In a disaster or emergency, the question may come down to two factors: 1. Whether or not officials of the entity knew there was a possibility that such an incident could happen, and 2. The types of plans it had in place to address or mitigate the possibility. By having a capable NFPA 1600/NFPA 1561 system/program in place that is synchronized with NIMS, the entity can prove it has paid due-diligence to its vulnerabilities and show it has attempted to mitigate the effects.
The U.S. Department of Labor’s Occupational Safety and Health Administration’s (OSHA) General Duty Clause may also come into play subsequent to a disaster or emergency. An employer can be cited for violation of this clause if a recognized serious hazard exists in its workplace and the employer does not take reasonable steps to prevent or abate the hazard.
Additionally, certain government grants require NIMS implementation for consideration such as the Emergency Response and Crisis Management (ERCM) Grant Program of the U.S. Department of Education, Office of Safe and Drug Free Schools.
Just Complying With NIMS Is Not Enough
Hospital, school and university officials may be tempted to just adopt NIMS and forget about the NFPA codes. This, however, is not a wise move. NIMS is not a system in and of itself; it is more of a guidance document that also defines the roles and responsibilities in the command structure. NIMS is a general document that can be applied to a wide variety of entities, both public and private. California has developed an additional directive called the Standardized Emergency Management Systems (SEMS) guidelines so campuses can conform to the state’s specific needs and laws.
This is why FEMA and DHS have recommended states adopt NFPA 1600 and NFPA 1561 as the standards for complying with NIMS. These two NFPA standards give specific requirements that demonstrate compliance with the intent of the particular standard.
A program developed to these standards ensures that everyone in the entity knows “who, what, where, when and how” during an event. It also provides evidence of due diligence and further reduces exposure to litigation after an incident. The business continuity portion of NFPA 1600 ensures the entity can continue providing services during an incident and has a plan to fully recover afterward.
Campuses Must Determine System Effectiveness
Once a hospital, school or university has implemented a program, there are a number of methods that can be applied to determine its effectiveness.
The first method is to wait until a situation happens and then review the successes and failures after the fact. This method probably will result in initial cost savings but remains incomplete and will cost significantly more after an incident has occurred. The disadvantage is that from the onset, the program is not compliant with the requirements of the standard and is reactive by nature. The failures are only apparent after the fact, thus exposing the entity to the possibility of legal action resulting in unforeseen costs.
The second method would be to conduct the exercises as required by the standard. This gives a better idea of how the program will work and where additional efforts are needed. Although obviously more comprehensive, it too remains incomplete in that most exercises are conducted as a scheduled event. Everyone involved is informed before the drill and basically knows what to expect; which, in many cases, resembles more of a choreographed ballet than an actual exercise.
One way to mitigate this effect would be to use a program such as “Incident Commander” that was developed through the Department of
Justice. The program is much more realistic than the tabletop or field exercises and throws in wild cards to keep everyone on their toes. It has the ability to raise the stress level approximating an actual incident.
