Engineering

Conducting assessments of electrical system risks

Discovering and protecting against external and internal power vulnerabilities
|

Any external or internal electrical power equipment item can fail and any single room can become untenable for equipment operation.

Image by Getty Images

Because ongoing changes in health care facilities can affect electrical system operations, the original failure procedures can lose their significance, creating inadvertent difficulties between original concepts and current needs. Effective procedures should include all potential existing failure modes (both external utility failures and internal failures) with the most effective and appropriate responses.

Unexpected failures are not the only issue — both planned and unplanned shutdowns can have adverse consequences if ongoing changes have not yet been factored into shutdown procedures. Among other considerations, the big picture asks: Which risks are most challenging? How accurate and effective are the failure procedures? Who can safely follow them? 

Another potential risk mitigation opportunity can be equipment nameplates (e.g., controls, breakers and switches) that have not been validated or modified after other equipment load changes occurred. Inaccurate nameplates or panel directories can lead to mistakes in responding to adverse conditions or authority having jurisdiction (AHJ) citations. By the same token, inaccurate, outdated or nonexistent failure procedures can adversely affect the response and ability of a health care facility to return to approved normal operations as quickly and carefully as possible.

The most effective processes for mitigating electrical system risks in health care facilities are discussed here.

Utility management plans

Multiple processes can be included in utility management plans and detailed subsidiary policies and procedures invoked by those management plans as well as the electrical power portion of emergency management operations procedures.

While current Centers for Medicare & Medicaid Services (CMS) requirements invoke the 2012 editions of the National Fire Protection Association’s NFPA 101®, Life Safety Code®, and NFPA 99, Health Care Facilities Code, along with several dozen referenced codes and standards, facilities professionals may also want to consider two more recent NFPA publications.

Although not mandated by CMS, the 2023 edition of NFPA 70B, Standard for Electrical Equipment Maintenance, is the very first such NFPA standard, superseding the previous NFPA 70B recommended practice documents. Readers may want to obtain and review NFPA 70B-2023 and compare it against previous recommended electrical maintenance processes. The NFPA 70B-2023 Annex K on electrical disaster recovery, starting on page 197, is a seven-page informational source with photos for disaster recovery of electrical equipment and systems. 

Likewise, the 2024 edition of NFPA 70E, Standard for Electrical Safety in the Workplace, is also not mandated by CMS; or the Occupational Safety and Health Administration (OSHA), which addresses electrical safety issues. Regardless, electrical safety is an electrical power system risk mitigation process, and this latest edition contains new changes worth considering for electrical hazard elimination.

The electrical power system portion of a typical utility management plan has numerous objectives. Among them are providing a safe environment, minimizing electrical failure risks, maintaining electrical systems for reliable operations and maintaining effective procedures for addressing any equipment failures while minimizing their impacts.

Like some other utility systems, electrical equipment can be subject to change — especially equipment connected to panelboard circuit breakers, motor control center starters and larger switchboard breakers. Such equipment directories and labels must always be accurate and in compliance with AHJ requirements. Inaccurate information in such cases cannot only result in adverse AHJ survey findings but can also result in inaccurate emergency procedures and even dangerous decisions during other challenging situations.

As with other utilities, electrical power systems are required to have accurate emergency utility procedures for responding to disruptions or failures. Those procedures sometimes may not have been reviewed and updated when equipment or intended response protocols changed. Staff changes may also have occurred, resulting in the responding staff member not having been adequately trained for the actual situation at hand.

Additionally, electrical equipment sometimes may not be maintained when planned. Because properly maintained equipment is safer to operate and results in fewer unplanned interruptions, prioritizing electrical maintenance will increase safety and decrease risks.

The National Institute for Occupational Safety and Health’s hierarchy of controls rates the effectiveness of safeguards.

Image from the Centers for Disease Control and Prevention website

The most common cause of dangerous arc flash accidents is human error. OSHA is recommended as a source of information and guidance resulting in workers (employees and others) avoiding dangerous accidents. The National Institute for Occupational Safety and Health hierarchy of controls (see graphic above) rates from most effective to least effective the safeguards “elimination,” “substitution,” “engineering controls,” “administrative controls” and, finally, “personal protective equipment.” NFPA 70E also follows this hierarchy.

Finding vulnerabilities

Facilities personnel can find emergency power vulnerabilities by assessing their installations, operations, knowledge, communications, maintenance, electrical safety, contingency planning and hidden common-mode failure potential for their effect on reliability, availability and dependability. 

In systems engineering, dependability is a way to measure a system’s availability, reliability and maintenance support. Reliability is often considered the probability that a system operates and gives the same result on successive trials. Availability, on the other hand, can be considered the probability that a system will be able to function at any instant required, including within the next instant and for as long as required from that point. 

It is incumbent upon health facilities professionals to find vulnerabilities and mitigate them. This can be accomplished with gap analyses, risk assessments, vulnerability assessments and through other means.

Quite simply, a gap analysis is a process for change. It enables users to determine what changes are needed or wanted, and then it facilitates the process of getting there. A generic gap analysis requires that facilities professionals answer the following questions: Where is the facility staff now? Where does it want to be? What does it need to do to get there? How does it accomplish this?

An emergency power gap analysis asks the following questions: What is connected to emergency power now? What else needs to be connected to emergency power? What should be done in the short term? How can the facility staff get there in the long term?

A similar approach can be used to address normal or emergency power system vulnerabilities, or even a strategy to eliminate or mitigate power failures. For instance, a gap analysis can be used to address the results of a power system vulnerability analysis to answer the following questions: How vulnerable is my normal or emergency power system to failures? Where are my vulnerabilities, and to what types of postulated failures? What vulnerabilities do I want to eliminate? What do I need to do to eliminate or reduce those vulnerabilities? How do I accomplish that?

A gap analysis strategy for power failures might look like the following:

  • Define concerns, policies, urgency, data needed and metrics. Is the facilities staff concerned about external or internal disasters? Is it concerned about full or partial power loss? What needs to continue operating?
  • Assess current situation. This activity requires load lists and power source lists. What temporary wiring was used for the last power shutdowns? This assessment identifies areas, services and loads that need to continue operating even when the power was no longer available. What lessons were learned by the organization itself and by others? 
  • Analyze data and summarize gaps. This analysis will look at infrastructure equipment and electrical systems. It will also address listed areas and the power systems that serve those areas.
  • Develop recommended actions. The recommended actions for a power system gap analysis might involve additional generation, distribution, modifications to existing systems and power failure procedures to address infrastructure gaps.
  • Determine strategies to bridge gaps and recommendations. Consider specific areas and look at the options for dealing with power failures that are affecting those areas. The brainstorming session records areas and results. Further discussion can then address the options for long-term improvements to mitigate the effects of future failures.
  • Determine best short- and long-term options. Consider, analyze and rank preferred approaches. 
  • Develop action plans. Action plans for power failures identify the best course of action developed for immediate use. They might also include acquiring new generating capacity or rental units. These action plans should be as specific as possible (e.g., how portable generators will be wired into a power system safely and then removed safely later). All stakeholders should participate in action plans.
  • Implement action plans. This could require more funding if infrastructure improvements are required.

Failure procedures

Any external or internal electrical power equipment item can fail, whether it is a utility circuit, switchgear lineup, transformer, motor control center, generator, paralleling switchgear, transfer switch, panelboard, battery, flywheel or other uninterruptible power supply technology, distribution riser or feeder, or other piece of equipment. Similarly, any single room can become untenable for equipment operation, including rooms housing many of these items and even different pieces of equipment intended to be redundant to each other.

Matching switchboard breaker naming and tags with validated failure procedures can minimize the chance of errors.

Images courtesy (from left) of Eaton and Siemens

In case of normal power failures, health facilities professionals should expect power at emergency (red) outlets only, emergency lighting only in affected areas and critical equipment fed from emergency power to be operating. Staff should ensure life support and other critical equipment are plugged into emergency (red) outlets and remove any nonessential items from these outlets. Staff in impacted areas should have flashlights.

In case of emergency power failures, facilities professionals should expect power only at normal (non-red) outlets in affected areas; most normal lighting will still be available. Staff should ensure life support and critical equipment are plugged into normal (non-red) receptacles as long as emergency power is not working. Staff should remove any nonessential equipment from red outlets and plug it into normal power outlets. Staff in impacted areas should have flashlights.

Utility equipment failure procedures are very important and work most effectively when they are accurate, thoroughly considered, consistent with control device nomenclature in the field and make sense to the staff who will be required to follow them during emergency conditions. Frequent training on the procedures helps ensure effectiveness. 

Documentation should also be accurate and regularly updated to reflect the potential loss of institutional memory over time. Typical documentation that may require review and updates over time include utility system drawings, one-line diagrams, flow diagrams, riser diagrams and layouts when changes occur. Proactive updates may become challenging but, in many cases, will help avoid mistakes during unexpected response activities.

Facilities professionals should ensure both equipment and pathway shutoff devices and other control devices are correctly and effectively labeled. They should also use that labeling in the utility failure training and related drills or exercises. Additionally, they should make sure all utility failure procedure documentation, system reference documentation and field-installed labeling are consistent with each other to avoid adverse consequences.

Professionals should also consider how they might address the following sources as potentially common root causes of hospital utility infrastructure equipment failures: any component failure that reasonably could not have been anticipated or prevented by inspection, testing or maintenance; equipment mishandling or misuse; inadequate or incorrect instructions, procedures or processes; harmful wear and tear that was not corrected by maintenance; hazardous sabotage, vandalism, malware or hacking; failure of incoming utility service with inadequate on-site backup; or the unavailability of another necessary component.

Constant changes

Health care facilities professionals know that health care power systems infrastructure and management are not static environments; in fact, many would say it is an environment of constant change. Among their many challenges is to maintain control of facilities, equipment and personnel changes with their associated power system management. 

Some challenges include finding unknown vulnerabilities and then mitigating them, using a gap analysis to change an existing issue and training a soon-to-retire employee how to share that critical institutional memory before it is no longer available. Another challenge includes maintaining updated utility failure procedures that will match the responding staff’s reality test. 

Not all processes, such as failure procedures, meet ongoing requirements. Sometimes, planned shutdowns for inspections, testing, maintenance or even equipment modifications can also provide opportunities for improvement when it is realized the existing instructions should be modified to provide additional safety and other improvements. 

Equipment locations can also have an impact on potential future failures. This potential can be identified and then mitigated with a well-documented gap analysis and vulnerability analysis.


David L. Stymiest, PE, CHFM, CHSP, FASHE, is a senior consultant at Smith Seckman Reid, Nashville, Tenn. Although he is a primary NFPA voting member and was previously the 10-year chairman of the NFPA Technical Committee on Emergency Power Supplies, all views and opinions expressed in this document are purely those of the author and shall not be considered the official position of NFPA or any of its technical committees and shall not be considered to be, nor be relied upon as, a formal interpretation. Readers are encouraged to refer to the entire texts of all referenced documents. Stymiest can be reached at dstymiest@ssr-inc.com.

Related Articles