Executive Summary

​Studies of hospital emergency preparedness before the 2001 attacks on the World Trade Center showed that the level of hospital preparedness varied but was generally in the early stages. Since then, hospitals in the United States have had to deal with a wide variety of large-scale emergencies and disasters from natural, technological, and terrorist-related causes.

As the nation at large has been preparing for the possibility of large-scale events, healthcare facilities have been moving toward more comprehensive emergency management planning, shifting from an emphasis on a particular type of emergency to delineating the common strategies to be used when responding to all types of emergencies.

What HRC Found

Out-of-court settlements for deaths and injuries at hospitals during Hurricane Katrina make clear that failure to properly prepare for and respond to an emergency not only has a horrible human toll but can have disastrous financial consequences for a hospital. Risk managers often have a direct role in the development of policies and procedures related to emergency management—such as those addressing disaster-related standards of care, modification of the privileging and credentialing process, and negotiation of mutual-aid agreements with other hospitals—and a complete understanding of emergency management is necessary to be effective.

Key Recommendations

  • Ensure that an emergency management committee is in place and that the risk manager participates in it.
  • Conduct and review a hazard vulnerability analysis (HVA) at least annually.
  • Review emergency operations procedures and related policies to ensure consistency with the HVA.
  • Establish relationships with vendors, suppliers, and other healthcare facilities to ensure resource availability during emergencies.
  • Assess the hospital's surge capacity and establish plans to transfer or divert patients when surge capacity is exceeded.
  • Work with the ethics committee to establish crisis standards of care and protocols for triage during disasters.

Who Should Read This

​Administration, Emergency department, Facilities/building management, Legal counsel, Outpatient services, Security

Studies of hospital emergency preparedness before the 2001 attacks on the World Trade Center showed that the level of hospital preparedness varied but was generally in the early stages. There was little planning for large-scale events, and much of the planning focused on chemical incidents. Formal interhospital and community collaboration on emergency preparedness was uncommon, and while most hospitals were in compliance with Joint Commission standards, those standards focused primarily on physical threats to individual hospital facilities, such as bomb threats or loss of utilities (Toner et al.). Since then, hospitals in the United States (and the world at large) have had to deal with a wide variety of large-scale emergencies and disasters from natural, technological, and terrorist-related causes. And while the United States has been lucky to have had fairly few events with a catastrophic number of casualties—only 10 disasters have resulted in more than 1,000 fatalities (Goolsby and Mothershead)—the nation at large has been trying to prepare itself for that possibility.

Hand in hand with this national preparation, healthcare facilities have been moving toward more comprehensive emergency management planning. They have been making more links to the community and switching to an “all-hazards” planning process that shifts the emphasis from planning for a particular type of emergency to delineating the common features of and common strategies to be used when responding to all types of emergencies. These shifts have come about as a result of changes in the Joint Commission standards and National Fire Protection Association (NFPA) recommendations, combined with requirements mandated by federal hospital preparedness grants and federal guidance as well as the national preparedness programs, all of which are community-based programs that use all-hazards planning (U.S. HHS Hospital Preparedness).

While many risk managers will not have direct involvement in the emergency management planning process, all should be familiar with it, as failure to properly plan can result in significant liability for a hospital. Recent out-of-court settlements for deaths and injuries at hospitals during Hurricane Katrina make clear that failure to properly prepare for, and respond to, an emergency not only has a horrible human toll but may also have disastrous financial consequences for a hospital or healthcare system (Fink “A Settlement”; Business Insurance). Additionally, risk managers often have a more direct role in the development of policies and procedures that relate to aspects of emergency management—such as those addressing disaster-related standards of care and modification of the privileging and credentialing process—and in the negotiation of mutual-aid agreements with other hospitals, and a complete understanding of emergency management is necessary to be effective.

For example, the first thing a risk manager must understand is that while the words “disaster” and “emergency” are sometimes used interchangeably by the general public, the terms have different meanings in the emergency management field—with a disaster being a subset of emergency, a type of emergency that overwhelms an individual hospital and requires some sort of outside assistance, whereas an emergency is an unexpected event that disrupts a hospital’s ability to provide care but does not require outside assistance beyond, perhaps, a hazmat team or local fire department (see Emergencies, Disasters, and Other Events). This distinction is particularly important for hospitals since some Joint Commission standards, such as authorized modifications to credentialing and privileging procedures, only apply during disasters. This Risk Analysis will use the word “disaster” only if it is specifically used by a Joint Commission standard, other official recommendations, or governmental emergency preparedness programs. Otherwise, the words “emergency,” “incident,” or “event” will be used.

See Emergency Management Preparedness Plan for a sample tool that provides a plan for patient care and support services that are appropriate for addressing patient needs in an emergency.

Summary of Institutional Influences on Hospital Emergency Management

The Joint Commission and NFPA

The Joint Commission emergency management standards recognize that there are four phases of emergency management: mitigation, preparedness, response, and recovery. Mitigation and preparedness generally occur before an emergency, while response and recovery occur during and after an emergency, largely guided by the hospital’s incident command system (ICS). The Joint Commission requires hospitals to use an all-hazards approach to their emergency management processes—that is, they must be able to manage everything from a temporary utility outage to a catastrophic natural or man-made event. However, not all hazards are equally likely, nor will all hazards have the same impact on a hospital. Thus, the Joint Commission requires hospitals to perform a hazard vulnerability analysis (HVA) once a year. Properly done, the HVA will identify potential hazards and their impact, as well as the hospital’s vulnerabilities to the impact. Thus, the HVA provides a basis for understanding how hazard likelihood and vulnerabilities should be addressed in the hospital’s emergency management planning process.

The Joint Commission also identified six critical areas that a hospital must be able to manage during any and every type of emergency. Discussed in detail later in this Risk Analysis, they are

  • Communications
  • Resources and assets
  • Safety and security
  • Staff responsibilities
  • Utilities
  • Patient clinical and support activities

NFPA has one code and one standard that specifically address emergency management, and like the Joint Commission, there are also other codes and standards that affect emergency preparedness, such as the fire-related requirements of the Life Safety Code®. NFPA’s “Health Care Facilities Code” (NFPA 99) was completely rewritten and expanded in 2010 to correlate with the Joint Commission emergency management standards, as well as to incorporate lessons learned from recent disasters (NFPA “Committee on NFPA 99”). For example, NFPA 99 also requires an HVA and plans to manage critical resources and assets. Additionally, its change from a standard to a code means that it has very specific minimum requirements and is suitable for adoption and enforcement by legal authorities (Baretich). The “Standard on Disaster/Emergency Management and Business Continuity Programs” (NFPA 1600) addresses general aspects of emergency management (rather than hospital-specific aspects) and is to be used together with NFPA 99 recommendations.

Because most hospitals have Joint Commission accreditation,* this Risk Analysis adopts the Joint Commission’s six-critical-areas approach; it does not, however, address every element of performance (EP). (See Checklist for the Joint Commission’s Six Critical Emergency Management Areas for a detailed list of the EPs for each of the six critical areas.) Furthermore, many Joint Commission requirements for hospitals are not applicable to nursing homes, physician offices, and other settings. Risk managers are advised to consult the Joint Commission standards that are applicable to their type of healthcare facility.

* The American Osteopathic Association’s Healthcare Facilities Accreditation Program (HFAP) has a less detailed set of emergency management requirements, and compliance with Joint Commission standards meets most of the HFAP standards for disaster plans, disaster drills, and the provision of emergency gas and water. HFAP also requires plans for weapons of mass destruction and communicable disease outbreaks. (HFAP)


The Emergency Planning and Community Right-to-Know Act, enforced by the U.S. Environmental Protection Agency (EPA), specifically addresses the role of hospitals when there is a release of hazardous chemicals anywhere in the community at large. The local emergency response committee is required to designate certain hospitals that can treat people contaminated by the chemicals, although a recent survey indicated that 85% have gone beyond chemical hazards and include natural hazards in their emergency planning efforts (FEMA “National Preparedness”). Among other things, such hospitals must have an on-site decontamination facility, communication systems to notify the hospital from the scene of the contamination, all necessary supplies, and specially trained personnel. Such hospitals must coordinate their training and preparation with the local emergency response committee. The U.S. Occupational Safety and Health Administration (OSHA) requires hospitals to develop emergency action plans for certain situations, including the release of hazardous materials, fires, and the use of ethylene oxide. OSHA also requires hospitals to provide employees with appropriate personal protective equipment, such as respirators when dealing with an emergency involving infectious airborne agents. For more information on EPA and OSHA requirements, see the Risk Analyses The U.S. Environmental Protection Agency and OSHA Inspections, Citations, and Penalties.


The Centers for Medicare and Medicaid Services (CMS) has regulations addressing emergencies, although they are very brief. Specifically, CMS requires hospitals to do the following (42 CFR § 483.75[m]):

  • Have detailed written plans and procedures to meet all potential emergencies and disasters, such as fire, severe weather, and missing residents
  • Train all employees in emergency procedures when they begin to work in the facility, periodically review the procedures with existing staff, and carry out unannounced staff drills using those procedures

Incident Command Systems

The ICS is a standardized, on-scene, all-hazards incident management approach that allows for the integration of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure; enables a coordinated response among different jurisdictions, government agencies, and private organizations (such as hospitals); and establishes common processes for planning and managing resources.

The following are some of the key features of all ICSs:

  • Unified command structure. This allows disparate entities (both public and private) to collaborate and actively participate in the response and recovery.
  • Modular organization. Response resources are divided into the following five functional areas, all of which can be expanded or contracted based on the incident:
  • Command, which establishes the incident goals and objectives
  • Operations, which develops the specific tactics and executes activities
  • Planning, logistics, and administration/finance, which each support the command and the operations sections
  • Comprehensive resource management. Systems are in place to describe, maintain, identify, request, and track resources.
  • Common terminology.
  • Integrated communications within an organization, as well as externally.

California, where the ICS strategy was first developed in 1970, has developed a hospital ICS (HICS), which includes National Incident Management System (NIMS)-compliant forms for documentation, hazard-specific planning and operational guidance, and information for addressing NIMS (see the discussion Federal Funding Requirements for more information on NIMS) (California Emergency Medical Services Authority). For more information about HICS, see the Risk Analysis The Hospital Incident Command System.

Federal Funding Requirements

The U.S. Department of Health and Human Services (HHS) created the Hospital Preparedness Program (HPP) in 2002 to provide grants to prepare for bioterrorism and public health emergencies, such as pandemics, by increasing stockpiles of equipment, supplies, and pharmaceuticals. In 2004, the program shifted to an all-hazards, capabilities-based approach, which meant that hospitals had to do more than simply purchase equipment or supplies; they needed to demonstrate the capability to perform core functions common to all responses.

Hospitals that seek HPP funding—and more than 85% of the nation’s hospitals participate in HPP (U.S. HHS “Majority”)—must also commit to working within the incident management structure laid out in NIMS. NIMS was developed to allow all levels of government, the private sector, and nongovernmental organizations to work together “to prepare for, prevent, respond to, recover from, and mitigate the effects of incidents, regardless of cause, size, location, or complexity, in order to reduce the loss of life, property, and harm to the environment” (U.S. HHS “NIMS Implementation”). Among other things, this means hospitals participating in HPP must

  • participate in interagency mutual-aid or mutual-assistance agreements;
  • promote and ensure proper hospital processes, equipment, communications, and data interoperability to facilitate the collection and distribution of accurate information with local and state partners during an incident; and
  • manage all emergency incidents, exercises, and preplanned events with consistent application of ICS organizational structures, doctrines, processes, and procedures.

HHS reports that over 76% of the hospitals that participate in HPP meet the all-hazards preparedness program measures, which include having redundant, interoperable communications systems in place among hospitals, public health agencies, and emergency managers; being able to report the number of beds available within 60 minutes of a request; and having plans for surge capability, hospital evacuation, and shelter of patients and staff (U.S. HHS “Majority”).

State and Local Requirements 

Every state has a state-level agency or office responsible for coordinating the state’s response to emergencies and disasters and for working with the federal government. Many local jurisdictions have emergency management offices. Similarly, state and local public health departments are also involved in emergency planning for public health emergencies. Additionally, 124 major urban areas have federally funded Metropolitan Medical Response Systems that help the community prepare for mass-casualty events. In terms of preparing for mass-causality events, hospitals should be working with these groups because such catastrophic events will require a coordinated response by all emergency responders and healthcare providers, not just by hospitals but also by nursing homes, clinics, doctors’ offices, and more (IOM).

In terms of legally imposed duties, state laws and licensing standards typically require, fund, or strongly encourage hospital emergency preparedness, usually setting forth various minimum standards regarding the maintenance of an emergency plan. Such standards often address evacuation procedures, measures for receiving an influx of patients, procedures for ensuring that medical records are adequately maintained and accompany patients during evacuation, and requirements dealing with the interruption of utilities and after-life care (Finan). Hospitals and nursing facilities may be required to have the ability to shelter-in-place for certain periods of time, and state emergency preparedness statutes usually require evacuation plans (Hodge and Garcia).

States also have the ability to declare states of emergency or disaster (see Emergencies, Disasters, and Other Events), and such declarations affect the response, authorize the performance of various responses by a variety of actors, and may waive certain laws (e.g., privacy laws) and determine the extent of responsibility and liability for harm that arises during an incident. Finally, some legal analysts and state policymakers are beginning to address what are variously called disaster, adjusted, altered, or, the term that this Risk Analysis will use, crisis standards of care (CSCs). Because negligence is based on state law, any state CSCs, policy guidance, or recommendations can affect legal determinations of liability for hospitals and healthcare providers during disasters.

The Role of the Emergency Management Committee

Hospitals should have already established an emergency management committee (EMC) to coordinate emergency management efforts within the hospital or healthcare system, as well as planning activities with nearby healthcare facilities; local, state, and federal agencies; and others. The EMC should, at minimum, include representatives with operational knowledge of, and decision-making authority for, the six critical management areas identified by the Joint Commission’s emergency management chapter. This could include individuals from departments such as risk management, administration, admissions, emergency department (ED), pharmacy, public relations, materials management, medical, infection control, facilities, engineering, safety, purchasing, and security. (The EMC may even wish to create subcommittees representing the six critical areas to ensure that all important aspects of advanced planning and preparation have been addressed.) Input from the local emergency planning agency, public health agencies, local media, the American Red Cross, police and fire departments, and utility companies should be solicited to assist the EMC in developing the emergency operations plan (EOP). While these groups may not always be able to serve on the committee—nor should they, necessarily—a draft of the EOP should be sent to them for review.

Disaster Coordinators

A national review of hospital preparedness found that hospitals that had hired full- or part-time disaster coordinators (often using HPP funding) were among the most prepared (Toner et al.). In addition to serving on the EMC, disaster coordinators can provide sustained and expert knowledge of preparedness and response planning efforts, including interacting with hospital leaders at the executive level, coordinating preparedness activities within the hospital and with regional health coalitions, and interacting with the state-level HPP coordinator. Disaster coordinators who were both involved in the day-to-day preparations (e.g., planning, drills, stockpile management) and who had access to hospital leadership were found to be the most effective (Toner et al.).

A Clinical Care Committee

The EMC should consider whether to recommend the creation of a separate clinical care committee or subcommittee that would determine how a hospital’s resources can be best used to meet community needs and develop clinical policies and procedures required to support the response to an emergency. Membership of the clinical care committee will vary depending on the size of the hospital, the type and duration of an incident, and the scope of the challenges entailed. In addition to the chief medical officer, members could include representatives from administration, nursing, pharmacy, respiratory therapy, infection control, critical care, emergency medicine, legal, affected specialties (such as pediatrics or burn care), and facilities. By identifying possible committee members before an event occurs, the committee can work on an ongoing basis with EMC to identify potential scarce resources, related strategies, and caching recommendations. In specialized clinical areas, such as pediatrics, trauma, or burn, expertise itself will be a scarce resource and, since local specialists will be occupied with incident-related patients, advance planning with facilities in other geographic areas to provide telemedicine or hotline support can be useful. As this would be for mass-casualty events, planning for this type of support should be done at the regional or state level, and activation and operational policies should be established prior to an incident. (IOM)

Healthcare Coalitions

One of the most significant factors contributing to the improved level of healthcare emergency preparedness across the nation has been the cooperative relationships occurring among individual hospitals and among hospitals, public health departments, emergency management agencies, and others. This networking has led to the emergence of formal healthcare coalitions, which are rapidly becoming one of the cornerstones of national healthcare emergency preparedness. These coalitions have been extremely successful in planning and conducting disaster exercises, as well as demonstrating operational response functions during actual incidents. EMCs at hospitals that are not already participating in such a coalition should consider joining one or working to form one. See Healthcare Coalitions for more information.

The Four Phases of Emergency Management

Phase One: Mitigation

Mitigation consists of all activities that reduce or eliminate the probability of a hazard occurring or eliminate or reduce the hazard’s impact if it does occur. An effective mitigation effort should begin with, and be based on, the HVA, as this will help the disaster coordinator and EMC prioritize issues during follow-up mitigation and preparedness planning (U.S. HHS “Management”).

NFPA suggests that a mitigation strategy should consider actions such as the use of applicable building construction standards; relocation, retrofitting, or removal of structures at risk (for example, moving backup generators from areas susceptible to flooding); provision of protective systems or equipment for risks; and redundancy or duplication of essential personnel, critical systems, equipment, information, operations, or materials (NFPA “NFPA 99”).

Mitigation elements should always be considered when constructing new buildings or rehabbing existing ones. In addition to complying with applicable building codes, the Federal Emergency Management Agency (FEMA) and others have developed a variety of design guides and other tools that can assist planners. For example, FEMA notes that winds habitually overturn improperly attached roof-mounted ventilation, air-conditioning, and radio communication equipment (e.g., satellite dishes) and can change airflow from ventilation, whereas sewers tend to back up or break down during floods and earthquakes. (FEMA “Design Guide”)

Other mitigation activities include the following:

  • Maintaining ongoing programs of environmental assessment, such as regular environmental, safety, and security rounds or a building maintenance program to identify potential problems before they occur
  • Establishing programs for testing, inspection, and preventive maintenance of backup systems and facility safety features
  • Reducing the use of hazardous materials (including mercury), properly training handlers to reduce spills and leaks, and optimally designing storage rooms and cabinets
  • Installing and monitoring security through access control and perimeter security

Phase Two: Preparedness

Preparedness consists of ongoing planning and associated actions that will increase an organization’s resiliency—its capacity and capability to respond to, and recover from, a hazard’s impacts. As with mitigation, preparedness can also extend to building design. An example is a new 14-story tower built for Rush University Medical Center in Chicago that includes features to address bioterrorism and pandemic infections, including ambulance bays that can be converted to large decontamination rooms, pillars in the lobby equipped with hidden panels for oxygen and other gases (thus permitting it to be used for more beds and treatment), and the ability to switch airflows to exhaust airborne agents high above street level so that entire quadrants can be isolated (Rubin).

The Joint Commission specifically requires hospitals to implement, in advance, all EOP components that require prior preparation in order to manage and provide for the six critical areas during an emergency. For example, mutual-aid agreements should already be in place with nearby hospitals and staff should have already received training regarding their roles during an emergency. Most importantly, hospitals should coordinate their EOP with state and local community EOPs to ensure a smooth and comprehensive emergency response will be available community-wide. See How Prepared Are Hospitals? for a summary of the state of hospital preparedness nationwide.

Among other Joint-Commission-related preparedness activities, the hospital must ensure that its ICS is integrated into, and consistent with, the community’s command structure and that individuals with official roles (e.g., the incident commander) have received the proper, NIMS-compliant training. Regular meetings of the EMC should be conducted as part of preparedness activities, and there should be an annual evaluation (and revision, if necessary) of the EOP. In addition, preparedness includes all training, and drills and exercises are performed to stress and evaluate the EOP (as discussed later in this Risk Analysis).

Hospitals can undertake additional preparedness activities pertaining to legal and insurance matters.

Legal issues. In addition to the federal government, every state, many territories, and some local governments can also declare states of emergency or disaster (Hodge and Anderson). As with federal declarations, these state and local laws may waive specific regulatory requirements, such as the Emergency Medical Treatment and Labor Act (EMTALA); encourage response efforts by limiting liability; authorize interstate recognition of healthcare licenses; allocate healthcare personnel and resources; or permit the provision of healthcare or public health services at nontraditional, alternate care sites (ACSs). Risk managers should ensure that they know, in advance, what the effect of such declarations will be and that the EOP properly reflects this. In response to the same event, such as the 2009 H1N1 pandemic, federal and state governments may declare both a state of emergency or disaster, as well as declaring a public health emergency. These dual declarations can lead to confusion, as divergent governmental powers and actors seek to respond in overlapping and potentially inconsistent ways (IOM).

Risk managers should review how, if at all, their hospital has prepared for situations where it is necessary to alter standards of medical care in a manner that is different from normal day-to-day circumstances. For example, workforce shortages could result in hospitals changing their established standards of care, such as nurse-to-patient care ratios. While there are no nationally accepted CSCs, much work is being done at the state level to establish these standards (see Crisis Standards of Care for a brief discussion of CSCs).

Risk managers should also determine in advance whether their state has tort immunity statutes for healthcare providers (both staff and volunteers), and if so, who is protected, how do they receive that immunity, and for what events do they have immunity. Several surveys of potential volunteers show that liability protections were among respondents’ primary concerns during emergency operations (IOM). For example, Louisiana passed several such laws after a doctor and several nurses were charged with second-degree murder following Hurricane Katrina, although the New Orleans grand jury declined to indict them (Fink “The Deadly”). Similarly, hospitals should review their malpractice insurance to determine whether it would include volunteers and review workers’ compensation laws to determine how and to whom they apply during emergencies; for example, are volunteers covered?

Liability is not the only concern; hospitals must determine how they will comply with Medicare and Medicaid requirements, EMTALA, and the Healthcare Insurance Portability and Accountability Act (HIPAA) during any emergency. While it is true that these requirements may be waived by the HHS secretary if both the president and the secretary have declared a public health emergency—and they have been waived a number of times, including during Hurricanes Katrina, Rita, Gustav, and others; the 2008 Iowa floods; and the 2009 North Dakota and Minnesota floods (AHLA “Section 1135”)—what happens if the requirements are not waived? State privacy laws may be stricter than HIPAA, so hospitals should determine the effect of a federal waiver on state law.

The American Health Lawyers Association (AHLA) has prepared a variety of guidance documents and tools that can assist risk managers in reviewing their facilities’ legal preparedness. For example, AHLA’s “Emergency Preparedness, Response, and Recovery Checklist: Beyond the Emergency Management Plan” (2008) identifies aspects of key legal and operational issues that facilities may face in the event of a disaster or an emergency and is available at the organization’s website. See Selected Legal Issues for a brief discussion of other legal issues risk managers should investigate.

Insurance. Hospitals should also assess the adequacy of their insurance for the hazards identified in the HVA and try to resolve any coverage issues with the insurance carrier. If hazards such as terrorist attacks are not covered, risk managers should determine first whether it is even possible to obtain such coverage and then discuss with administration whether to purchase it. Preparing a video recording or photographs of major aspects of the facility in advance, as well as an inventory of key assets (also required by the emergency management standards) such as supplies, equipment, furniture, and art, will help with reimbursement claims.

Hospitals should also work with their patients’ health insurers—especially local businesses that self-insure—to make provisions for recovering payment for treatment provided during an emergency. During the emergency response phase, the administration/finance unit of the ICS has responsibilities for these issues, and they should work with insurers and the EMC in advance to help to smooth the process.

Phase Three: Response

These are the activities that directly address the hazard’s impact, including actions taken immediately in anticipation of a slowly evolving incident (such as a hurricane making landfall in a predictable amount of time) and actions during and after an impact has occurred. The response phase proceeds based on the hospital’s ICS.

Situational awareness. To be able to fairly and effectively provide care during a disaster, a hospital needs good situational awareness, including knowing what is going on with all components of the community-wide disaster response system. At the beginning of a disaster, especially a quickly evolving one with little advance notice (such as an earthquake or bombing), initial decision making is often reactive. Without knowing the scope and scale of the disaster and the number of casualties generated, triage and other decisions will be on an ad hoc basis and may result in greater numbers of casualties if dwindling resources are not appropriately conserved, as well as inequities in allocating scarce resources, unethically disadvantaging some from receiving care (IOM).

Phase Four: Recovery

These are the activities that restore the hospital to “normal” after a major incident. This phase of emergency management also proceeds based on the hospital’s ICS. The initial recovery stage (which actually begins in the late stages of response) is integrated with response mechanisms, and the EOP incident management process should be extended into recovery. The management transition from response to recovery (both timing and methods) must be carefully planned and implemented to avoid problems.

For events that have damaged the hospital itself, once returning to the facility is physically possible, recovering from property damage becomes a high priority that is second only to ensuring the safety of all occupants. This process may involve debris removal, pollutant cleanup and removal, repair and reconstruction, and building code upgrades. Electrical, water, sewage, and transportation infrastructure may also need repair. During the cleanup period, surveillance for an infectious-disease outbreak should be ongoing and vigilant. Many supplies will have been depleted during an emergency, and a team appointed by the material supply unit leader (within the ICS) will need to survey supplies and contact vendors to replenish stock.

Beyond addressing insurance issues, hospitals should have in place measures to facilitate the resumption of disrupted operations. In addition to offering mental health resources and counseling to employees, hospitals should train staff in advance to recognize and cope with feelings commonly associated with the stresses of disaster response, such as helplessness, dislocation, and revulsion. As soon as possible, healthcare workers and medical staff should be debriefed on the facility’s response. The debriefing not only allows healthcare workers to identify areas of the response effort that need improvement (all responses should be documented for review) but also gives them the opportunity to talk about what they experienced and how they feel.

The activities of the recovery phase seek to return response personnel and the hospital to normal operations (or to a defined “new normal”) as quickly as possible. Recovery efforts should include a thorough evaluation of how the response system performed under stress, making note of specific strengths, weaknesses, and strategies to improve the hospital’s ability to respond to future emergencies and disasters. Other important recovery activities include the following (U.S. HHS “Management”):

  • Accounting accurately for all costs incurred during the response, and applying for financial remuneration for those costs
  • Attending to acute and long-term physical and mental health effects of staff during response
    (e.g., providing counseling services)
  • Replacing or servicing equipment and supplies used during response
  • Evaluating, cleaning, and/or repairing damage to the facility

NFPA 1600 also suggests that recovery planning take into account issues such as the succession of individuals in leadership and other key roles, the predelegation of authority to leadership to act and to redelegate authority, steps that the facility can take to help personnel respond quickly (e.g., developing standard operating procedures for alerting, notifying, locating, and recalling personnel; delegating disaster or emergency assignments, responsibilities, and emergency duty locations), and the preparation of measures to protect resources, facilities, and personnel.

Annual Drills and EOP Reviews

Emergency planning is an ongoing process—indeed, the Joint Commission, in standard EM.03.01.01, requires a hospital to reevaluate its EOP annually and revise it as necessary. Situations change in many ways; new risks may be identified (e.g., a new hazardous-chemical company is built, a major bridge is declared structurally unsound), the surrounding community may change (e.g., the population increases, another hospital closes down, an army base is shuttered), the patient care services provided may change, or the hospital’s administration or ownership may change. Thus, the Joint Commission requires a hospital to annually conduct and document its review of

  • the risks, hazards, and potential emergencies as defined in its HVA;
  • the objectives and scope of its EOP (including incorporating changes necessary based on the twice-a-year exercises discussed below); and
  • its inventory.

Two annual exercises. According to the same Joint Commission standard, hospitals must activate their EOP and conduct actual emergency exercises (tabletop sessions are not enough) at least twice a year; although if they have actually responded to an emergency, the actual response (and feedback after the response) can take the place of an exercise. Hospitals that offer emergency services, or those that are community-designated disaster receiving stations, must include an influx of simulated patients (medical surge) and an escalating event in which the local community is unable to support the hospital in one of their exercises (tabletop sessions are acceptable for the community portion of this exercise). Additionally, hospitals that have a defined role in their community’s response plan must participate in at least one community-wide exercise per year.

Hospitals must designate an individual whose sole responsibility is to monitor the effectiveness of the exercises, including internal and external communications; resource mobilization and asset allocation, including equipment, supplies, personal protective equipment, and transportation; and management of the four other critical resource areas. Based on this monitoring, hospitals must use a multidisciplinary process (which includes licensed independent practitioners [LIPs])
to identify and document deficiencies and opportunities for improvement and communicate these to the improvement team responsible for monitoring environment-of-care issues. For more information on conducting exercises, see the Risk Analysis Disaster Drills.


The Joint Commission, NFPA, FEMA, and others require or recommend that hospitals conduct an annual HVA. According to Joint Commission standard EM.01.01.01, the purpose of the HVA is to “identify potential emergencies that could affect demand for its services or its ability to provide those services” and decide how likely those threats are and what their impact would be (Joint Commission Comprehensive Accreditation). It also requires hospitals to work with their community partners to prioritize the emergencies identified in the HVA, although it allows the hospitals to decide which partners are critical in order to define priorities for the hospital’s responses to potential emergencies. Ideally, hospitals should coordinate their HVA process with that of their local community, but a recent survey of Maine hospitals found that most did not invite community experts into their HVA process (Campbell et al.). The Joint Commission does require hospitals to communicate their needs and vulnerabilities, based on the HVA, to community emergency response agencies.

Types of Hazards

Hazards are often divided into categories. For example, NFPA 99 distinguishes between natural hazards (geological, meteorological, and biological), human-caused events (accidental or intentional), and technological events (NFPA “NFPA 99”). Needless to say, a hospital may face multiple disasters simultaneously—hurricanes are often accompanied by flooding and earthquakes are often followed by tsunamis.

FEMA, as well as other government agencies and educational organizations, has maps and statistics that can help emergency planners identify the probability of many natural hazards. While most risk managers and EMC members may have an understanding of many of the natural hazards their hospital will probably face (e.g., hospitals in “Tornado Alley” are likely familiar with this hazard), it is wise to do more research. For example, while 90% of American seismic activity occurs in Southern California and western Nevada, 39 states are considered to include areas that face a moderate to major threat of a major earthquake (Erickson). Similarly, in the last 10 years, disastrous river flooding has occurred far more frequently than the 100-year flood-event statistics would predict.

In terms of planning, an important distinction is whether a hazard is internal to the facility, such as a fire or the loss of electricity, or external. External incidents may affect the structural and nonstructural integrity of the hospital itself, damage or destroy the entire community, or have no physical affect at all, such as in the event of a school shooting. External events may have a high number of casualties or very few. Some external events evolve slowly, such as infectious-disease epidemics or hurricanes; these disasters give hospitals (and the overall community) time to activate the EOP in an orderly fashion, adjust resources, and request and obtain outside assistance. However, others, such as a bridge collapse or bombing, provide little to no notice and evolve rapidly. These sorts of events in particular, since staff respond immediately with little to no time to prepare, are the ones that most benefit from pre-event planning, performance of drills, and the ability to rapidly mobilize resources. (Roccaforte and Cushman)

Federal preparedness planning focuses on hazards that result in mass-casualty events, with funding and guidance to help hospitals prepare for, among other things, surge capacity. Hypothetical scenarios sometimes address catastrophic health events (as defined by Homeland Security Presidential Directive 21; see Emergencies, Disasters, and Other Events) with truly horrific numbers of casualties. This sort of planning is being done at the national and regional levels and anticipates medical responses from all hospitals and healthcare systems in the area. In terms of an individual hospital’s level of preparedness for an internal or small external event, it is important to note that for many hospitals, just a few more casualties can cause them to reach surge capacity. For example, most hospitals in Canada may begin to fail if five or more critically injured patients arrive simultaneously, and in England, the Royal London Hospital received 194 casualties from the July 2005 terrorist attacks and resuscitation room capacity was reached within 15 minutes (McAlister).

HVA Tools

Many tools are available to perform an HVA, such as those by the American Heart Association and Kaiser Permanente. Typically, these tools ask the user to rank such things as the probability of a hazard; the human, property, business, and medical care impact; the building’s structural and nonstructural (items such as windows and facades or mechanical, electrical, and piping installations) vulnerabilities; and the facility’s current level of preparedness (e.g., staff training, availability of internal and external resources). Technology risks should be considered when looking at vulnerabilities; FEMA’s most recent analysis of overall national preparedness, which included industries other than healthcare, indicates that cybersecurity is one of the nation’s biggest gaps in coverage (FEMA “National Preparedness”).

For more information on conducting an HVA, see the Risk Analysis Emergency Preparedness Hazard Vulnerability Assessment.

The Written EOP

The written EOP, which is just one component of a hospital’s emergency management program, must describe how a hospital will manage all six of the critical areas defined in Joint Commission standard EM.02.01.01: communications, resources and assets, safety and security, staff responsibilities, utilities, and patient clinical and support activities (Joint Commission Comprehensive Accreditation). See Checklist for the Joint Commission’s Six Critical Emergency Management Areas for a complete set of EPs related to these six critical areas. Although no EOP can provide specific response instructions for a particular emergency, the plan should provide staff with the critical-thinking skills necessary to anticipate and respond to any emergency (MHA). All employees and medical staff, not just EMC members and department heads, must know and understand the EOP. And since in many emergency responses hospitals do not act alone, regional and state coordination in developing and exercising the EOP is essential.

96-hour stand-alone capability. The EOP must discuss the hospital’s capabilities and response procedures if the local community cannot provide any support for at least 96 hours. While the Joint Commission standards do not require hospitals to stockpile supplies to last for 96 hours, CMS suggests that all healthcare facilities’ shelter-in-place plans include sufficient resources to shelter-in-place for seven days (CMS). The American College of Emergency Physicians also suggests that there are many nominal-cost and nominal-space items, such as morphine or dressings for burns, that cannot easily be substituted for or obtained quickly during a disaster, and these items should be cached (ACEP).

ACSs. The EOP must identify ACSs for patient care—a key component in preparing for medical surge. ACSs are used to provide medical care outside hospital settings for patients who would normally be treated as inpatients and to triage patients in order to sort those who need critical attention and immediate transport to the hospital from those with less serious injuries. They may also manage matters unique to a particular mass-casualty event, such as the distribution of vaccines or quarantining infectious patients. There are two types of sites: fixed and mobile. Fixed sites are nonmedical buildings, such as hotels, armories, or auditoriums, that are close enough to the hospital and the right size to be adapted to provide medical care (Joint Commission “Health Care”). Mobile medical facilities are either tractor-trailer-based, specialized units with surgical and intensive care capabilities or fully equipped hospitals stored in container systems. Risk managers should consider several issues when reviewing their facilities’ identified ACSs, including the following: the level and scope of medical care to be delivered, the physical infrastructure required, staffing requirements for the delivery of such care, the medical equipment and supplies needed, and the management systems required to integrate such facilities with the overall delivery of healthcare (GAO). Remember also that while most ACSs are used for patient care, some may also be used for patient evacuation, which requires different plans, staffing, and resources (MHA).

Separate plans or annexes. Hospitals often have separate plans or annexes, developed as a result of the HVA and referenced in the EOP, to guide personnel in the initial stages of a specific emergency. The basic framework and specific emergency plans should be coordinated with other local hospitals, the community’s general EOP, and any applicable regional medical response systems. These plans—some developed for the top vulnerabilities identified in the HVA, some required by OSHA, the Joint Commission, federal grant funding, or others—often address the following:

  • Mass-casualty events
  • Bomb threats
  • Hostage situations
  • Civil disturbances
  • Hazardous-materials release
  • Severe weather (e.g., snow storms, tornadoes)
  • Biological terrorism
  • Infant abduction
  • Loss of utilities (e.g., electrical, communication, information technology systems)
  • Fire
  • Evacuation
  • Shelter-in-place
  • ACSs


It seems that in every recent disaster, the number one lesson learned centered on communications, not just the well-reported instances of communication system failures but also the need for strategic information: Who needs to know what? When? And who will tell them? (MHA).

The Joint Commission, in standard EM.02.02.01, requires a hospital EOP to address how it will communicate during emergencies (Joint Commission Comprehensive Accreditation). Once the EOP has been activated, the public information officer and communications officer, both specific positions within the ICS structure, typically serve as conduits for information to internal and external stakeholders, including staff, visitors, families, and news media—but what must be planned for is how they, and anyone else, will disseminate that information. The World Trade Center attacks exposed major weaknesses in telephone, cell phone, and police and fire radio networks, and Hurricane Katrina further underlined the need for redundant communication systems (e.g., satellite phones for external communication, radio phones for internal communications) when cell phone towers were among the first utilities to become unavailable (Larkin). Meeting in advance with local radio and television stations to establish plans for mass notification of public or staff will make the process easier if it has to be done during a real emergency (MHA).

Updates on social media, such as Facebook or Twitter, can be used for information that can be made available to the general public. Applications for smartphones and tablet computers, hotlines, text messaging, and e-mail can be quick ways to provide both internal and external communication, and if all else fails, one person can be designated as a runner to deliver critical information within the facility.

Resources and Assets

A hospital cannot provide care during emergencies without essential resources and assets. Allocation of scarce resources is one of the main challenges faced in making triage decisions (Sztajnkrycer et al.). To limit the impact of scarce resources, a hospital must plan in advance for how supplies, equipment, and facilities will be managed internally and, when necessary, acquired from external sources such as vendors or neighboring healthcare providers (Joint Commission Comprehensive Accreditation). During the emergency, a hospital should also be able to monitor the quantities of its resources and assets (what the hospital has, how fast it is used, and whether the hospital has the ability to resupply) (Joint Commission “Function 2”).

Hospitals in the same geographic area often rely on the same vendors for equipment, such as hospital beds and ventilators, and may quickly run out of those items during an emergency; in addition, vendors may be unable to deliver equipment as a result of access problems (IOM). Similarly, events that last many days, or even months, such as a pandemic flu outbreak, may also mean that resources will not be available from planned sources or that multiple hospitals may be vying for a limited supply from the same vendor. A recent Centers for Disease Control and Prevention (CDC) survey indicates that most hospitals have mutual-aid agreements to share supplies and equipment (see How Prepared Are Hospitals?). Consider signing such agreements with both near and distant facilities because some disasters can also affect nearby facilities. Also, consider access to major air and surface transport routes when selecting mutual-aid partners because transporting supplies could also be difficult. NFPA 1600 suggests that the agreement be reviewed by legal counsel and signed by a responsible official.

The EMC should consider creating a multidisciplinary team or subcommittee to create and revise, as needed, a list of resources and supplies that are critical to providing care and maintaining building operations. Team members could include representatives from central supply, medical supply, biomedical engineering, pharmacy, nursing, environment of care, and administration (Joint Commission “Function 2”). Team members should consider hazards identified in the HVA, the likelihood of isolation based on geography and other factors, the hospital’s role in the community (e.g., trauma and burn centers, children’s hospitals), and the fragility of vendor supplies and anticipated supply lines (IOM). The 2012 IOM report, which developed a framework for catastrophic disaster response by hospitals and other responders, also provides a list of common resource shortfalls in appendixes C and D.

Critical clinical department heads should also create a list of essential supplies. Note that the logistics section, a HICS organizational unit, participates in planning for scarce resources during the incident; staff trained in that role should also be involved in advance planning. The Joint Commission has found that the hospitals that performed best under emergency conditions were those that had planned most carefully concerning logistical issues; they were often part of a larger healthcare network and were able to rely on that network for supplies such as medications, staff, fuel, water, and food (nonclinical supplies such as fuel are covered in the discussion Utilities). For example, one community lost power for a week and the hospital power generator needed 85,000 gallons of fuel—90% of which was supplied by the hospital network’s headquarters 500 miles away (Wise). Checklist for the Joint Commission’s Six Critical Emergency Management Areas provides a complete list of all the resource and asset matters to be addressed; a more in-depth discussion of some areas is included below.

Government resources. There has been an intense level of preparation by the federal government for mass-casualty events, which can also be useful in other emergency situations. Hospitals should make sure they are aware of what resources and assets, including human assets, will be available to them, not just from the three federal programs discussed below but also from state and local government programs.

The Strategic National Stockpile (SNS) is a large inventory of antibiotics, antitoxins, vaccines, critical care medications, ventilators and airway management equipment, and intravenous administration supplies managed by CDC. The SNS is divided into separate caches across the nation to facilitate the delivery of supplies; prepackaged push packs can be delivered within 12 hours to affected communities, and the bulk of the stockpile—a wider range of supplies such as anthrax and smallpox vaccines, antitoxins, and ventilators (not included in the push packs)—are available within 24 to 36 hours (Salinsky). Actual delivery times to the hospital, however, can take up to 48 hours, and HHS recommends that hospitals keep enough antibiotics on-hand to supply hospital staff, first responders, and patients for the first 48 hours of an emergency (Joint Commission “Health Care”).

The National Hospital Available Beds for Emergencies and Disasters System is an inpatient bed tracking system designed to allow hospital to know where and what types of beds are available in an emergency (GAO).

Federally funded ambulances are available in 21 states on the Gulf and Atlantic coast regions during a federally declared catastrophic health event (Center for Biosecurity of UPMC). CMS suggests that hospitals address the logistics relating to the transport of medication that must be under the control of a nurse and procedures to ensure that patients dependent on wheelchairs or other assistive devices are transported and their equipment protected (CMS).

Disaster supply kits. Hospitals should prepare kits with both basic and medical supplies and place them throughout the facility as well as in external locations unlikely to be affected by flooding or structural damage, such as a trailer in the parking lot. An inventory should be kept of these kits, and perishable items should be routed back into general use and new supplies should be substituted as necessary.

Basic supplies for responding to any emergency include food such as nutrition bars, bottled water and water-purifying tablets, linens, blankets, flashlights, batteries (which should be replaced with new batteries according to a schedule), extension cords, rope, matches in a waterproof container, candles, flares, duct tape, markers, work gloves, brooms for sweeping up debris, masks, sandbagging equipment (in flood-prone areas), plywood to cover windows, binoculars to spot broken windows and other damage on tall buildings, and victim tags. Basic materials and tools to fix plumbing leaks, splice cables, repair or insulate electrical wiring, and make other simple repairs to nonstructural physical damage could allow a hospital to continue to function immediately after an emergency strikes. Many hospitals now include handheld devices, laptop computers, and tablets or other devices in disaster kits.

Clinical department heads should be asked to identify crucial medical supplies and necessary quantities of the supplies needed to respond to expected emergencies. This could include portable lifesaving equipment such as manual ventilators and gas systems, tape, gauze, needles, endotracheal tubes, portable oxygen, defibrillators, splints, gloves (including nonlatex gloves), and disinfectants. Fully charged medical gas containers should be available in the event of loss of pressure. Commonly used pharmaceuticals, such as antibiotics, analgesics, antiseptics, and epinephrine, should also be kept in sufficient quantities. What constitutes “sufficient” amounts or quantities will be based on a variety of factors, including access to supplies cached with other hospitals or as part of a state or federal healthcare preparedness efforts, such as the SNS.

Supplies needed for the ICS command center must also always be available. This includes computers with Internet access, ICS identification vests, assorted light and power sources and communication devices, copies of mutual-aid agreements, up-to-date building schematics for the whole facility, blueprints of the utility systems (including circuit breaker locations and diagrams of piping), and evacuation plans. Phone numbers of backup suppliers and information regarding standing orders and preestablished credit lines should be kept in the disaster kit at the command post, and these parties should be put on standby when a disaster is announced. The suppliers should have contingency plans that include alternate means of transport for supply shipments if one or more transportation systems (e.g., air, rail) are affected by the emergency.

Strategies to address resource shortfalls. Hospitals should also develop, and staff should be trained on, strategies to address resource shortfalls. Often addressed in mass-casualty triage planning, lack of essential resources is one reason hospitals have to switch to CSCs. Strategies include the following (IOM; Connecticut Department of Public Health):

  • Substitute—use essentially equivalent devices, drugs, or personnel, such as using benzodiazepines for other sedation agents.
  • Adapt—repurpose devices, drugs, or personnel that are not equivalent but will provide sufficient care, such as using saturation monitors with rate alarms in lieu of full-featured monitors or anesthesia machines for temporary ventilators.
  • Conserve—use less of a resource by lowering doses or changing utilization practices (e.g., minimizing use of oxygen-driven nebulizers to conserve oxygen).
  • Restrict the use of therapies or interventions, such as using oxygen only for patients with documented hypoxia.
  • Reuse devices such as nasogastric tubes after appropriate disinfection.
  • Reallocate by prioritizing therapy for patients with the best chance of a good outcome and those most likely to benefit with the least amount of resource investment, such as treating a subset of patients with vaccine or antiviral treatments or prioritizing patients to receive mechanical ventilation.

Safety and Security

Controlling who is allowed into, out of, and within the hospital is necessary both to protect people from accidental harm and to protect people, critical supplies, equipment, and utilities from intentional harm. During an external emergency, the media, the walking wounded, the worried well, and families and friends of victims typically arrive at hospitals. Even people who are not hurt may come to the hospital since it may be the only building in the community that has power, running water, and the ability to provide shelter (sheltering staff, family, and the community at large presents additional safety and security concerns). Therefore, the Joint Commission, in standard EM.02.02.05, requires a hospital to determine, in advance, how it will control access, not just by staff, patients, visitors, and emergency medical volunteers but also by vendors, maintenance and repair workers, utility suppliers, and others (Joint Commission Comprehensive Accreditation). This includes controlling vehicle access since, for example, panicked individuals may abandon vehicles on access roads. Decisions regarding access and movement may vary depending on the type of emergency and local conditions (for example, whether or not the hospital has decided to shelter staff families). Even a matter as basic as what police should do with their weapons when they enter the facility may need to be considered (Joint Commission “Function 3”).

Staff Responsibilities and Support

The Joint Commission requires in standard EM.02.02.07 that staff and LIPs know in advance what they are expected to do during an emergency and be trained on those duties (Joint Commission Comprehensive Accreditation). All training activities, from educational programs conducted outside of the hospital (e.g., formal ICS training, clinical education in disaster medicine) to training on-site (e.g., responsibilities during a fire or hazardous-materials spill) must take place before an emergency occurs. Properly trained (and drilled) staff do not have to pause to think about what to do or whom to call; they simply do it. Disasters are often incredibly chaotic situations that are very dynamic in nature, and effective training helps prepare staff to take on unexpected responsibilities and adjust to changes in patient volume or acuity, work procedures, or conditions without having to make ad hoc decisions.

The Missouri hospitals that dealt with the catastrophic floods and tornadoes of 2011 found that managing and supporting staff during the response and through recovery was perhaps their single most important planning consideration, and the Missouri Hospital Association advises organizations to “take care of your staff first.” They suggest that hospitals do the following (MHA):

  • Immediately plan for relief staff, as long hours and extreme stress result in poor decision making. This includes ensuring rotation and rest for all staff, including those managing the hospital incident command.
  • Consider requiring staff to have backup picture identification (ID) in several locations, such as in their wallets, homes, or cars, because staff without ID will probably not be allowed into the hospital.
  • Plan for how to assign staff if a disaster occurs during a shift change.
  • Plan for how to use staff who cannot reach the hospital but can assist from a remote location.
  • Plan to provide a quiet place for staff (and their families) to rest, sleep, eat, and receive emotional support.
  • Have an immediate and basic manual charting system that can easily be implemented with just-in-time training, as volunteers may not be familiar with the hospital’s electronic medical records system.

Also, remember that while healthcare workers are generally thought of as responders, they (or their loved ones) may also be victims or emergency responders. For example, on the day of the attacks on the World Trade Centers, 62% of the ED nurses at one hospital had spouses or partners who were themselves first responders (Joint Commission “Health Care”). To address workers’ concerns about risks to their families and themselves, hospitals should consider taking the following steps:

  • Educating workers about ways to mitigate the risks to themselves and to their family members participating in disaster response
  • Providing workers with appropriate OSHA-required personal protective equipment
  • Forming transportation pools to pick up employees at designated points along major roads or asking local emergency management officials to arrange worker transportation
  • Forming centers for, or otherwise assisting with, child care, pet care, and elder care either on-site or off-site
  • Encouraging employees to keep emergency supplies of needed medications at work or to note prescriptions for chronic conditions in employee health records so that medications can be provided


Emergencies can damage or destroy essential utility systems and, thus, the Joint Commission requires, in standard EM.02.02.09, that hospitals address alternative means of providing them (Joint Commission Comprehensive Accreditation). Those utilities include the following:

  • Electricity. Tenet Healthcare Corporation’s multimillion-dollar, out-of-court settlement for its failure to mitigate the vulnerability of its backup source of electricity (the generators were at ground level and flooded), which was alleged to have contributed to patient deaths and injury and emotional distress to both patients and hospital visitors during Hurricane Katrina, illustrates the critical need to provide a reliable backup source of electricity. (Fink “A Settlement”)
  • Water for consumption, for essential patient care activities, and for other purposes. One Missouri hospital observed that water was its most critical utility during an emergency and recommends deep redundancy in supplies of both potable and nonpotable water systems. (MHA)
  • Fuel for building operations, generators, and essential transport services.
  • Medical gas and vacuum systems.
  • Heating and cooling systems or steam for sterilization.

Note also that the Joint Commission environment of care standards, particularly EC.02.05.03, require hospitals to have a reliable emergency power source for alarms, exit routes, elevators, emergency communication systems, and critical equipment that could cause harm to patients if they were to fail (Joint Commission Comprehensive Accreditation).

Hospitals must also determine how long they expect to remain open to care for patients and plan for their utilities accordingly, as the Joint Commission notes in standard EM.02.02.09 (Joint Commission Comprehensive Accreditation). Because some emergencies may be regional in scope or of long duration, organizations should not rely solely on single-source providers in the community and should identify other suppliers outside of the local community. Advance planning means more than simply signing up for backup water suppliers or adding backup generators. For example, a hospital may know how much drinking water it needs but not how much is needed for boilers and cooling towers. One facility addressed this matter by installing a meter on its cooling tower; once it knew the volume of water it needed, the hospital discovered that it had to install connectors and other plumbing that could handle that volume quickly (Joint Commission “There’s Something”).

Patient Clinical and Support Activities

The primary goal for any hospital emergency management program is not simply to reduce or prevent harm to property and people but also to be able to continue to provide care for existing patients, as well as any new casualties caused by the event. While the manner in which patient care will be provided may vary by the type of emergency, activities such as decisions to modify or discontinue services, make referrals, or transport patients are so fundamental to patient safety that they must be planned for in advance. The Joint Commission requires such planning in standard EM.02.02.11 (Joint Commission Comprehensive Accreditation). Checklist for the Joint Commission’s Six Critical Emergency Management Areas provides a complete list of all of the patient matters to be addressed; several areas are discussed in-depth below.

Triage. Triage means the sorting of patients for treatment priority, given some sort of scarcity of healthcare resources. The scarcity may range from modest (in a full ED, not every patient can be seen immediately) to catastrophic (in a mass-casualty event, hundreds of people have been seriously injured and everything is in short supply). Done on a daily basis in EDs everywhere, a triage officer, usually a nurse, assesses the patient’s medical needs, usually based on a brief examination, and using an established triage protocol or plan based on a set of criteria, determines the treatment priority for each patient in the ED. If a patient needs hospitalization, an additional decision must be made as to what level of hospital care the patient should receive. In the United States, the most common inpatient triage decision involves access to ICUs, as beds in those units are typically a hospital’s most limited resource. (Iserson and Moskop)

When there has been a multiple-casualty event, EMS and other responders typically will have sorted patients at the scene into those who need critical attention and immediate transport to the hospital and those with less serious injuries, who may, for example, be sent to an ACS. However, risk managers should be aware that the first to arrive at the ED are often the less seriously injured, brought by friends or family, and inappropriate triage can mean that there is less space, treatment, and other resources for the more seriously wounded people who arrive later. For example, the American College of Emergency Physicians recommends that a separate triage area, which may need to be bigger than the usual ED triage area, be set up for self-referred patients (ACEP).

When a mass-casualty event occurs, the sad reality is that not all demands for patient care can be met. As with multiple-casualty events, EMS will do the prehospital sorting and there will be a large number of self-referred patients who arrive before EMS. Situational awareness is particularly crucial in such situations. What is the anticipated number of casualties? How severe are their injuries? What are the capabilities and functional statuses of nearby hospitals? (Iserson and Moskop) Not only do triage officers need accurate information about the cause and extent of the disaster, they also need a triage protocol to follow because mass-casualty events require different considerations than day-to-day situations; this triage can pose ethical problems because limited resources mean that not everyone can be treated.

The World Medical Association recommends that disaster triage should be done by experienced physicians assisted by competent staff and using the following triage criteria (WMA; Kennedy et al.):

  • Those who can be saved but whose lives are in immediate danger should be treated first (red triage tag, “immediate,” priority 1).
  • Those whose lives are not in immediate danger and who need urgent but not immediate medical care should be treated next (yellow triage tag, “delayed,” priority 2).
  • Those requiring only minor treatment should be treated next (green triage tag, “minimal,” priority 3).
  • Those who are psychologically traumatized and do not require treatment for physical injuries but might need reassurance or sedation if acutely disturbed should be reassured or sedated next (no specific triage tag).
  • Those whose condition exceeds the available therapeutic resources, those who suffer from extremely severe injuries such as irradiation or burns to such an extent and degree that they cannot be saved in the specific circumstances of time and place, or those with complex surgical cases requiring a particularly delicate operation that would take too long should be classified as “beyond emergency care” (black triage tag, “expectant,” no priority).

Other disaster triage protocols have also been developed (Iserson and Moskop). What is important is that the hospital has planned for and adopted a disaster triage protocol using ethical principles to allocate scarce resources in disaster situations before disaster strikes. Risk managers should ensure that such protocols have been developed and reviewed by legal counsel and that appropriate staff are trained in their use. Unfortunately, even the most ethical and well-thought-out disaster protocol will not be perfect. One study found that in two mass-casualty events, triage officers, who were themselves experienced trauma physicians, could not identify as many as half of the victims who sustained life-threatening injuries (Ashkenazi et al.). HSS also warns that some mass-casualty events, such as pandemic influenza, which could kill hundreds of thousands of people, may require hospitals to shift largely from individual patient care to population-based care, and therefore, HHS specifically recommends that hospitals include triage, clinical evaluation, and admissions criteria for pandemic influenza (U.S. HHS “HHS Pandemic”).

Evacuation and shelter-in-place plans. An evacuation plan must establish a process to decide how and when to order an evacuation, whether it is to be a horizontal or vertical evacuation within the building or a partial or total evacuation to an outside area, and who has the authority to order the evacuation. Evacuation plans should, among other things, indicate multiple, predetermined evacuation locations at like facilities, at least one of which is 50 miles away; identify evacuation routes and alternate routes (with maps and estimated travel times); and have been shared with the proper authorities (CMS). For more information on planning for evacuations, see the Risk Analysis Evacuation.

Evacuation should only take place if sheltering in place poses a greater risk to vulnerable patients. A shelter-in-place plan should, among other things, have specified procedures to assess whether the facility is strong enough to withstand natural forces such as strong winds or flooding; include measures to secure the building against damage, such as plywood for windows or sandbags for flooding; identify the safest areas within the building; and ensure that there are sufficient resources for seven days and that contracts are in place with multiple vendors for supplies and transport (CMS).

Surge in demand. Surge capacity is the ability to expand patient care capabilities in response to a sudden or prolonged demand and is a crucial component of an emergency management program. Surge capacity encompasses such things as the number of potential patient beds, available space (for example, converting single rooms into doubles or using cafeterias or ACSs), the availability of all types of healthcare personnel, and the availability of necessary pharmaceuticals, medical equipment, and supplies. (Joint Commission “Health Care”)

There are a variety of federal and state resources available to assist hospitals. Preparedness for a medical surge, especially at mass-casualty levels, cannot be done in isolation; rather, the hospital should work with local and state emergency agencies, any existing healthcare coalitions, nearby hospitals, and other relevant response partners to assess the need for the following (U.S. HHS “Hospital Preparedness”):

  • Additional medical equipment, pharmaceuticals, and other patient care supplies
  • Equipment that assists with the provision of specialized medical evaluation and care such as pediatrics, burn, and trauma care equipment and supplies or mobile assets to supply services such as radiology or pharmacy
  • Mobile teams of healthcare professionals and mobile caches of equipment and/or supplies
  • Mobile trailers or shelters to provide space for treatment of patients, storage of surge supplies, and resources for emergency communication
  • Decontamination assistance
  • Equipment that can deliver power, heating, ventilation, air conditioning, and potable water, as well as equipment that can provide food storage and equipment that can sustain essential patient services
  • Systems that can provide redundant communication and information management capabilities (e.g., failover and backup, remote site hosting)

Volunteer Disaster Privileges and Responsibilities

Hospitals that cannot meet the immediate needs of their patients often rely on volunteers who may be LIPs or non-LIPs who are legally required to have a license or other certification. Since the usual credentialing and privileging processes cannot be performed during a disaster, Joint Commission standards EM.02.01.13 and EM.02.02.15 allow for a modified process once the EOP has been activated as long as there is verification of licensure or other certification required to practice a profession and oversight of the care, treatment, and services provided. Medical staff bylaws must identify which individuals are responsible for granting disaster privileges for LIPs, and the hospital must do the same for non-LIP volunteers.

Before any such volunteer can provide patient care, the hospital must obtain a valid government-issued photo ID, such as a driver’s license, and at least one proof of licensure such as a current picture ID from a healthcare organization, ID indicating that the individual is a member of a recognized state or federal response organization such as the Disaster Medical Assistance Team or the Emergency System for Advance Registration of Volunteer Health Professionals (ESAR-VHP), or confirmation by a currently privileged hospital practitioner or by a staff member with personal knowledge of the volunteer practitioner’s ability to act as a LIP or volunteer practitioner during a disaster.

ESAR-VHP helps preregister volunteer health professionals and verifies their credentials and qualifications in advance of an emergency. All 50 states have operational ESAR-VHP systems with registered volunteers who can be deployed within 24 hours. The Office of the Surgeon General’s Medical Reserve Corps also has over 200,000 volunteers in almost 1,000 units across all states and had reported participation in approximately 10,000 local activities in 2011. Together, these two units can provide volunteer public health and medical capability coverage to 91% of the U.S. population (FEMA “National Preparedness”).

The EOP must also describe how the medical staff or hospital (as appropriate) will distinguish volunteers from hospital staff and how they will oversee the performance of these volunteers. Based on this oversight, the hospital must determine within 72 hours if disaster privileges or responsibilities granted to volunteers should continue.

There are a variety of legal issues that need to be addressed regarding the use of volunteers, such as workers’ compensation coverage, malpractice coverage, OSHA requirements, financial arrangements for payment, and liability. Risk managers should ensure that these areas have been properly researched. For example, hospitals can draw up a letter of agreement covering such issues as the volunteer’s relationship to the healthcare organization and the time limits for that relationship or a waiver of compensation and indemnifications granted by local laws or statutes. Many state bar associations have done work on these matters.

Action Recommendations

  • Distribute this Risk Analysis to members of the EMC, any subcommittees, individuals with specific responsibility within the HICS, and top management.
  • Meet with the hospital disaster coordinator in order to discuss the following:
    • The hospital’s emergency management program and how it fits within the regional and state emergency management program
    • If appropriate, how to help the hospital improve its relationships with community response partners
  • If there is no disaster coordinator, meet with the EMC to discuss the reasons why.
  • If the risk manager is not a member of the EMC, ensure that he or she is included in meetings periodically to ensure familiarity with key personnel. The risk manager can contribute to the EMC through the following actions:
    • Reviewing the hospital’s HVA and ensuring that it is updated annually and consistent with the community’s HVA
    • Reviewing the hospital’s EOP and any related annexes or policies, including how to and who activates the EOP
    • Reviewing the hospital’s most recent documentation of the deficiencies and opportunities identified in the most recent exercise, or actual emergency, to ensure that appropriate follow-up actions are taking place
    • Working with the EMC and training coordinator to educate hospital staff on the EOP and their role in it
  • Review Joint Commission, NFPA, and NIMS requirements, as well as state and local laws relating to emergency management and response. Pay particular attention to any state bar association guidance in these matters, including liability issues, mutual-aid agreements, and MOUs.
  • Review the issues identified in Selected Legal Issues, and ensure that all have been properly addressed.




42 CFR § 483.75(m).

American College of Emergency Physicians (ACEP). Best practices for hospital preparedness [online]. 2009 Apr [cited 2012 Jul 25]. http://www.acep.org/clinical-practice-management/best-practices-for-hospital-disaster-preparedness.

American Health Lawyers Association (AHLA):

Emergency preparedness, response, and recovery checklist: beyond the emergency management plan [online]. 2008 [cited 2012 Jul 25]. http://www.healthlawyers.org/hlresources/PI/InfoSeries/Documents/Emergency%20Preparedness%20Checklist.pdf.

Section 1135 EMTALA waiver toolkit [online]. [cited 2012 Jul 25]. http://www.healthlawyers.org/Members/PracticeGroups/THAMC/EmergencyPreparednessToolkit/Documents/III_EMTALA/A_EMTALAWaiverToolkit.pdf.

Ashkenazi I, Kessel B, Khashan T, et al. Precision of in-hospital triage in mass-casualty incidents after terror attacks. Prehosp Disaster Med 2006 Jan-Feb;21(1):20-3.

Baretich MF. The new NFPA 99 [online]. 24x7 2012 Mar [cited 2012 Jul 25.] http://www.24x7mag.com/issues/articles/2012-03_01.asp.

Business Insurance. Hospital liability case settles [online]. Bus Insur 2010 Jan 31 [cited 2012 Jul 25]. http://www.businessinsurance.com/article/20100131/ISSUE01/301319981.

California Emergency Medical Services Authority, Disaster Medical Services Division. Hospital incident command system [website]. [cited 2012 Jul 25]. Rancho Cordova (CA): State of California. http://www.emsa.ca.gov/hics.

Campbell P, Trockman SJ, Walker AR. Strengthening hazard vulnerability analysis: results of recent research in Maine. Public Health Rep 2011 Mar-Apr;126(2):290-3.

Center for Biosecurity of UPMC. The next challenge in healthcare preparedness: catastrophic health events
[report online]. 2010 Jan [cited 2012 Jul 25]. http://www.upmcbiosecurity.org/website/resources/publications/2010/pdf/2010-01-29-prepreport.pdf.

Centers for Medicare and Medicaid Services (CMS). Emergency preparedness checklist: recommended tools for effective health care facility planning [online]. 2009 Sep [cited 2012 Jul 25]. http://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertEmergPrep/Downloads/SandC_EPChecklist_Provider.pdf.

Connecticut Department of Public Health, Standards of Care Workgroup. Standards of care: providing health care during a prolonged public health emergency [online]. 2010 Oct [cited 2012 Jul 25]. http://www.ct.gov/dph/lib/dph/legal/standards_of_care_final.pdf.

Erickson J. Quakes, eruptions, and other geological cataclysms. New York: Facts on File; 1994.

Federal Emergency Management Agency (FEMA):

Design guide for improving hospital safety in earthquakes, floods, and high winds: providing protection to people and buildings. FEMA 577. 2007 Jun. Also available at http://www.fema.gov/library/viewRecord.do?id=2739.

National preparedness report. 2012 May. Also available at http://www.fema.gov/library/viewRecord.do?id=5902.

Finan S. Disaster preparedness: legal issues faced by hospitals in the post-Katrina environment [online]. ABA Health eSource 2006 Nov [cited 2012 Jul 25]. http://www.americanbar.org/newsletter/publications/aba_health_esource_home/finan.html.

Fink S.

The deadly choices at Memorial. NY Times 2009 Aug 30;Sunday Magazine:MM28.

A settlement over Katrina moves ahead. NY Times 2011 Jul 22:A12.

Goolsby CA, Mothershead JL. Introduction to disaster planning: the scope and nature of the problem [online]. Medscape Ref 2011 Mar 18 [cited 2012 Jul 25]. http://emedicine.medscape.com/article/765495-overview.

Government Accountability Office (GAO). Emergency preparedness: states are planning for medical surge, but could benefit from shared guidance allocating scarce medical resources [report online]. 2008 Jun [cited 2012 Jul 25]. http://www.gao.gov/assets/280/276514.pdf.

Healthcare Facilities Accreditation Program (HFAP). HFAP News 2005 Oct;7(3):2-9. Also available at http://www.tst.do-online.org/pdf/acc_hfapnews10005.pdf.

Hodge JG, Anderson ED. Principles and practice of legal triage during public health emergencies, NYU Annu Surv Am Law 2008;64(2):249-91.

Hodge JG, Garcia AM, Anderson ED, et al. Emergency legal preparedness for hospitals and health care personnel. Disaster Med Public Health Prep 2009 Jun;3(2 Suppl):S37-44. Also available at http://www.dmphp.org/cgi/reprint/3/Supplement_1/S37.

Institute of Medicine (IOM). Crisis standards of care: a systems framework for catastrophic disaster response. Washington (DC): the National Academies Press; 2012 Mar 21. Also available at http://books.nap.edu/openbook.php?record_id=13351.

Iserson KV, Moskop JC. Triage in medicine, part I: concept, history, and types. Ann Emerg Med 2007 Mar;49(3):275-81.

Joint Commission:

Comprehensive accreditation manual for hospitals. Oakbrook Terrace (IL): Joint Commission Resources; 2012 Jan 1.

Function 2: resources and assets. Environ Care News 2009 Mar;12(3):4-10.

Function 3: emergency safety and security. Environ Care News 2009 Jun;12(6):6-11.

Health care at the crossroad: strategies for creating and sustaining community-wide emergency preparedness systems [online]. 2007 May 27 [cited 2012 Jul 25]. http://www.jointcommission.org/assets/1/18/emergency_preparedness.pdf.

There's something in the water. Environ Care News 2011 Sep;14(9):4-11.

Kennedy K, Aghababian RV, Gans L, et al. Triage: techniques and applications in decision making. Ann Emerg Med 1996 Aug;28(2):136-44.

Larkin H. 12-step disaster plan. Hosp Health Netw 2006 May;80(5):46-8.

McAlister VC. Drills and exercises: the way to disaster preparedness. Can J Surg 2011 Feb;54(1):7-8.

Missouri Hospital Association (MHA). Preparedness and partnership: lessons learned from the Missouri disasters of 2011 [online]. 2012 [cited 2012 Jul 25]. http://web.mhanet.com/userdocs/articles/2012_Preparedness_Lessons_Learned.pdf.

National Fire Protection Association (NFPA):

Committee on NFPA 99, memorandum [online]. No. 99-442. 2010 Mar 2 [cited 2012 Jul 25]. http://www.nfpa.org/Assets/files/AboutTheCodes/99/99_A2011_HEA-HES_ROP_ballot.pdf.

NFPA 1600: standard on disaster/emergency management and business continuity programs. Quincy (MA): NFPA; 2012 Jul.

NFPA 99: health care facilities code. Quincy (MA): NFPA; 2012.

Roccaforte JD, Cushman JG. Disaster preparedness, triage, and surge capability for hospital definitive care areas: optimizing outcomes when demand exceeds resources. Anesthesiol Clin 2007 Mar;25(1):161-77.

Rubin NM. New Rush hospital designed to treat infectious threats [online]. Chic Trib 2011 Nov 30 [cited 2012 Jul 25]. http://articles.chicagotribune.com/2011-11-30/health/ct-x-1130-rush-tour-20111130_1_pandemic-new-rush-sars.

Salinsky E. Strong as the weakest link: medical response to a catastrophic health event. Background Paper No. 65. Washington (DC): National Health Policy Forum; 2008 Aug.

Sztajnkrycer MD, Madsen BE, Alejandro Baez A. Unstable ethical plateaus and disaster triage. Emerg Med Clin North Am 2006 Aug;24(3):749-68.

Toner E, Waldhorn R, Franco C, et al. Hospitals rising to the challenge: the first five years of the U.S. Hospital Preparedness Program and priorities going forward. Baltimore: Center for Biosecurity; 2009 Mar.

U.S. Department of Health and Human Services (HHS):

HHS pandemic influenza plan: supplement 3 healthcare planning [online]. [cited 2012 Jul 25]. http://www.hhs.gov/pandemicflu/plan/sup3.html.

Hospital preparedness capabilities: national guidance for healthcare system preparedness [online]. 2012 Jan [cited 2012 Jul 25]. http://www.phe.gov/Preparedness/planning/hpp/reports/Documents/capabilities.pdf.

Majority of U.S. hospitals meet all-hazards preparedness measures [news release online]. 2011 May 5 [cited 2012 Jul 25]. http://www.hhs.gov/news/press/2011pres/05/20110505a.html.

Management of individual healthcare assets (tier 1). Chap. 2. In: Medical surge capacity and capability: a management system for integrating medical and health resources during large-scale emergencies. Washington (DC): U.S. HHS; 2007 Sep. Also available at http://www.phe.gov/preparedness/planning/mscc/handbook/pages/default.aspx.

NIMS implementation for healthcare organizations guidance [online]. 2011 Dec 9 [cited 2012 Jul 25]. http://doh.sd.gov/Prepare/Hospital/Documents/NIMSGuidancefor2012.pdf.

Wise RA. The creation of disaster health care standards for catastrophic events. Acad Emerg Med 2006 Nov;13(11):1150-2.

World Medical Association (WMA). WMA statement on medical ethics in the event of disasters [online]. Adopted 1994 Sep, revised 2006 Oct [cited 2012 Jul 25]. http://www.wma.net/en/30publications/10policies/d7/index.html.

Resource List

American Health Lawyers Association
(202) 833-1100

American Hospital Association
(800) 424-4301

American Society of Hospital Engineers

California Emergency Medical Services Authority
(916) 322-4336

California Hospital Association
(916) 443-7401

  • Multiple tools, checklists, exercises, and drills relating to hospital emergency management

Federal Emergency Management Agency
U.S. Department of Homeland Security
(202) 646-2500

National Center for the Study of Preparedness and Catastrophic Event Response
(410) 735-6450

Occupational Safety and Health Administration
(800) 321-OSHA (6742)

U.S. Department of Health and Human Services
(877) 696-6775

Additional Materials

Emergencies, Disasters, and Other Events


The Joint Commission defines an emergency as "an unexpected or sudden event that significantly disrupts the organization's ability to provide care, or the environment of care itself, or that results in a sudden, significantly changed or increased demand for the organization's services." (Joint Commission)


The Joint Commission defines disaster as "a type of emergency that, due to its complexity, scope, or duration, threatens the organization's capabilities and requires outside assistance to sustain patient care, safety, or security functions" (Joint Commission; emphasis added).

NFPA notes that there are significant differences between day-to-day emergencies and disasters. It states: "During disasters, responding entities are forced into more and different kinds of interactions with other groups and may lose some of their autonomy and direct control over their own functioning. Other differences include the crossing of jurisdictional boundaries; a more coordinated relationship among public and private sector entities becomes necessary, and performance standards for responding entities change and reflect disaster-relevant priorities." (NFPA)

The Institute of Medicine (IOM) differentiates between a catastrophic disaster and other disasters or emergencies, noting that a catastrophic disaster is characterized by four attributes:

  • Most or all of the community's infrastructure is impacted.
  • Local officials are unable to perform their usual roles for a period of time extending well beyond the initial aftermath of the incident.
  • Most or all routine community functions—work, recreation, worship, and education—are immediately and simultaneously interrupted.
  • Surrounding communities are similarly affected and thus, there are no regional resources to come to the aid of the affected local communities.

FEMA defines a major disaster as "any natural catastrophe (including any hurricane, tornado, storm, high water, wind driven water, tidal wave, tsunami, earthquake, volcanic eruption, landslide, mudslide, snowstorm, or drought), or, regardless of cause, any fire, flood, or explosion . . . which in the determination of the President causes damage of sufficient severity and magnitude to warrant major disaster assistance under . . . [the Stafford] Act" to supplement governments and disaster relief organization. (44 CFR § 206.2[a][17])

Homeland Security Presidential Directive 21 defines a catastrophic health event as "any natural or manmade incident, including terrorism, that results in a number of ill or injured persons sufficient to overwhelm the capabilities of immediate local and regional emergency response and health care systems." (White House)

Mass- or Multiple-Casualty Events

The term "mass-casualty event" is used by the federal government (and others) to describe catastrophic events that result in such a large number of casualties that the entire local healthcare system is overwhelmed and an integrated federal and/or state emergency response is necessary. (IOM) National healthcare preparedness planning addresses mass-casualty events, although many elements of the planning are useful in other emergency situations. Mass-casualty events are different from multiple-casualty events, such as a major transportation accident, which may indeed cause a medical surge at an individual hospital but does not overwhelm the entire healthcare system.


44 CFR § 206.2(a)(17).

Institute of Medicine (IOM). Introduction. Chap. 1. In: IOM. Crisis standards of care: a systems framework for catastrophic disaster response, vol. 1. Washington (DC): the National Academies Press; 2012 Mar 21.

Joint Commission. Standards and elements of performance (EPs) applicable to the proposed long term care core. Environmental management chapter: EM.01.01.01. 2012 Jun 25. Also available at http://www.jointcommission.org/assets/1/6/LTC_Core_EM.pdf.

National Fire Protection Association (NFPA). Annex A.3.3.11 incident. In: NFPA 1600: standard on disaster/emergency management and business continuity programs. Quincy (MA): NFPA; 2012 Jul.

White House. Homeland Security Presidential Directive 21: public health and medical preparedness [online]. 2007 Oct 18 [cited 2012 Jul 26]. http://www.fas.org/irp/offdocs/nspd/hspd-21.htm.

Healthcare Coalitions

As emergency preparedness has emerged as a high-profile concern for healthcare organizations nationwide, many experts have emphasized the need for hospitals to work with other organizations in their communities to coordinate plans and ensure the most efficient, effective care possible in emergency situations. Many such arrangements have evolved beyond informal discussions and taken the form of more formal operational coalitions.

For example, in Los Angeles, the Disaster Resource Center (DRC) coalition was developed after the county, which has more than 100 acute care hospitals for 10 million people, received a federal grant to coordinate planning, training, exercises, and participation in developing a regional disaster plan.  The DRC coordinates surge capacity planning, facilitates drills and exercises, stockpiles pharmaceutical caches, procures supplies, coordinates staff sharing, conducts personal protective equipment and decontamination training, and facilitates communica­tions planning. The coalition has also developed regional disaster plans and a software system for resource and bed tracking, facilitated increased interhospital communication, and provided funding for staff and disaster coordinators at participating hospitals. Thirteen hospitals have been designated as DRCs; each serves as a hub for 8 to 10 additional umbrella hospitals.

Key Features and Functions

While Los Angeles' history, politics, and culture all contributed to developing the optimal structure for that area, all strong healthcare coalitions have several features and functions in common.

  • Key features of strong healthcare coalitions include the following:
    • The inclusion of all, or most of, the acute care hospitals, public health departments, emergency management agencies, and emergency medical services (EMS) organizations within the geographic area of the coalition. Other healthcare entities, such as long-term care facilities and surgical centers, may be included, and some coalitions have included private businesses such as medical equipment vendors and pharmacies. For example, the New York City Department of Health and Mental Hygiene hosts a coalition of 65 hospitals and acute care facilities, 400 outpatient centers, 73 EMS organizations, medical societies and hospital associations, medical schools, and other representatives from public safety, emergency management, and public health.
    • Having a defined governance structure that, at minimum, has formal agreements among member organizations and defined leadership (that is, an individual or distinct body driving the effort). Going well beyond simple mutual-aid agreements, successful governance structures have included members that are linked by legal agreements; legal entities, such as nonprofit corporations, with paid officers and representatives of member organizations voting on policy decisions; and committees impaneled by, and deriving official authority from, the public health department. In areas with a strong public health department, the department may be the organizer and/or leader, while in areas with a dominant healthcare system, the system may be the organizer and/or leader.
  • Key functions of strong healthcare coalitions include the following:
    • Facilitating joint preparedness activities such as conducting joint threat assessments and creating community emergency response plans, participating in joint community exercises, and sharing individual emergency prepared­ness plans.
    • Providing a mechanism for connecting to the local or state ICS, often ensuring recognition of the coalition as a defined entity within the community emergency response framework. While NIMS does not address local healthcare coalitions, some cities have created healthcare emergency operation centers (EOCs) that act as intermediaries between the individual hospitals and state or local EOCs. Moreover, during an event such as an epidemic, where help from outside the healthcare sector is not needed, the healthcare EOC can be activated independently from the local or state EOC.
    • Engaging in joint purchasing of equipment, supplies, or pharmaceuticals, including developing joint stockpiles and caches, which, in addition to creating economies of scale, also provides for interoperability of materials.
    • Providing a forum for hospitals to plan for the challenges associated with a mass-casualty event, such as developing processes for allocating scarce resources and using ACSs, changing clinical care guidelines, and coordinating the implementation of such plans to ensure uniformity across a community.

Sources: Institute of Medicine. Crisis standards of care: a systems framework for catastrophic disaster response. Vol. 4, chap. 7. Washington (DC): the National Academies Press; 2012 Mar 21; Toner E, Waldhorn R, Franco C, et al. Hospitals rising to the challenge: the first five years of the U.S. Hospital Preparedness Program and priorities going forward. Baltimore: Center for Biosecurity; 2009 Mar.

How Prepared Are Hospitals?

Using a national probability sample of nonfederal general and short-stay hospitals, in 2008, CDC administered on-site surveys at 294 hospitals to determine hospital preparedness for responding to public health emergencies. Some of their key findings are listed below.

Emergency Response Plans

Nearly all of the surveyed hospitals had response plans for chemical releases (99.0%), natural disasters (97.8%), epidemics (94.1%), and biological incidents (93.2%). Somewhat fewer were prepared for nuclear incidents (81.3%), and preparedness for explosive or incendiary incidents was least frequent (79.6%). A similar trend was found with respect to including explosion scenarios in mass-casualty drills.

Cooperative Planning

Nearly all engaged in cooperative planning with other community emergency response organizations, including state and local emergency management groups (93.7%), other hospitals (92.7%), emergency medical services (89.7%), and state and local public health departments, law enforcement, and fire departments (88.7%, 86.2%, and 86.0%, respectively). Significantly fewer worked with community hazardous-materials teams (64.3%), and only 19% worked with the Federal Bureau of Investigation.

Most had memoranda of understanding (MOUs) with other hospitals to transfer adults during an epidemic (87.8%), but only about half had MOUs for pediatric and burn patients.

Most had mutual-aid agreements with other agencies to share supplies and equipment (84.1%), and somewhat less had agreements to share healthcare providers (69.0%). Only a little over half had plans for advance registration of volunteer health professionals, despite the existence of a federal initiative, the Emergency System for Advance Registration of Volunteer Health Professionals Grant Program, to do so.

Surge Planning

Most had plans for cancellation of elective procedures and admissions (86.3%).

About two-thirds had plans for alternate care areas with beds, staffing, and equipment, while about half had plans for the use of inpatient unit hallways, decommissioned ward space, or other conversion of inpatient units to augment intensive care.

Nearly all (90.5%) had plans for isolation of airborne-disease patients in negative-pressure rooms.

Nearly three-quarters (73.7%) had plans for setting up temporary facilities when the hospital is unusable (e.g., without power, flooded).

Limited Resources and CSCs

Almost three-quarters had written triage processes for limited intensive care resources.

Roughly two-thirds (64.0%) had plans for regional coordination of adjusted standards of care during a pandemic or other mass-casualty incident.

Less than half (42.0%) had plans for implementing adjusted standards of care for initiation and withdrawal of mechanical ventilation.

Regional Communication Systems

The majority (85.3%) had regional communication systems to track emergency department closures or diversions, but only about 29.2% had implemented these systems during an actual incident.

Four out of five (80.6%) had regional communication systems to track available adult intensive care unit (ICU) beds, 70.1% tracked pediatric ICU beds, and 64.8% tracked neonatal ICU beds. About 22.6% implemented adult ICU tracking systems.

A little over half had regional communication systems to track specialty coverage.

Nearly all (93.4%) had plans for receiving notification of alerts from the state or local health department, and about 34.5% of those had implemented these plans during an actual incident.

Mass-Casualty Management and Drills

Nearly all had plans for hospital evacuations (94.6%), and most had plans for transporting large numbers of patients within the hospital (83.9%) or between hospitals (77.0%). However, only 62.6% had plans for an on-site, large-capacity morgue.

Approximately half conducted more than one internal drill, but only 28.4% conducted more than one external drill (i.e., in collaboration with other organizations).

Of those external drills, 85.8% were performed with state or local offices of emergency management agencies, 81.5% with state or local law enforcement, 81.3% with state or local public health departments, 79.7% with fire departments, and 72.1% with fire-department-based EMS.

General disaster and emergency response was the most common scenario for mass-casualty drills (88.2%), followed by decontamination procedures (69.6%), epidemics/pandemics (58.5%), and chemical accidents or attacks (55.6%).

Significantly fewer hospitals addressed mass vaccinations (32.5%) or mass medication distribution to hospital personnel or the community (30.6% and 22.5%, respectively).

Hospitals addressed children and the frail elderly in 44.6% and 36.2% of the drills, respectively, but only 17.1% addressed mentally challenged individuals.

Source: Niska RW, Shimizu IM. Hospital preparedness for emergency response: United States, 2008. Natl Health Stat Report 2011 Mar 24;(37):1-14.

Crisis Standards of Care

As a 2012 IOM report notes, medical care delivered during disasters shifts beyond focusing on individuals to promoting the thoughtful stewardship of limited resources intended to result in the best possible health outcomes for the pop­ulation as a whole. Making decisions in advance about how CSCs will be implemented can help providers make sound decisions even in the stress of mass-casualty events.

The implementation of CSCs involves a substantial shift in normal healthcare activities and reallocation of staff, facilities, and resources. The federal government, primarily HHS, leads in efforts to develop CSCs for catastrophic situations, but unfortunately, no national CSCs have been developed. Some states have been working on this matter—states have primary responsibility for legal standards relating to tort liability—and risk managers should determine whether their state has any guidance available. Similarly, hospital associations and state legal associations also may have developed guidance. The Joint Commission has addressed this issue in an oblique manner, recommending that hospitals provide for a "graceful degradation" of services, with the goal being to avoid becoming incapacitated and unable to provide care of any kind, analogizing the use of CSCs to the way electrical utilities plan for "brownouts" to avoid "blackouts."

Risk managers should be aware that, as with ordinary standards, CSCs still require healthcare practitioners to adhere to ethical and professional norms—a provider should always exercise the skill and knowledge of a reasonably prudent similar healthcare provider under the circumstances. Conditions of overwhelming scarcity certainly limit autonomous choices for both patients and practitioners regarding the allocation of scarce healthcare resources but do not permit actions that violate ethical norms. IOM suggests that key features of CSCs are fairness, the duty to care, the duty to steward resources, transparency, consistency, proportionality, and accountability.

Sources: Joint Commission. Health care at the crossroad: strategies for creating and sustaining community-wide emergency preparedness systems [online]. 2007 May 27 [cited 2012 Jul 25]. http://www.jointcommission.org/assets/1/18/emergency_preparedness.pdf; Institute of Medicine (IOM). Crisis standards of care: a systems framework for catastrophic disaster response. Washington (DC): the National Academies Press; 2012 Mar 21. Also available at http://books.nap.edu/openbook.php?record_id=13351.

Selected Legal Issues

  • What types of emergencies or disasters can the governor, mayor, or other nonfederal governmental official declare, and what is the legal effect of such a declaration, including what, if any, state laws and regulations are waived?
  • Do the state's statutes recognize out-of-state healthcare licenses for the limited duration of a declared emergency?
  • Have interhospital and other MOUs and mutual-aid agreements been entered into and reviewed by counsel?
  • Can the hospital safely evacuate at-risk patients in response to an emergency?
  • Can patients with physical or mental disabilities be accommodated during the emergency consistent with disability protection laws?
  • Are appropriate measures in place to comply with privacy laws and for attempting to ascertain patients' informed consent?
  • Has the state hospital association, healthcare coalition, bar association, or other state entity developed guidance on resource allocation or CSCs? If so, are they in effect?
  • What are the legal effects of a shift to CSCs and changes relating to scopes of practice during a federal, state, or local declared emergency?
  • Is the hospital liable for harm during care at any alternate care facilities or for harm caused by volunteers or when treating patients under CSCs?
  • Are there federal, state, and/or local government policies or interstate agreements regarding resource allocation or CSCs, and if so, are they in effect?
  • Has the hospital assessed its strategy for conducting medical triage under legal requirements for treating new and existing patients? Does it include a process for determining allocation of limited resources that is fair, reasonable, nondiscriminatory, and credibly based on protecting the health of patients and the public?
  • Are there established reimbursement protocols for treating patients during an emergency, including patients treated in off-site facilities operated by the hospital?
  • Have federal and/or state authorities accelerated, altered, or waived Medicare or Medicaid requirements for reimbursement?

Sources: Hodge JG, Anderson ED. Principles and practice of legal triage during public health emergencies, NYU Annu Surv Am Law 2008;64(2):249-91; Hodge JG, Garcia AM, Anderson ED, et al. Emergency legal preparedness for hospitals and health care personnel. Disaster Med Public Health Prep 2009 Jun;3 (2 Suppl):S37-44. Also available at http://www.dmphp.org/cgi/reprint/3/Supplement_1/S37.

Related Resources

Topics and Metadata


Emergency Preparedness; Environmental Health; Facilities and Building Management; Security/Safety


Ambulatory Care Center; Ambulatory Surgery Center; Assisted-living Facility; Hospital Inpatient; Independent Living Facility; Rehabilitation Facility; Short-stay Facility; Skilled-nursing Facility; Substance Abuse Treatment Facility; Trauma Center

Clinical Specialty

Environmental Medicine


Architect; Risk Manager; Patient Safety Officer

Information Type


Phase of Diffusion


Technology Class


Clinical Category



SourceBase Supplier

Product Catalog








Publication History

​Published November 1, 2012