Archive for: October, 2019

Wildfire Preparation Tips for Your Organization

By: October 28th, 2019 Email This Post Print This Post

By Christopher Douyard, EHS Daily Advisor

Wildfires can happen at any time, though changes in land use combined with the steady and continuing rise of global temperatures over the past decades have helped create the perfect environmental conditions for them to thrive. To compound the problem, more and more people are living and working in communities where the risks posed by wildfire are most severe. It’s imperative that your facility takes every precaution to ensure that it doesn’t become another casualty of these increasingly common natural disasters.

The good news is that despite a great cause for concern, there are steps that you can take to assess and protect your buildings in advance. Here are some tips to help you prepare in the event that a wildfire threatens your organization.

Assess Your Facility’s Current Risk

There are several factors to consider when determining the potential risk for wildfire damage at your facility’s site. Foremost, it is important to understand the conditions at your facility, including weather patterns, types of local vegetation, and topography. Some regions are more fire prone than others, though there are a few key factors that apply, regardless. During your initial visual assessment, take note of the following:

  • The presence of wild vegetation, including wild grasses, brush, and timber, as these can be highly combustible. However, vegetation used in landscaping can be equally combustible.
  • Plants with a higher probability of combustion:
    • Contain volatile oils or resins. These are typically aromatic;
    • Have long and/or narrow leaves or needles;
    • Have leaves that are fuzzy or waxy;
    • Have loose or paper-like bark; and
    • Will have dead plant material accumulating beneath them.

Keep in mind that wildfires move both horizontally and vertically. Some of the most devastating fires start on the ground and then travel to bushes and shrubs, where they can then move into treetops or to a roofline. Take note of tall shrubs or overhanging tree branches near your facility or its outbuildings.

Also, recognize that these factors work in reverse. A fire that starts inside your facility can easily spread from your building by jumping to nearby vegetation, from which it can spread outward into the community.

Create a Defensible Space

Once you’ve assessed the vertical and horizontal risks posed by the vegetation and outbuildings adjacent to your building(s), you must create a defensible space around them. This space should consist of three nested zones, each with a unique set of requirements.

Zone 1: within 30 feet (ft) of facility

  • Remove all combustible materials, such as fire-prone vegetation, firewood, furniture (such as picnic tables), and/or lumber decking.
  • Remove combustible litter from the roof and/or gutters.
  • Trim branches that overhang your facility.

Traditionally, the landscaping closest to a building helps keep the facility attractive and inviting to workers, clients, and the community, but it should also be as fire-resistant as possible. For example, plant drought-resistant native plants that are low maintenance instead of ornamental species, and any lawn needs to be well-irrigated. Hardscapes are also good in Zone 1, and features like stone, gravel, or otherwise paved walkways can serve as firebreaks across the property. Using crushed stone rather than mulch for beds that are placed up against the building will also help mitigate the risk of fire reaching the building.

Zone 2: between 30 and 100 ft from facility

  • Incorporate hardscape features into your property to act as firebreaks.
  • Plant fire-resistant vegetation, and limit trees to individuals or small clusters.
    • Prune dead or dying branches regularly, and be sure to remove them.

In addition, any outbuildings located on the property should be placed in Zone 2 and should be a minimum of 50 ft from your facility if they are used to store combustible materials. Double-check your state and local building codes to make sure any fuel tanks are properly located at the minimum required distance (if not farther) from the building. If they are required to be above ground, make sure they are placed on a noncombustible pad.

Zone 3: more than 100 ft from facility

The health of the vegetation should be the maintenance focus in Zone 3. Though the trees may be more densely packed, especially if your facility is in a relatively unpopulated area, you should still prune and remove any dead or dying branches. Be sure to prune both horizontally and vertically to help minimize the potential for fire to spread.

While you don’t need to “rake the forest,” remove any larger concentrations of dead materials from the ground.

Other Steps to Consider

If you have any questions or concerns about how a wildfire event would impact your facility, first and foremost, you should reach out to your local fire department, state fire agency, or a qualified fire management specialist for an on-site consultation. Any of them can help you assess your facility’s risk and help prepare a plan for addressing issues. You could also reach out to your local planning and zoning office if you’re unsure about requirements in your area.

It’s also important to keep in mind that any codes or requirements represent the minimum effort that you should incorporate into your facility. If your building(s) are located in an area with an elevated wildfire risk, it doesn’t hurt to spend a little more on design, materials, and maintenance that could be the difference between keeping your facility safe or having to make a very expensive insurance claim.

Top 10 Medical Technology Hazards for 2020 Announced

By: October 24th, 2019 Email This Post Print This Post

By Christopher Cheney, HealthLeaders Media

Surgical staplers are the top medical technology hazard for 2020, according to the ECRI Institute.

Twenty years after publication of the Institute of Medicine’s landmark report To Err is Human: Building a Safer Health System, patient safety remains a significant concern for the healthcare sector. The Institute of Medicine report estimated 98,000 Americans were dying annually due to medical errors. Estimates of annual patient deaths due to medical errors have since risen steadily to 440,000 lives, which make medical errors the country’s third-leading cause of death.

Earlier this year, the U.S. Food and Drug Administration published an analysis of more than 109,000 adverse stapler incidents from 2011 to 2018, including 412 deaths and 11,181 serious injuries.

“Injuries and deaths from the misuse of surgical staplers are substantial and preventable. We want hospitals and other medical institutions to be in a better position to take necessary actions to protect patients from harm,” Marcus Schabacker, MD, PhD, president and CEO of the Plymouth Meeting, Pennsylvania-based ECRI Institute said this week in a prepared statement.

The following is the ECRI Institute’s Top 10 list of medical technology hazards for 2020.

1. Surgical staplers:  

“Consequences of a staple line failing or staples being misapplied can be fatal. Patients have experienced intraoperative hemorrhaging, tissue damage, unexpected postoperative bleeding, failed anastomoses, and other forms of harm,” an ECRI Institute executive report released this week says.

Most surgical stapler adverse incidents are linked to human error such as picking an incorrect staple size and clamping on tissue that is too thick or too thin, the executive report says. ECRI Institute’s recommendations for safe use of surgical staplers include hands-on practice with specific staplers that are used in healthcare settings.

2. Point-of-care ultrasound:

“A lack of oversight regarding the use of point-of-care ultrasound (POCUS)—including when to use it and how to use it—may place patients at risk and facilities in jeopardy,” the executive report says.

Although POCUS has been established as a valuable technology for diagnosis and guiding interventional procedures, safeguards are insufficient at many healthcare facilities, the executive report says. “Safeguards for ensuring that POCUS users have the requisite training, experience, and skill have not kept pace with the speed of adoption.”

Recommendations for POCUS safety include user training and credentialing, exam documentation, and data archiving.

3. Infection risks from sterile processing:

“Insufficient attention to sterilization processes in medical offices, dental offices, and some other ambulatory care settings can expose patients to contaminated instruments, implants, or other critical items,” the executive report says.

Physician practice offices and dental offices are high-risk locations because they often do not have the sterilization resources found in hospitals, the executive report says. Recommendations to improve sterile processing in these settings include designating a qualified staff member to support infection prevention and control practices.

4. Hemodialysis risks with central venous catheters in the home health setting:

“Many hemodialysis patients receive treatment through a central venous catheter (CVC) well beyond the period when transition to another form of vascular access is recommended. And the U.S. federal government recently announced a push to increase the use of home treatment for kidney disease patients,” the executive report says.

CVCs are often placed through the jugular vein and can result in severe adverse events such as infection, clotting, and disastrous blood loss if there is a disconnection. “Family members or other caregivers may be ill-equipped to manage the risks or to respond when a CVC problem occurs. The possibility that an increasing number of patients with CVCs might receive hemodialysis in the home raises concerns,” the executive report says.

5. Surgical robotic procedures:

“While the use of surgical robots in innovative ways or for new procedures can help advance clinical practice, such uses can also lead to injury or unexpected complications and the potential for poorer long-term outcomes,” the executive report says.

Although robots have benefits during surgical procedures such as improved dexterity and tremor reduction, they have drawbacks, including limited tactile feedback for forces exerted on tissue, the executive report says. Recommendations for safe use of surgical robots in new procedures include training, credentialing, and privileging operating room staff in the new applications.

6. Alarm, alert, and notification overload:

“More than ever before, clinicians have to divide their attention between direct patient care tasks and responding to prompts from medical devices and health IT systems. As the number of devices that generate alarms, alerts, and other notifications increases, so too does the risk that the clinician will become overwhelmed, creating the potential for a clinically significant event to go unaddressed,” the executive report says.

Recommendations to address alert overload include decreasing overall notification burden and helping clinical staff to develop critical thinking skills to ease cognitive overload.

7. Cybersecurity risks in the home health setting:

“Remote patient monitoring technologies are increasingly being used for at-home monitoring to help clinicians identify deteriorating patients before they require hospitalization. As network-connected medical technologies such as these move into the home, cybersecurity policies and practices that address the unique challenges involved must be instituted,” the executive report says.

8. Missing implant data for MRI scan patients:

“Patients presenting for magnetic resonance imaging (MRI) studies must be screened for implanted devices to avoid harm. Some implants can heat, move, or malfunction when exposed to an MRI system’s magnetic field. Thus, MRI staff must identify and follow any contraindications or conditions for safe scanning prescribed by the implant manufacturer,” the executive report says.

Recommendations include creating implant lists in patients’ electronic medical records.

9. Medication errors from dose timing discrepancies in electronic medical records:

“Missed or delayed medication doses can result from discrepancies between the dose administration time intended by the prescriber and the time specified within the automatically generated worklist viewed by the nurse,” the executive report says.

10. Loose nuts and bolts in medical devices:

“The nuts, bolts, and screws that hold together medical device components can loosen over time with routine use. Failure to repair or replace loose or missing mechanical fasteners can lead to severe consequences: Devices can tip, fall, collapse, or shift during use—any of which could lead to patient, staff, or bystander injury or death,” the executive report says.

Christopher Cheney is the senior clinical care​ editor at HealthLeaders.

Crisis communication: 10 tips for hospitals to prepare for a disaste

By: October 21st, 2019 Email This Post Print This Post

By Jody Moore, PSQH

Hurricanes, floods, fires, and other natural and manmade incidents can strike anytime, anywhere. Faced with such disasters, hospitals must not only respond to the emergency but also maintain continuity of patient care under the most trying circumstances imaginable.

What can your hospital do to be better prepared when the next crisis hits? How can you minimize the physical, psychological, and emotional stresses that can overwhelm staff and patients? What strategies, resources, and practices can you deploy when a natural disaster cripples the technological systems needed for essential functions?

Several hospital leaders with firsthand experience in crisis management shared insights on how to address communication issues—a core element of emergency preparedness—in a discussion I moderated at the annual Voalte User Experience conference (VUE18). The panelists included:

  • Scott McCarty, unified communications manager at Tampa General Hospital, who is a member of its Emergency Preparedness/Disaster Planning committee and helped the hospital prepare for Hurricane Irma in 2017
  • Roberta Romeo Shannon, project manager of strategic projects and clinical systems at UConn Health in suburban Hartford, which recently opened a new hospital tower that gave staff the experience of evacuating inpatients similar to what would happen during an emergency
  • Keith Turner, manager of clinical enterprise systems at Texas Children’s Hospital in Houston, who was on-site in 2017 when the Category 4 storm Hurricane Harvey made multiple landfalls and caused massive flooding and $125 billion in damage statewide

The following are 10 practical tips from this discussion that can help hospitals be better prepared to communicate during a crisis:

1. Understand and comply with CMS regulations on crisis communication preparation

Hospitals, along with multiple other provider types, must comply with CMS’ Emergency Preparedness rule to participate in the Medicare or Medicaid program. Developing and executing a communication plan is one of the rule’s four core elements, and the plan should include:

  • Compliance with federal and state laws
  • A comprehensive method to contact staff, including patients’ physicians and other necessary persons
  • Well-coordinated communication within the facility, across healthcare providers, and with state and local public health departments and emergency management agencies

2. Establish one available and secure endpoint to simplify emergency communication

When developing an emergency plan, it’s important to consider all the hospital’s systems and endpoints that people use and how those systems are integrated. Also keep in mind that nurses and staff could be working anywhere in the hospital and may not have access to their desk phones.

According to McCarty, “We’re getting away from pagers by using an SMTP setup that gives us a bridge to funnel communications to our Voalte smartphone platform endpoint. This means that one operator can then quickly send an emergency code without logging in to multiple systems.”

3. Prepare to be home alone

Flooding, power outages, and impassable roads can cut off connections to the outside world. When Hurricane Irma was bearing down in 2017 on the island where Tampa General is located, the hospital faced the possibility of being physically isolated from the rest of the city.

Since it couldn’t rely on the internet, Tampa built redundancies into its core on-premise Wi-Fi network, including data recovery servers. It has backup generators on the island and diesel fuel for four days, with more available if needed. Core switches are located on higher floors in case of flooding. These redundancies ensure that Tampa can continue running its Voalte communication platform if it is ever cut off from the mainland.

4. Use mobile technologies to track and connect patients

Federal regulations require that hospitals’ emergency preparedness programs include systems to track the location of on-duty staff and sheltered patients in the hospital’s care during an emergency. Hospitals must be able to quickly reunite families with their loved ones, which can be especially challenging on sprawling campuses with millions of square feet of space.

One solution is to use apps that enable physicians, nurses, and staff to take pictures using a smartphone linked to a secure communication platform. These pictures can be stored temporarily on hospital servers and prevented from being uploaded or sent to anyone without access to the platform.

5. Be flexible and redundant, and don’t forget low-tech and old-tech alternatives

The urgency and frequency of alarms, messages, and other patient communications don’t abate just because a network shuts down. Hospitals need backup communication solutions to ensure the continuity of patient services.

“If there’s a system outage, we’ll employ different communications, such as a ticker on our intranet page,” said Turner. “We also keep a directory of phone numbers that can be used for ‘phone tree’ communications and can still pull out walkie talkies if needed.”

At Tampa General, McCarty became interested in ham radio as a result of Irma. The hospital now has a ham radio in its command center with an antenna on its roof as well as three iridium satellite phones—two at the hospital and the other at a large outpatient facility that has a freestanding ED and a helipad.

6. Build muscle memory with training drills

When a crisis happens, chaos and confusion supplant the natural order of everyday routines. To ensure that hospital staff are prepared to function in these high-stress situations, CMS requires facilities to demonstrate completion of two emergency exercises per rolling 12-month interval. Regulations also currently require hospitals to update their training and testing methods at least once a year.

The panelists emphasized that routinely conducting these drills several times a year builds much-needed “muscle memory” that enables the staff to react reflexively in high-stress situations. At Tampa General, each unit has its own downtime plan and downtime boxes that are routinely updated.

Four more tips

  • Ensure IT and communication leaders are included on disaster planning committees
  • Align communication policies with current technologies, clinician and patient needs, and various disaster scenarios, including active shooter events
  • Keep an extra supply of smartphones on hand and strategically place them in certain units for use only in an emergency
  • Don’t put all your eggs in one basket; always have a plan B, C, and D

Final word

Ultimately, crisis communication is all about meeting the needs of staff, patients, and their caregivers. As Shannon pointed out, “Our priority during any emergency is to support and connect the people who are doing the most important work. We may find ourselves swirling around trying to get everything right, but our focus should always be helping all those who are caring for patients.”

Jody Moore is co-founder and principal partner of Crisis Focus, an emergency management consulting company for healthcare providers.

In-hospital delirium predictive of readmission, discharge to postacute facilities, ER visits

By: October 18th, 2019 Email This Post Print This Post

By Christopher Cheney, HealthLeaders Media

In-hospital delirium is a predictor of readmission, emergency department visits, and discharge to a location other than home, recent research shows.

The development of delirium in the hospital setting impacts about 12.5% of general medical admissions and as many as 81% of intensive care unit patients. Earlier research has shown delirium among hospitalized patients is predictive of prolonged hospital length stay, lengthened mechanical ventilation, and mortality.

The recent research in the Journal of Hospital Medicine featured data collected from more than 700 delirious patients and nearly 8,000 non-delirious patients. The researchers found delirious patients had increased odds for 30-day readmissions, ED visits, and discharge to postacute care facilities.

“These results suggest that patients with delirium are particularly vulnerable in the posthospitalization period and are a key group to focusing on reducing readmission rates and post-discharge healthcare utilization,” the researchers wrote.

Link between in-hospital delirium and readmissions

The Journal of Hospital Medicine research builds on earlier studies about in-hospital delirium, the lead author of the research told HealthLeaders.

“Prior studies have shown that delirium is associated with functional decline at discharge, so these patients may be particularly vulnerable in the days and weeks following hospital discharge. Our work helps to confirm this as we show that patients who become delirious in the hospital are far more likely to be readmitted within 30 days of discharge, compared with patients who do not develop delirium,” said Sara LaHue, MD, a resident physician at the Department of Neurology, School of Medicine, University of California San Francisco.

The new research indicates that hospital-based interventions should be targeted at delirious patients to reduce readmissions, she said. “Hospital-based interventions that reduce the development of delirium may then reduce the complications of delirium, such as readmission.”

Reducing delirium-associated postacute care service utilization

To avoid hospital readmissions linked to delirium, clinicians should focus on preventing patients from becoming delirious in the hospital, LaHue said.

“This may include systems for identifying patients at high risk of becoming delirious, screening for active delirium, and enacting interventions that target the underlying cause in order to reduce the severity or duration of delirium. While such a program can take a bit of work to get off the ground, the benefits for patients, their families, and the hospital system can be significant.”

One team member who is often overlooked is the caregiver at home, she said.

“Educating caregivers about delirium risk factors can be very helpful—he or she can bring glasses or hearing aids from home, engage the patient in meaningful conversation to help with orientation, and encourage regulation of sleep-wake cycles. If a patient does become delirious, the caregiver can continue to help with these interventions.”

Caregivers at home are an essential component of postacute care, LaHue said.

“We know that delirium is associated with functional decline at discharge, so coordinating safe discharge plans with the caregiver, especially to identify need for resources—physical therapy, occupational therapy, home health, and nursing—can potentially help reduce post-discharge complications.”

Follow-up care is another crucial factor, she said. “Ensuring expedited follow-up with a primary care provider, who can assess for any additional needs, is also important.”

Multidrug-resistant infections can cost $4,600 per hospital stay

By: October 16th, 2019 Email This Post Print This Post

By Christopher Cheney, HealthLeaders Media

Infections linked to multidrug-resistant organisms (MDROs) cause a significant cost burden for U.S. healthcare, recent research shows.

The development of antibiotic-resistant infections is one of the most severe public health problems in the country, according to the Centers for Disease Control and Prevention. About 23,000 Americans die annually from an antibiotic-resistant infection, the CDC says.

The national price tag for treating infections linked to MDROs in the hospital setting is at least $2.39 billion, according to the recent research, which was published in the journal Health Services Research.

The researchers also tallied the treatment cost per inpatient hospital stay for methicillin-resistant Staphylococcus aureus (MRSA)Clostridium difficile (C. difficile), and other MDROs.

  • Treatment of infection with MRSA cost about $1,700
  • Infection with C. difficile cost about $4,600
  • Infection with another MDRO cost about $2,300
  • Infection with multiple MDROs cost about $3,500

“We find the highest incremental and total costs for C. difficile and the lowest incremental costs for MRSA, consistent with estimates from previous reports. The higher costs appear to be driven largely by a higher average length of stay, but may also be due to additional testing and increased risk for ICU admission with C. difficile,” the researchers wrote.

In 2014, the President’s Council of Advisors on Science and Technology made several recommendations to combat antibiotic resistance, including surveillance of MDROs in healthcare settings and the community, anti-microbial stewardship campaigns, precautions to limit exposure, and education of patients and physicians about the dangers of overprescribing antibiotics.

Calculating superbug economics

The lead author of the Health Services Research article, Kenton Johnston, PhD, MPH, told HealthLeaders that determining the cost effectiveness of efforts to reduce MDRO infections is challenging.

“Essentially, you are comparing the costs of MDRO-reduction efforts to the savings generated by those efforts. The costs of MDRO-reduction efforts would be the programmatic costs of interventions. This is tricky because the interventions are wide-ranging throughout society such as hand-washing campaigns. The savings part is also tricky because the savings also accrue throughout society,” said Johnston, an assistant professor at the College for Public Health & Social Justice, St. Louis University.

Johnston’s research team only examined hospital costs of efforts to combat MDRO infections.

“A systematic review of the literature on just the cost side of this equation found that the cost of measures to combat and eradicate MDROs ranges from $331 to $66,772 per MDRO-positive patient. This is obviously an unacceptably huge range for calculating the cost side of the equation alone. As a result, more research needs to be done,” he said.

7-Part EMS screening tool boosts early sepsis treatment

By: October 16th, 2019 Email This Post Print This Post

By Chris Cheney, HealthLeaders Media

Emergency medical service screening for sepsis speeds administration of the Surviving Sepsis Campaign 3-hour bundle of treatment, new research shows.

On an annual basis, sepsis affects about 1.7 million American adults and the infection is linked to more than 250,000 deaths. Timely application of the 3-hour bundle has been associated with reduced mortality.

In the new research, EMS crews conducted sepsis screening of patients before emergency department arrival, a co-author of the study told HealthLeaders.

“We implemented a standard operating procedure for sepsis screening—seven questions for the emergency department RN to ask EMS in any adult patients excluding trauma. When sepsis was suspected, the radio RN would notify the charge nurse to help get them into a room. The key takeaways are that implementing a sepsis screening tool for EMS to use is feasible and it helps to expedite care in these patients,” said Megan Rech, PharmD, MS, an emergency medicine clinical pharmacist and adjunct assistant professor, Department of Emergency Medicine, Stritch School of Medicine, Loyola University, Chicago.

In the primary finding of the research, 3-hour bundle compliance was significantly higher using the EMS sepsis screening tool compared to a control group, 80.0% vs. 44.2%, respectively.

The bundle has four main components: measurement of serum lactate concentration, fluid resuscitation, blood cultures prior to antimicrobials, and broad-spectrum antibiotics for suspected or documented infection.

The EMS sepsis screening tool had seven elements:

  1. Respiratory rate: N20 breaths per minute
  2. Heart rate: N90 beats per minute
  3. Systolic blood pressure: b90 mm Hg
  4. Documented fever or history of temperature: N100.9 °F or b96.8 °F
  5. Onset of mental status change
  6. Oxygen saturation: b90%
  7. Suspected infection

“There is great potential in the pre-hospital setting for earlier recognition of sepsis in patients arriving to the ED via EMS. Early recognition of sepsis will allow medical personnel to initiate sepsis protocol and decrease an important variable in sepsis mortality: time. We demonstrated that the use of a pre-hospital sepsis screening tool was associated with significant improvement in 3-hour bundle compliance, likely due to improved recognition of sepsis,” Rech and her co-authors wrote.

Christopher Cheney is the senior clinical care​ editor at HealthLeaders.

The chronic issue of cybersecurity

By: October 14th, 2019 Email This Post Print This Post

By Suzanne Widup

Healthcare institutions large and small can be left black and blue by a cyberattack. Larger institutions have more patients and thus have more user health records that attackers can compromise. Smaller institutions, on the other hand, may not have the financial resources to protect themselves against an attack or respond to one when it occurs.

In the event of an incident or breach, repairing a security system can take a massive toll on a healthcare institution, costing time, money, and staffing support to remedy. This severely affects the number of patients seen for however long it takes to address and fix the damage, which in turn causes the institution’s finances and reputation to suffer.

Healthcare institutions are vulnerable cyber targets, with thousands of patient records to protect and a federal requirement to comply with HIPAA and HITECH. These institutions lack the staffing (and sometimes the awareness) to prevent personal health data from being accessed and held by threat actors. With the constant demand to see and treat patients, cybersecurity hasn’t always been a top priority for these institutions. But it should be.

The call is coming from inside…

According to Verizon’s 2019 Data Breach Investigations Report, for the second consecutive year, the majority of healthcare cybersecurity breaches in 2018 were attributed to internal (rather than external) threat actors—a skew unique to the healthcare industry. These internal threat actors are typically employees working within healthcare institutions (doctors, nurses, etc.). Though these employees are not always acting out of malice, the major concern here is that they have been granted access to systems to carry out their jobs; thus, they do not need to break into those systems to retrieve or expose classified information.

Across sectors, including the healthcare industry, misdelivery (sending data to the wrong recipient) is the most common error type that leads to data breaches. Typically, these errors involve mailing patient paperwork to the incorrect address, or issuing discharge papers or other private records to the wrong person.

The healthcare sector also suffers from the widespread problem of social attacks. Like many industries, healthcare institutions are under the constant threat of phishing emails that bait unsuspecting recipients to enter personal information, such as email credentials, onto fake sites. The stolen login information is then used to access the user’s cloud-based email account, thus compromising any patient data in the user’s inbox, outbox, or other folders.

Required to report

Unlike other sectors, the healthcare industry is required by law to report ransomware attacks as though they were confirmed breaches due to U.S. regulatory requirements. These attacks tend to make headlines as they disrupt an organization’s ability to carry out its primary function—patient care. While some organizations have resorted to paying the ransom demand, this is no guarantee that the criminals behind the attack will provide a valid key to restore an organization’s data—they may just take the money and run.

So how can healthcare institutions immunize themselves from cyberattacks and breaches? There is no magic pill, but there are precautions that industry leaders can put in place to better protect themselves against inside and outside threats.

Prescriptions for protecting your network

  • Locate the problem areas: Practice good security hygiene by examining the current health of the network. Healthcare institution leaders and administrators should know where their major data stores are, limit necessary access for their employees and staff, and keep track of access attempts to pinpoint weak spots. Certain staff may not need complete access to files and records to perform their jobs, and practitioners can enact low-cost process controls to prevent miscellaneous errors that can erode the cybersecurity of an institution.
  • Make it easier for employees to report issues: Minor errors like phishing can be infectious. Industry leaders should make it easy for their staff to report phishing when it occurs (regardless of whether the staff took the bait) so they can nip issues in the bud and prevent an influx of employees from potentially compromising the network. Leaders can incentivize the process by implementing reward-based motivations for employees to report incidents quickly, thereby limiting the people and information affected.
  • Institute checks and checkups: Have a game plan that focuses on mitigating or preventing incidents and breaches, rather than nursing a security system back to health after an attack has occurred. Institutional leaders need to know which processes deliver, dispose of, or publish personal data and put up checks to ensure that a minor mistake made by an employee does not escalate into a breach. By enacting a plan and conducting regular checkups of mobile and network security, healthcare institution leaders will have a standard by which they can regularly measure the pulse of their performance.

As healthcare institutions become increasingly interconnected, leaders need a plan to address the state of mobile and network security before an attack occurs. Reframe cybersecurity as a matter of patient care: Medical devices can be hacked, a breach can cause a misdiagnosis, and personal health information stored on computers can be stolen. Not to mention, the downtime during a breach can put patients in critical danger.

Protect before you have to treat. Industry leaders must take all of the necessary measures to assess and stabilize their institutions’ cybersecurity and better thwart attacks—especially “from the inside.” By putting up safeguards for employees, including doctors and nurses, to protect themselves from accidentally compromising their network, these institutions can lessen or prevent the threat of an incident or breach.

Or you can always seek a second opinion.

Suzanne Widup, senior analyst at Verizon Enterprise Solutions, is a co-author of the Verizon Data Breach Investigations Report, and lead author for the Verizon PHI Data Breach Report. She spends quality time hunting for publicly disclosed data breaches for the VERIS Community Database ( She has 20 years of IT experience, including Unix system administration, information security engineering, and digital forensics in large enterprise environments. She holds a BS in computer information systems and an MS in information assurance. Widup is the author of Computer Forensics and Digital Investigation With EnCase Forensic v.7,published by McGraw-Hill.

Doing more harm than good? Study finds healthcare workers often provide care while ill

By: October 11th, 2019 Email This Post Print This Post

Many healthcare workers may be putting patients at risk by continuing to work when they have symptoms of cold, flu, or other respiratory illnesses, according to a new study published in Infection Control & Hospital Epidemiology.

The study found that 95% of healthcare workers have worked while sick, most often because the symptoms were mild or began during their work shift.

“We found that physicians and people working in areas that required the most intensive contact with patients were less likely than other workers to stay home or to leave work if symptoms progressed after the start of the day,” said Brenda Coleman, PhD, clinical scientist in the Infectious Disease Epidemiology Research Unit at Mount Sinai Hospital, Toronto, and lead author of the study, in a release. “Managers and senior staff need to both model and insist on workers staying home when symptomatic as it protects both patients and coworkers from infection.”

The study, published in the journal for the Society for Healthcare Epidemiology of  America, found that 92% of healthcare workers report to work while symptomatic for an acute respiratory viral illness. Hospital-acquired respiratory viral infections cause significant illness and death, in addition to increased healthcare costs. The Centers for Disease Control and Prevention recommends that healthcare workers with fever and respiratory symptoms consider temporary reassignment or exclusion from work while they are symptomatic.

Researchers conducted a four-season prospective cohort study of influenza and other respiratory illnesses in nine Canadian hospitals in Toronto, Hamilton, and Halifax. Healthcare workers in hospitals who worked more than 20 hours per week filled out daily online illness diaries whenever they developed symptoms; these included information about symptoms, possible exposure, attendance at work, reason for work or absence, and medical consultations.

In all, 10,156 illness diaries were completed by 2,728 participants. Diaries of workers who were not scheduled to work were excluded, which left 5,281 diaries for analysis. Sixty-nine percent of participants said they worked during an illness because their symptoms were mild and they felt well enough to work, 11% said they had things to finish at work, 8% said they felt obligated to work, and 3% responded that they couldn’t afford to take the time off. Half of the participants said they had episodes of acute respiratory viral illness during influenza season, with 95% of those working one or more days of their illness. Of the study participants, 79% said they were entitled to paid sick leave.

Coleman said the study illustrates the need to educate healthcare workers, managers, workplace health/safety/infection control staff, and administrators about the transmission risk associated with respiratory viral infection. Organizations should also clarify what symptoms require exclusion from work and develop and roll out policies for working while symptomatic, she added.

Two new protocols for respirator fit testing from OSHA

By: October 9th, 2019 Email This Post Print This Post

By Guy Burdick, EHS Daily Advisor

On September 26, OSHA added two new protocols for ensuring employees’ respirators fit properly. When employers are required under personal protective equipment regulations to provide respiratory protection, they also are required to ensure the respirators properly fit each employee.

The new protocols are variations of an existing OSHA-approved method, the ambient aerosol condensation nuclei counter (CNC) quantitative fit testing protocol, often referred to as the “PortaCount® protocol.” The new protocols are:

  • The modified ambient aerosol CNC quantitative fit testing protocol for full-face piece and half-mask elastomeric respirators; and
  • Modified ambient aerosol CNC quantitative fit testing protocol for filtering face piece respirators.

The new protocols have fewer test exercises, shorter exercise duration, and a more streamlined sampling sequence than the existing ambient aerosol CNC quantitative fit testing protocol.

The protocols provide employers with alternatives to the four quantitative fit testing protocols already listed in the respiratory protection standard. The new protocols apply to employers in general industry, shipyard employment, and the construction industry.

Original, Modified Protocols

The original ambient aerosol CNC protocol uses a sample device installed on the respirator to quantitatively test the respirator’s fit. The probed respirator is used only for the fit test.

The PortaCount protocol employs a series of eight test exercises, performed in the following order: normal breathing, deep breathing, turning head side to side, moving head up and down, talking, grimacing, bending over, and then normal breathing again.

The modified ambient aerosol CNC protocol for full-face piece and half-mask elastomeric respirators differs from the original protocol as follows:

  • It includes only three of the eight original test exercises (bending over, head side to side, and head up and down).
  • It adds jogging in place as a new exercise.
  • It reduces the total test duration from 7.2 to 2.5 minutes.

The modified ambient aerosol CNC protocol for filtering face piece respirators differs from the original protocol as follows:

  • It includes only four of the eight original test exercises (bending over, talking, head side to side, and head up and down).
  • It reduces the total test duration from 7.2 to 2.5 minutes.

Employers, States, Consensus Standard

Although employers are not required to use the new protocols, the agency believes having alternative fit testing methods gives employers greater flexibility and can reduce the burdens of complying with the respiratory protection standard.

Because the protocols are part of an appendix to the respiratory protection standard, states administering their own workplace safety and health programs are not required to adopt them. However, OSHA strongly encouraged states to adopt the new protocols to provide employers additional compliance options.

The agency also said the new protocols are consistent with the industry consensus standard developed by the American National Standards Institute (ANSI) and American Industrial Hygiene Association (AIHA)—ANSI/AIHA Z88.10-2010, “Respirator Fit Testing Methods.” OSHA concluded the new protocols meet the evaluation criteria outlined in the consensus standard.

The final rule amending the respiratory protection standards is effective immediately.

Guy Burdick is a writer with EHS Daily Advisor, a BLR publication.

Use new delays to catch up to more stringent USP requirements

By: October 9th, 2019 Email This Post Print This Post

By A.J. Plunkett ( and Brian Ward (

Check with your state health department or board of pharmacy to see if you must still comply with the requirements under USP chapter <800> Hazardous Drugs—Handling in Healthcare Settings starting December 1.

While the U.S. Pharmacopeia (USP) announced another round of delays in September in implementing new requirements for pharmaceutical compounding, your local authority having jurisdiction (AHJ) may still require them, note compliance experts.

Even if you do have a reprieve, hospitals and other health care organizations should use the time wisely and continue efforts toward compliance. The revisions will be implemented eventually, maybe sooner than later, warns Kurt Patton, MS, RPh, a pharmacist and former director of accreditation services for The Joint Commission (TJC).

From “what I have read, it sounds like the appeal process is expeditious so people are assuming by the end of the first quarter 2020 it should again be official,” says Patton, founder of Patton Healthcare Consulting.

Pending industry appeals of some provisions under new and revised chapters USP <795> Pharmaceutical Compounding—Nonsterile Preparations and USP <797> Pharmaceutical Compounding—Sterile Preparations as well as the new chapter USP <825> Radiopharmaceuticals—Preparation, Compounding, Dispensing, and Repackaging delayed the scheduled December 1 implementation of those chapters.

Because new USP <800> Hazardous Drugs—Handling in Healthcare Settings refers to the other chapters, it is considered by USP to be “informational only” until the revisions are final.

Ensure EPA compliance: Ban all sewering of hazardous waste drugs

By: October 9th, 2019 Email This Post Print This Post

Review and update policies on the disposal of pharmaceuticals to prohibit the flushing of any drugs into the sewers. Experts say that may be the best way to ensure compliance with a new EPA regulation banning the sewering of hazardous waste pharmaceuticals that went into effect August 21.

The policy update also may help ease requirements on frontline staffers, who will no longer have to keep track of what they can and can’t flush down the drain. And it may even help you stay on the good side of federal regulators, who are encouraging the no-sewering of any drug as a best practice to protect water resources.

The August 21 ban on the sewering of hazardous waste pharmaceuticals is the first deadline set out in new EPA regulations published in a February final rule. That rule overall sets up a new category, Subpart P, under the federal Resource Conservation and Recovery Act (RCRA).

The ban is the only part of the rule that goes into effect at all healthcare facilities across the United States and its territories without exception. That’s because the EPA is declaring the ban under the authority set out by the federal Hazardous and Solid Waste Amendments (HSWA).

Other parts of the final rule, officially known as the “Management Standards for Hazardous Waste Pharmaceuticals & Amendment to the P075 Listing for Nicotine,” are under RCRA and must be approved in each state or territory that has its own RCRA-authorized program (more on that in a bit).

OSHA regulatory training requirements 2019

By: October 9th, 2019 Email This Post Print This Post

Use this chart to check worker safety training requirements for hospitals. This chart has been reviewed by healthcare and OSHA compliance experts, but may not be all inclusive for every facility. This link will open a editable Excel sheet HSL OSHA regulatory training requirments 2019 (1)

Subscribe - Get blog updates via e-mail

  • test
  • HCPro Broadcast Events Calendar