Checklist

The Joint Commission issues alert for natural disasters

Plus: ASHE seeks comments on NFPA cybersecurity chapter, agencies publish guide on OT cyberprotection, CMS updates lab immediate jeopardy rule
|

The Joint Commission issues alert for natural disasters

The Joint Commission issued a Sentinel Event Alert cautioning health care facilities against environmental disasters, such as hurricanes, tornadoes and wildfires. The accrediting organization cites the increase in natural disasters as the impetus behind issuing the alert, stating that 2023 was the fourth consecutive year in which the U.S. saw 18 or more separate billion-dollar disaster events. The alert provides several action steps (many of them required by code) that health care organizations can take to protect their facilities, such as conducting a hazard vulnerability analysis, developing an emergency operations plan and establishing a resilient communications structure.

ASHE seeks comments on NFPA cybersecurity chapter

The National Fire Protection Association (NFPA) is requesting feedback on a newly proposed chapter focused on cybersecurity for the 2027 edition of NFPA 99, Health Care Facilities Code. In light of past cybersecurity breaches involving building systems, the American Society for Health Care Engineering (ASHE) endorses the effort to create general cybersecurity standards or regulations to help prevent future incidents and mitigate their impact on patient care. ASHE is encouraging input from its members on the proposed chapter to ensure that the requirements effectively protect hospitals and their patients without creating unnecessary burdens. Feedback to ASHE must be submitted by April 1.

Agencies publish guide on OT cyberprotection

The Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI, Environmental Protection Agency, Transportation Security Administration and international agencies published a guide that provides considerations for organizations to select and secure operational technology (OT) products. The guide suggests owners select products from manufacturers prioritizing security elements such as configuration management, logging in the baseline product, open standards, ownership, protection of data, secure communications, strong authentication and more. The agencies emphasize that when cyberthreat actors seek to compromise an organization by hacking into OT components, they tend to target specific OT products rather than specific organizations.

CMS updates clinical lab immediate jeopardy rule

The Centers for Medicare & Medicaid Services (CMS) issued QSO-25-09-ALL, announcing that all guidance for clinical laboratories that was previously included in Appendix Q, Guidance on Immediate Jeopardy, was moved to the new Subpart XI, Clinical Laboratory Improvement Amendments of 1988, with specific immediate jeopardy policies for clinical labs. CMS announced that Subpart XI has been revised to reflect that laboratories that have been cited for immediate jeopardy can choose to cease testing operations to remove the immediacy of the citation. Laboratories that choose this route will be given 90 days, rather than 23 days, to correct the root cause of the deficiency, issue corrected reports and establish a mechanism to monitor the effectiveness of the actions.

Related Articles