Registration is quick and easy.