Resilience in health care can only be served if a hospital is prepared to face the worst. By taking proactive steps and making concrete plans to further the disaster preparedness of a health care facility or system, engineers will be better equipped to answer the call of their communities during dire situations.

In addition to being resilient to natural disasters, hospitals also must be prepared for other disruptions, such as power outages, water shortages, or infrastructure failures — all of which impair their ability to provide lifesaving care to their vulnerable patient population. Without a clear plan and definitive course of action in place ahead of time, a hospital could be left scrambling to recover, putting patients and staff at risk and leaving the designer liable.

Without a doubt, establishing a disaster-resilient health care institution is becoming an exceedingly more complex problem. Even hospitals that feel confident in the resiliency of their buildings and contingency plans may find gaps and inconsistencies with the reality of today’s changing world. Natural disasters, like the 2011 tornado in Joplin, Missouri; the wildfires in California; and the flooding from Hurricane Sandy in 2012, have always been a risk. However, due to the changing planet, the frequency and severity of these events is increasing. Beyond natural disasters, hospitals also need to plan for how they would respond to catastrophes, such as an active shooter or other mass casualty events. Other risks include an infectious disease outbreak that could cripple a region and induce panic or a cyberattack, which could lead to financial loss or a breach in patient privacy.

With such a broad range of threats that can occur, how can one ensure a hospital is adequately prepared? Further, assuming the requirements for health care resiliency will continue to evolve, how can one ensure a hospital remains adequately prepared?

FIGURE 1: Even hospitals that feel confident in the resiliency of their buildings and contingency plans may find gaps and inconsistencies with the reality of today’s changing world. Photo by Camilo jimenez on Unsplash

Answering these questions first requires an understanding of four commonly accepted characteristics of infrastructure resiliency, as defined in 2009 by the National Infrastructure Advisory Council:

  • Robustness: The ability to maintain critical operations and functions in the face of crisis. This includes the building itself, the design of the infrastructure (office buildings, power generation, distribution structures, bridges, dams, levees, etc.), and in system redundancy and substitutions (transportation, power grid, communications networks).
  • Resourcefulness: The ability to skillfully prepare for, respond to, and manage a crisis or disruption as it unfolds. This includes identifying courses of action and business continuity planning, training, supply chain management, prioritizing actions to control and mitigate damage, and effectively communicating decisions.
  • Rapid recovery: The ability to return to or reconstitute normal operations as quickly and efficiently as possible after a disruption. Components of rapid recovery include carefully drafted contingency plans, competent emergency operations, and the means to get the right people and resources to the right place.
  • Redundancy: Having backup resources to support the originals in case of failure.

Using these traits as a benchmark, one can begin to take an informed look at the main resiliency issues facing a health care facility:

  • Structural integrity;
  • Mechanical, electrical, and plumbing (MEP) infrastructure;
  • Physical security; and
  • Cybersecurity.

Defining a Hospital’s Structural Integrity

FIGURE 2: Natural disasters may be unstoppable, but that doesn’t mean a hospital can’t take intentional and necessary steps to lessen their impact. Image courtesy of Bernard Hermant-Unsplash

When natural disasters strike, hospitals and health care systems are on the front line of ensuring community safety and resiliency. However, this purpose can only be served if a hospital is prepared to face the worst. Natural disasters may be unstoppable, but that doesn’t mean a hospital can’t take intentional and necessary steps to lessen their impact.

The specific natural disasters one should be concerned about — and many of the specific actions an engineer should take in response — depend on geographic location. Remember, there’s no such thing as being too prepared. While the structural and architectural design of a building doesn’t necessarily need to address every potential natural disaster, it should be able to withstand common events for a specific area as well as potentially devastating but unlikely chance occurrences, such as fire. In addition to establishing procedures and educating staff on hospital policies in the event of these disasters, one should consider these questions:

Do those involved want the hospital to be a community beacon?

Assuming the hospital makes it through whatever disaster befalls the community, those involved will need to consider whether they want the hospital to become a community beacon — a place where communities often turn for safety and as a gathering place amid chaos and tragedy. It’s not uncommon for people with nowhere else to go during a disaster to go to a hospital, even if they don’t need medical care. If the hospital could potentially serve this purpose, procedures will need to be enacted to ensure it is prepared to do so. First and foremost, is the designation of a disaster response area — ideally one that is hardened against potential disaster effects and prepared to take on an influx of people.

Does the physical design of the building pose any challenges?

Consider how the layout of a building would function in a disaster. For instance, are emergency generators or backup fuel pumps in the basement? If so, this could leave a hospital without these critical systems in the event of a power outage if the basement experiences flooding. Also, consider the locations of the emergency exit stairwells in the building. Ideally, they should discharge into remote areas of the hospital that aren’t at high risk for damage or physical attack. In order to create safe fire exits, stairways should also be maintained with positive pressure from a clean source of air, which will help keep smoke and toxic fumes out. Since there are numerous variables in the physical design of a building that could become hazardous during a natural disaster, the safest and most thorough course of action is to conduct a full building vulnerabilities assessment with a professional.

Is the hardness of the building prepared to handle adverse conditions?

During a natural disaster, a building could be subjected to high winds and substantial rains. By hardening a building to take on these outside forces, a designer can ensure critical areas remain safe and damage is minimized, allowing a hospital’s functions to continue. While building codes require the facility be able to withstand a certain wind level, further hardening may be necessary if hurricanes and tornadoes are common in that area.

While many hospitals wait until it is too late to make structural changes designed to improve resiliency, there’s no such thing as being too prepared. Preemptively improving the resiliency of a hospital through architectural and structural changes can make all the difference in a facility’s ability to withstand a disaster.

FIGURE 3: To ensure a facility can remain operational during such an event, the MEP infrastructure needs to be sufficiently protected and hardened. Photo by André Ulysses De Salis from Pexels

Four Key Areas of MEP Resilience

When a natural disaster strikes a community, a hospital can serve as a beacon of safety — but only if the facility’s vital systems have not been compromised. Without adequate power, ventilation, and water, a hospital quickly loses its ability to provide service and safety to patients and staff.

To ensure a facility can remain operational during such an event, the MEP infrastructure needs to be sufficiently protected and hardened. The first step toward increasing this resiliency is to determine what level of continuity systems will need to maintain in the event of a disaster. Next, consider the types of threats systems may encounter and what vulnerabilities they would face against those threats.

While the best course of action is to have an MEP engineer thoroughly assess a facility’s risks and gaps, the following provides a high-level preview of the four main risk areas of concern.

1.Location of building system equipment — It’s not uncommon for facilities to have electrical equipment and emergency power infrastructure located in the lower level. While it might initially seem to be a good idea to have these systems in non-premium spaces, locating them in the lowest level of a building increases the risk of flood damage. This is especially dangerous if a hospital is in a floodplain or a building is at or below sea level.

During the planning stages, one of the simplest steps a designer can take to reduce the risk of flooding affecting the MEP systems is to locate critical equipment on higher levels. For example, the generators at Memorial Medical Center in uptown New Orleans were able to withstand the initial impact of Hurricane Katrina in 2005, but the flooding in the following days reached the emergency power transfer switches, expediting the evacuation of the facility.

2. Hardness of systems — Hardness refers to the process of reinforcing individual systems within a hospital to make them more resilient against disaster. For example, during the planning stages of the Advocate Aurora Summit Hospital in Wisconsin, it was decided to locate the central utility plant 500 feet away from the hospital, connected with a utility tunnel. One of the main drivers for segregating the central utility plant from the main hospital was to hedge against a disaster impacting both locations simultaneously. The remote plant also allowed for the space to house underground fuel storage to allow the generators to run for 96 hours.

3. Redundancy — Baseline redundancy for critical infrastructure items, such as boilers, medical gas, and power, are required by code for health care facilities, but additional redundancy should be a key consideration when evaluating the resiliency of the MEP systems. For instance, assume the building load is 1,000 ton of cooling and the facility is equipped with two 500-ton chillers. If one chiller breaks down or is compromised, the facility will only have 50% of the required cooling capacity available. To safeguard against this potential problem, an engineer could plan for one of the following:

  • Purchase a backup 500-ton chiller to have on hand in case of emergencies;
  • Have three 500-ton chillers to have an N+1 capacity, or, in other words, 100% backup available should a single chiller fail;
  • Upsize both chillers to be 750 ton, so 75% of capacity will be present if one fails; and
  • Install outside piping to bring in an emergency backup chiller when needed.

Though this example is specific to water chillers, the importance of having redundancies and backup plans can be applied to all necessary systems and processes in a hospital. For instance, consider the plumbing system. What would a designer do if a resident could no longer flush toilets? This leads to the next consideration: potable water.

4. Potable water — Other than pallets of bottled water, it’s rare for hospitals to store water. This can lead to significant problems if something interrupts the water supply. How will an individual flush toilets or wash and sterilize equipment? How much drinking water will the facility require over a certain time period?

To answer these questions, first determine how much water usage a facility needs. A week’s worth of water might not be as much as one thinks. Once the usage is understood, a designer can make an informed decision of how much water will be needed in an emergency. While on-site water storage is the best solution to this potential problem, a facility manager can also contract with a pumper truck to be available in emergencies.

One also can enact procedures to save and reuse water. Plan to shut off water to designated, nonessential areas of the hospital, use recycled water to flush toilets, or install a roof drain for condensation recovery.

By proactively addressing these four potential MEP system vulnerabilities, a designer can avoid the challenges and tragedies that can occur when disaster strikes.

FIGURE 4: Physical security may be strengthened by leveraging architectural elements to create secure environments. Photo by Sora Shimazaki from Pexels

Enhance Hospital Security through CPTED Principles

One of the most effective ways to increase a hospital’s physical security without creating an overly institutionalized aesthetic is by leveraging architectural elements to create secure environments. These strategies are called crime prevention through environmental design (CPTED) principles. Here’s how designers can incorporate them — as well as other strategies — into an exterior and hospital entrance design.

  1. Restrict the access points to the building — Designated, specific entrances for public access allows for easier monitoring and secure visitor screening. Utilizing vegetation and various architectural elements can help drive people away from entrances a facility manager doesn’t want them to use and toward the main entrance. While a facility needs to have numerous egress doors to be up to code, there are steps designers can take to ensure emergency exits are only used in the case of an emergency. With proper signage, alarms, camera monitoring, and even removing the entrance-side door hardware, a facility can better control which doors permit entry into the hospital.
  2. Separate visitor and employee parking lots — One of the biggest physical security concerns every hospital should have is for its staff. To limit the potential for dangerous interactions, keep public access points separate from employee access points. By establishing a perimeter boundary for an employee parking lot, an extra level of protection is created within the parking area, so staff can move back and forth to their vehicles safely.
  3. Utilize effective parking lot lighting — More than brightly lit parking lots, a facility needs evenly lit parking lots. When lighting is too bright in some areas, it can have the effect of making other areas seem darker. Instead of using big, bright lights, aim for smaller, more frequent lights that have a high level of distribution over parking lots. This can play a significant role in security by increasing visibility and improving camera coverage. The use of bollards is one of many CPTED principles that can be employed to increase the physical security of hospitals.
  4. Create vehicular boundaries — Since pedestrian traffic needs to be protected from vehicular traffic, creating a clear separation between the two can minimize incidents. For example, instead of just a crosswalk, consider using pavement changes, lighting changes, and rumble strips to draw attention to the separation. CPTED principles may also be used to restrict vehicle access to buildings through bollards and curbing. Just ensure the restrictive elements being used have practical stopping power rather than just aesthetic appeal.
  5. Limit access to ambulance delivery areas — Separating the ambulance delivery area from the public emergency entrance will limit confusion and ensure an intruder isn’t gaining access to your hospital through a vulnerable and often chaotic area. This can be as simple as creating an environment the public won’t be drawn to or isn’t readily visible from the front of a hospital, which can be done with additional vegetation or barriers.
  6. Consider after-hours traffic — It’s not uncommon for hospitals to have all after-hours traffic enter through the emergency department. While this is a fine solution, it’s still important to consider what this policy does to a facility’s parking access. How far away from that entrance are people going to have to park? What kind of exposure will they have while walking to and from their cars? In order to make this a safe option, a facility manager may need to consider additional lighting and protective barriers.
  7. Utilize glass vestibules as boundaries for secure entry — The entrance to a hospital should be warm and welcoming — but it also needs to be safe. Fortunately, security can be increased by creating a glass vestibule to act as an additional set of doors necessary to gain entry. Depending on the location of the hospital and the risk for gun violence, staff could consider making the entrance glass bulletproof. At minimum, the facility should have laminated glass so it won’t immediately shatter if hit.
  8. Make emergency departments escapable — Admitting and waiting areas in emergency departments are often high-stress spaces in which tempers can flare. To protect employees working in these areas, create safe points and escapable options in case they feel threatened. For instance, while a desk can act as an initial boundary, having an additional exit behind the desk through which the employee can slip out if threatened adds an extra layer of protection.
FIGURE 5: Guarding against vulnerability goes beyond protecting computers and tablets — it should be a single, unified process that considers IT, building systems, and clinical equipment holistically as opposed to separate system silos. Photo by Tima Miroshnichenko from Pexels

A Holistic Approach to Health Care Cybersecurity

Like most industries, the health care sector uses connected networks to improve efficiency and leverage data. But, with this connectivity comes a major risk of cyberattacks.

Without thorough cybersecurity, A hospital’s cyber infrastructure may be vulnerable to a malicious breech. And it’s not just outside hacking attacks that staff need to worry about — intrusions can be introduced inside a network from an infected USB flash drive or through a vendor unknowingly creating an unprotected connection to the outside world.

A health care cyberattack likely occurs for one of two reasons: Accessing electronic health records to sell on the black market and hijacking systems and preventing access until a ransom is paid. Both types of attacks can be devastating for a hospital’s reputation and its ability to continue to function. Unfortunately, creating a secure cyber network in today’s hyper-connected world is a bigger challenge than some hospital IT departments may realize.

The Internet of Things (IoT) refers to all the daily devices and everyday objects that are now enabled with network connectivity. Objects that formerly were not connected to the network — like appliances, light switches, and televisions — now are all connected and are collecting and sharing massive amounts of data. This same concept can be applied to a hospital building through the “Internet of Buildings” or IoB.

More than any other building type, hospitals have a significant number of potential smart devices, building systems, clinical equipment, and other leading-edge technology that can be connected, providing countless opportunities for workflow and systems to be more efficient and easily controlled. Everything from window shades to thermostats can exist in technological harmony with building systems, information technology systems, and clinical systems on one unified network.

However, while designing a hospital to achieve this level of connectivity has many benefits, it also opens the facility up to greater vulnerabilities. Each device that is connected to a network represents a potential intrusion point from a cybersecurity perspective. An IT department may not even be aware of the access points to the network created by less-technical devices that wouldn’t fall under its purview.

Hospitals can best protect their cyber infrastructure from malicious attack by taking a holistic approach to cybersecurity. This involves more than protecting the computers and tablets in the hospital. This starts with approaching the planning of the hospital with the understanding that designing information technology, building systems, and clinical equipment can no longer be carried out in silos. There must be a single, unified process that considers those systems holistically.

As the connectivity of devices and objects in a building grows, many hospitals also are utilizing cloud-based storage. Shifting the storage and processing of sensitive medical data and hospital servers to a third-party cloud provider with expertise in cybersecurity also protects the data at a level that few hospital systems can match. In addition, any intrusion that could come through a device on the IoB at the local level would be impeded from accessing important patient data because of improved network segmentation.

However, this solution won’t be the right fit for every hospital. The decision to have portions of a network be cloud-based or on-premises involves multiple considerations.

With so many systems with network connections — from audio/video systems to security systems to clinical equipment — a hospital may have hundreds of different types of devices that utilize some type of connectivity. Recognizing the vulnerability this creates and expanding the concept of cybersecurity to holistically protect against all potential threats is the first step in creating a more resilient hospital cyber infrastructure.

In Summary: 10 Key Areas for Hospital Disaster Preparedness

Establishing a disaster-resilient health care facility is becoming an exceedingly more complex problem, and even hospitals that feel confident in the resiliency of their buildings and contingency plans may find gaps and inconsistencies with the reality of today’s changing world.

In IMEG’s health care resiliency guide, the firm addresses five key areas or situations in which any hospital may be vulnerable: natural disasters and structural integrity, MEP infrastructure, physical security, mass casualty events and infection outbreaks, and cybersecurity. Based on this guide, here’s a checklist of key items to consider while addressing resiliency at your facility.

  1. Cybersecurity: Guarding against this vulnerability goes beyond protecting computers and tablets — it should be a single, unified process that considers IT, building systems, and clinical equipment holistically as opposed to separate system silos.
  2. Temporary utility connections: Ensure the facility has a backup generator and redundancy for chilled water and boilers.
  3. Contingency for potable water: If a supply is interrupted, how will one flush toilets, wash and sterilize equipment, or provide drinking water? Determine how much water one needs, whether on-site storage is applicable or if a pumper truck should be contracted. Then, enact procedures that save and reuse water (e.g., using recycled water to flush toilets or installing a roof drain for condensation recovery).
  4. Infrastructure equipment location: Locate critical MEP equipment on higher levels of a facility to reduce the risk of flood damage – particularly if the hospital is in a floodplain or below sea level.
  5. Access control: Restrict access points to the building for easier monitoring and potential visitor screening. Separate visitor and employee parking lots and use evenly lit, well-distributed lights to increase visibility and improve security camera coverage.
  6. Emergency command center: Is the emergency response room hardened or located below grade? Ensure the facility has emergency power, access, and lighting in the event of a natural disaster.
  7. Hardness of systems: Reinforce individual systems within the hospital to make them more resilient against disasters.
  8. MEP infrastructure redundancy: Baseline redundancy for critical infrastructure systems (such as boilers, medical gas, and power) is required by code for health care facilities. However, additional redundancy should be a key consideration for disaster preparedness. Consider what would happen if any component of major infrastructure failed — and how staff could safeguard against this potential problem.
  9. Infrastructure loading shedding: Provide a detailed plan for how units can be shut down, whether manual or automatic. Also, provide a prioritization matrix and test it often.
  10. Planning and practice: Research and gather information for the facility and then create a risk analysis and prioritization matrix. From this, a strategic resilience plan and operations, readiness, and training framework can be prepared.