It was just after 9 PM on Sunday, October 20, 2019, and Dan Chambers, chief executive officer (CEO) of the Key-Whitman Eye Center in Dallas was at home watching the Cowboys-Eagles football game. Suddenly, tornado warning sirens began wailing and emergency messages flashed across his cell phone screen.

The next morning, Chambers surveyed the damage to the clinic and its attached ambulatory surgery center (ASC), along with Dr. Jeffrey Whitman, Key-Whitman’s president and chief surgeon, and Nikki Hurley, the director of nursing. “We had about $1.6 million worth of damage to our building,” Chambers says. “We had over 200 windows destroyed. The roof was partially destroyed. The air conditioning units were affected. Our power was down. Trees and power lines were down in the parking lot.”

Despite all the damage, Key-Whitman was able to resume nearly full operations in only about a week, thanks to what Chambers credits as their carefully planned out and executed emergency management plan. “Our insurance agent literally said, ‘You guys are the most amazing business in the area. You’re up and running in one week. You’ve accomplished things that nobody else could,’” Chambers recalls.

It’s safe to say that no ASC leader likes to think about the “what ifs”—what if we got struck by a tornado? What if we got flooded by a 1,000-year rainstorm? What if a fire tore through our building? But when “what ifs” turn into “what happened?,” will your staff be prepared to mount a swift, effective response to events like these? From ensuring that the surgical center has appropriate insurance coverage, to getting through the storm (or fire / flood / earthquake) and resuming operations, the preparations that ASC leaders make (or don’t make) can mean the difference between quickly getting back up and running and a long, drawn-out recovery—or worse, going out of business.

Ensure You’re Insured

Sufficient insurance coverage is among the most important ingredients of disaster preparation. Yet it may come as a surprise that some ASCs don’t carry enough insurance to cover their losses, says Vanessa Sindell, MSN, BSN, RN, CAIP, a senior consultant with Progressive Surgical Solutions, a division of VMG Health.

“As surgery centers, we all have our medical malpractice [and our] general liability insurance,” Sindell says. “But we do see instances in surgery centers where the building itself and the equipment inside isn’t always adequately insured.”

Insurance needs and risks vary with location and other factors, but policies that virtually every ASC should carry include business interruption and property insurance. The former compensates for lost income and ongoing expenses in the event an ASC is temporarily unable to operate due to a covered peril. The latter should cover not only the replacement value of the building, but also the equipment, supplies, and furnishings within.

“Just like you have insurance for the items inside of your home, you would want to have that for the equipment in your surgery center,” Sindell says. “Those are things like your femto laser, your phaco machines, your microscopes, all those big-ticket items.” She added that additional insurance to protect general inventory may also be worth considering.

Both Sindell and Chambers suggest that because ASCs often add or replace equipment, the insurance valuation of equipment should be updated annually. To ensure everything is covered, the review should include input from both the ASC owners and inventory management personnel.

Getting Through the Storm

An emergency management plan is another important aspect of disaster preparation. In 2016 the Centers for Medicare and Medicaid Services established emergency preparedness requirements for ASCs that accept Medicare and Medicaid. The requirements include developing and maintaining emergency policies and procedures, a communication plan, and training and testing programs. The Occupational Safety and Health Administration (OSHA) also requires ASCs to have emergency action plans as part of the agency’s general duty clause.

These plans must be specific to the ASC’s needs and vulnerabilities, and should take into consideration historical weather data, geographical location, and local climate conditions. They should also outline procedures for each type of natural disaster, including evacuation protocols, communication strategies, and staff responsibilities. All staff members should be trained on the plan and drills should be conducted at regular intervals to test their readiness.

Components of an Emergency Preparedness Plan

A comprehensive emergency preparedness plan (EPP) should be put together by the owners, directors, managers, and staff who work in various areas and should address both the ASC’s clinical and business operations, Sindell says.

“There’s always a divide between the clinical and the financial, or the business side, and it’s important to ensure that the people on both sides collaborate in developing the plan,” she says. “The problems and concerns that I may think of, as a clinical person, may not be what you would think of as the person who runs the financials. That way, you cover all the bases.”

Within the surgery suites, the EPP is going to focus largely on ensuring staff and patient safety and communication. If disaster strikes while patients are on site, a transfer policy should be in place that governs where patients will be transferred, who will transfer them, and how they will be transferred.

“Most surgery centers have a transfer agreement in place, but they haven’t necessarily had to use it in a disaster situation, where we’re trying to evacuate patients who are under sedation, as an example,” says Sindell.

She also advises ASC owners and facility managers to maintain a roster with current contact information, including cell phone numbers and email addresses, for all staff, as well as for equipment and supply vendors, insurance companies, and state and federal agencies.

“That is often overlooked and is a major part of any disaster plan,” Sindell says, noting that such a directory is essential to communication in the immediate aftermath of a disaster. “I can’t tell you how many times we go into surgery centers, and they don’t have a current, updated roster.”

With respect to business operations, an ASC’s emergency preparedness plan should address the protection of electronic health records and other aspects of the information technology (IT) system. This way, records can be secured and accessible and insurance claims can still be processed, even if patient care itself is interrupted for a time.

“We have a private cloud where our information is stored off site in an AT&T server farm, and then we also have a backup in Atlanta, so we have multiple backups of information should something happen,” Chambers says.

“Most [EHR] systems are now cloud-based, but sometimes they’re not,” Sindell says. “Having your records saved and backed up to the cloud is a huge advantage” in the midst of a disaster.

Set Up a Command Center

In the midst and immediate aftermath of an event that takes down an ASC, communication and coordination are vital. In Key-Whitman’s case, Chambers says he immediately established a “remote command center” in his home, from which he communicated with managers and staff, delegating various tasks and responsibilities. These included liaising with local emergency responders, notifying the ASC’s vendors, reaching out to patients to reschedule procedures, and enlisting the assistance of insurance, recovery, and reclamation companies.

“The building was unusable with no power except from our ER generator,” he recalls. “Basically, I was at home for the first three days, communicating on an every-30-minute basis. I was coordinating services, coordinating with the managers, Hurley was overseeing the ASC recovery effort, and our CFO was coordinating with the insurance company.” He said a local retina center also offered his team the use of its conference rooms and other resources.

“They invited us to use whatever resources they had, so we used their conference room and their phone systems, which were not damaged, to communicate with each other on what we were going to do and how we were going to do it,” he says.

Ultimately, thanks to the swift, coordinated response of the staff and outside disaster recovery services, the practice and its ASC were able to return to essentially normal operations within a week, even while roof, window, and other repairs took several more months; full recovery and insurance payments took 18 months.

Cyberattacks and Active Shooters

Major storms, fires, and earthquakes aren’t the only disasters ASCs must guard against. Cyberattacks and active shooter incidents are growing threats of their own against the safety and security of ASC staff, patients, and operations.

Cyberattacks include ransomware, data breaches, and other forms of malicious activities that target health care systems and patient data. In a recent survey by AT&T, almost 64% of health care organizations ranked attacks against server/data at the network edge as cyber threats of highest concern to them. About the same number said their greatest threat was cyberattacks against associated cloud workloads.¹

“I’ve been in nursing for almost 20 years, and I remember when they started hammering down on HIPAA and patient privacy and all of that, and I thought there is no way someone is going to hack into a medical facilities server, since we were still doing paper charting,” says Sindell. “But here we are today, and there are so many aspects of security when it comes to cybersecurity, ransomware, and the protection of health information, and it is a huge risk for surgery centers.”

Chambers says two years ago his facility’s IT service provider was the target of a ransomware attack that locked down much of Key-Whitman’s data for some two weeks, forcing the staff to rely on paper-based records and documentation during that time. “We had backup systems for handling the paperwork and the information to take care of the surgical patients,” Chambers says.

Progressive Surgical Solutions offers a template that ASCs can use to help build their own cybersecurity policies. The template covers such items as who can be authorized to access various types of data; where, when, and how data can be accessed; and action to be taken in the event a breach is discovered.

Although active shooter incidents remain rare in health care settings, they do happen. A nurse and social worker were killed at Methodist Dallas Medical Center in Dallas last October. Four people were killed at a Tulsa, Oklahoma, medical office building in June 2022. And an overall increase in mass shootings nationwide has many health care facilities conducting active-shooter drills to prepare for such incidents.

“The Department of Homeland Security, your local office, will come in and do active shooter drills in your facility for free,” says Sindell, who noted that her organization recently hosted a webinar on preparing for such incidents. “After we did that webinar, I can’t tell you how many of the surgery centers we’ve worked with did an active shooter drill,” she says. “It’s such a big thing right now.”

Progressive also offers a policy template that covers how to respond to an active shooter incident.

Preparing for the Unexpected

Implementing measures like those outlined here can go a long way toward helping ophthalmic ASCs better protect against, prepare for, and respond to natural disasters, ultimately minimizing downtime and ensuring the safety of staff and patients.

“Don’t think of drills and the preparation as just part of checking a box,” Sindell says. “Actually spend time and focus on the steps that would need to be taken if an emergency did happen, because they can happen, as we all know.” ■

REFERENCES

1. Lanowitz T. AT&T Cybersecurity Insights Report: A Focus on Healthcare. AT&T Business. February 22, 2022. Accessed June 23, 2023. https://cybersecurity.att.com/blogs/security-essentials/att-cybersecurity-insights-report-a-focus-on-healthcare