COVID-19 Town Hall: What HTM Professionals Need to Know

April 9, 2020

In this April 8 town hall, experienced healthcare technology management (HTM) leaders shared advice, best practices, and pertinent information HTM professionals should know when navigating the COVID-19 health pandemic, including onboarding, managing, and maintaining the massive amounts of new equipment required. 

Supplemental Files

Link Above Contains a Zipped Folder


  • Danielle McGeary, vice president of HTM at AAMI (host and moderator).
  • Mike Busdicker, HTM system director at Intermountain Health
  • Karen Waninger, HTM Executive Director at Franciscan Health Network
  • Jared Wilson, chief technology officer at Insight HTM
  • Stephanie Domas, executive vice president at MedSec

Danielle McGeary: AAMI would like to express our sincere gratitude to all of the HTM professionals who are working around the clock to ensure patients in hospitals have the equipment, parts and support they need to take care of those affected by the novel coronavirus. The coming together of the field even across entities who are normally competitors is truly admirable and is a true testament that all your work is rooted in deep empathy and compassion for those in need.

AAMI would also like to express our deepest sympathies to anyone whose health or economic wellbeing has been impacted by this pandemic. To help AAMI has created a centralized area of the AAMI website where attendees can get up to date information on AAMI and industry news regarding this pandemic. AAMI has also made a number of our standards around PPE and medical equipment disinfection free during this time. You can access those standards at AAMI's dedicated coronavirus page as well. The address of that page is

Finally, there has been a large number of questions about preventive maintenance (PM) completion rates and whether there will be any leniency for PMs during this time. AAMI has been in direct contact with the Centers for Medicare & Medicaid Services (CMS) about this issue and so has the Joint Commission and DNV. Regulatory agencies such as The Joint Commission and DNV accredit on behalf of CMS and therefore must follow the standards and rules set forth by CMS. The Joint Commission and DNV cannot waive any requirements unless CMS does. As of this April 8 webinar, CMS has not issued any waivers for medical equipment maintenance.

Response at Intermountain Healthcare (00:04:33)

Mike Busdicker: What I'm going to do is I'm just going to cover some things from the pre-planning phase. Some of the things that we've done for evaluation and reporting, some of the daily reports we're doing, surge planning documents or surge planning that we've done. As well as equipment and business continuity and talk about some of the steps to take in looking at all of that equipment that's coming into your facilities during this time that may not be sticking around once we get on the downside of this. Or items that you're requisitioning early like we are. And the process for checking all that stuff in and getting it into the system. So, real quick, around current conditions here in Utah, we have not reached our peak. And they're anticipating that our projected peak is going to be somewhere between May and June. As of today, we're approaching about 2,000 positive cases and we're seeing about 10% of those positive cases are requiring hospitalization. We have tested over 35,000 people across the state. And we seem to be a little bit lower than a lot of the others in that only about 5% of those that have tested are actually testing positive.

So here at Intermountain we are 23 hospitals, 200+ clinics across Utah, Idaho, and Nevada. We have 40,000 caregivers throughout our system and 112 of those are HTM caregivers. We have a shared service model here, so everything is hospital based as far as the technicians go and where they're located. But central operations for budgeting and command structure and things along those lines.

Setting up an Incident Command (00:06:21)

Mike Busdicker: The very first thing with Intermountain that we did, we put together, on our pre-planning, was at the organizational level, an incident command, as well as subgroups under that incident command. And of course HTM is under the logistics piece. We have a section chief under that logistics piece so that they're the one source of truth when it comes to equipment counts and availability. But we've got multiple departments that feed into that. So we look at the number of ventilators that we've got. We provide reports up to them and say, here are our numbers, here are the number of events that are ARDS (acute respiratory distress syndrome) capable, our advanced vents, noninvasive, neonate as well as other critical equipment that we've identified. Or that others have helped us identify across our system, whether it's feeding pumps, infusion pumps, beds, monitors, thermometers, a number of those items.

So, we've got individual reports and dashboards that the HTM Department feeds that information into as we present that data. And then that's escalated up to the state of Utah incident command. We make sure that we've got healthcare representation on that incident command center for the state of Utah. And what I would suggest is ensure that you've inserted yourself into that process. You don't have to be the actual person sitting in that incident command or on those meetings. But the information through HTM is funneled through one individual and it's going to that incident command at the state level so that you've got one source of truth. Now we don't share a lot of the detailed information, but getting them the reports that helps them identify from a state level and we're sharing that between healthcare systems as well.

Planning for Equipment Shortfalls and Managing Loaner Equipment (00:08:11)

Mike Busdicker: Again, just making sure that we're inserted in that process is very important. And then if you look at the daily reporting, from an HTM side, we're looking at our occupancy reports for standard beds and ICUs. We're looking at our numbers as far as ventilators usage, equipment that's down, as well as the status of that equipment. Any type of daily surge plans, so we anticipate day by day we're going to see a surge here and equipment going up. And really identifying what those shortfalls are. And in identifying what those shortfalls are, what are our plans are beyond that? So if we run out of feeding pumps, what are we going to do? Are we to go to gravity feed? And do we have the consumables and everything that we need for that? As well as, we have reached out and we've received a number of devices that are on loan to us from local college and educational institutions that have respiratory therapy programs. We've probably got over 50 vents that have been brought in to us. Now, with those 50, they're in completely different state of functionality.

It's important, and what we made sure of, is that anytime anybody's volunteering to donate, loan, or provide an option for us to purchase any equipment, all of that comes through HTM. There are so many emails that are coming through our facility and people are reaching out saying, "Yeah, I know this person who can do this and they have this available. Are we interested in them?" We make sure that all of that is funneled through HTM because we are the experts. We are the ones that know with that equipment what needs to be available.

What we're doing with all of that loaner rental, all of that equipment that is coming in, we're staging that from a central location. So, clinical engineering is in charge of that. We know what's there, we see what our daily surge might be. We preplan and then we're responsible for the movement of those devices and tracking of them as well as they go out to the facilities. And just making sure that we're on that frontline when it comes in. Because again, we are the experts to make sure that that device is up running and functional for what our staff is looking at.

As well as, really taking a look at repurposing of equipment. When you talk about anesthesia machines for ventilator use, what does that entail? What type of response, what type of support does HTM provide for that as well? So, we're not just leaving that up to the anesthesia docs and to our respiratory therapists. We're involved in that process, as well as any expansions we're doing in the ICU, we're dialed into that, as well as looking at our supplier business continuity plan. So all of our service providers out there, making sure that if they're willing to help the facility and offer certain things, again, it's coming through the HTM Department. And that all of the equipment is disinfected, it's sanitized properly. Equipment requests, we're involved in those at the state and federal level. I just want to make sure that HTM needs to be involved in all of the acquisition of any of that medical equipment that's coming in because we are the experts in that area.


Working with Ambulatory Surgery Centers (00:11:59)

Jared Wilson: That is fantastic to hear of HTMs that are coming up. When you talk about come up out of the basement, this is our chance to shine. So I'm really proud to be a part of this industry. And to see other HTMs rise up. My company is specifically built around providing HTM to ASCs. Now ASCs are a very unique market. They are what I would consider the wild west of healthcare. There are somewhere around 10,000 ASCs nationwide. And they are all scrambling to try and determine what it is that they're going to do and how they're going to do it. Some of them are choosing to close up shop, and some of them are choosing to pursue working with hospitals. Some of them are filing an 1135 emergency waiver … CMS created this waiver to allow ASCs to temporarily enroll as a hospital.

The implication here for the HTMs is a couple-fold. So for the facilities that choose to close up shop, before they reopen, there's going to be a lot of requirements for HTM involvement to get these ASCs back up and running. Medivator has issued IFUs for dealing with their endo system that have been shut down. Olympus, similarly, has stated that any of their OERs that are shut off from 14 days need to be put into long-term storage. So there's going to be a lot of work necessary to bring these devices back up, filters on sterilizers, stuff like that.

So those are for the facilities that choose to close. Now for the facilities that don't, if you've ever worked in an ASC, maybe you're familiar with the accrediting bodies. If you haven't worked in an ASC, probably not. Whenever you're contacted, and you will be, I've talked to many ASCs and they're all reaching out to HTMs to get work done. The first question you need to ask is who their accrediting organization is? If they're The Joint Commission, HFAP, IMQ, AAAHC, AAAASF.

IMQ is, according to their website, winding down operations. So that one's probably going to be going by the wayside here shortly. But for the rest of them, their accrediting standards are different than a hospital accreditation program (HAP). In a HAP, you can have an AEM. In an ASC, that is not an option. You cannot have an AEM in an ASC.

So what that means to us is when we go into their house, we need to follow their HTM program. Odds are, they don't have one. So at some point this is going to come to fruition. We need to work with them. We can point them to companies to consult with, to create an HTM program. But they need a medical equipment management plan (MEMP). They need their own policies and procedures. They need to define who their personnel is that's going to oversee this. They need to have risk analysis. They need a computerized maintenance management system (CMMS), they need PM schedules. These are all required.  This all comes right from NFPA 99 2012 chapter 10. ASCs didn't have to follow the 2012 until 2017 so this is new for them. The inspectors aren't even quite up to speed yet on how to inspect an ASC with HTM in mind.

So here shortly, this is going to be an issue. So they need to have a CMMS because they must have a complete inventory. There's no exceptions. There's no, "Yes, we have everything on record. Oh yeah, except that." They need to have a complete inventory. They must have all service manuals and service bulletins. I don't know of many hospital systems that have all service manuals or service bulletins. ASCs definitely don't. ASCs are typically built by physicians who get together and put their money and their equipment all into one building to do work.

So you have a Bovie sitting right next to a top-of-the-line Stryker endo system. It is the weirdest smattering of equipment you've ever seen. So we need to work with them to get them service manuals. And some of them have agreements with OneSource or some kind of a service manual library, but not all of them. So when you go into their houses, you need to be doing work for them. We're not there to just lick it and stick it. We're there to help them maintain compliance.

And the biggest thing for compliance for them is the OEM task and frequency. This is why they need to have the service manuals. They need to have the service manuals so that they can know what the OEM requires as far as what is part of the PM and how often to do it. And they just don't. They don't know what is necessary.

So the only other thing that I want to talk about, and Danielle touched on it, is that TJC has put in a request to CMS for a 60-day grace period for non–high-risk devices. That has yet, I actually just was messaging with Herman McKenzie—director of engineering for the Joint Commission’s standards interpretations group—and he says that, they have not had any word yet, but that is in the works. They are trying to get that through. But, unfortunately, we're still waiting.


Franciscan Health and Equipment Inspections

Scheduled Maintenance (00:18:30)

Karen Waninger: Franciscan Health is a 12-hospital system in Indiana and Illinois with numerous outpatient facilities that my team supports. We have about 70 HTM professionals in our organization spread all across the northern part of Indiana and the very north east corner of Illinois.

I just want to clarify that, as Danielle and Jared indicated, CMS has not granted us any waivers for the inspected completions on medical equipment inspections. However, there are some challenges in the world today, as I am sure you are all experiencing. I want to clarify that my comments are intended as suggestions and examples based on my own experience and with input from others in my organization. They are not meant to be taken as an example or as an opportunity for you to deviate from your policies or from your regulatory compliance requirements.

But the reality in our organization very early in the month of March started leading us to question whether we were going to be able to complete our regularly scheduled inspections on time. And we had vendors asking what the status was, were they expected to come in if a health emergency was declared? This was even before Indiana issued the “no travel” order, we were getting questions. So, please keep in mind that you need to be aware of what your organization's position is for vendor visits, for visitors, for vendor registration. And then also what your position is on how much information you will share with your vendors. We have had vendors asking us to fill out a weekly form or daily form in our Illinois site asking how many COVID-positive patients we have, asking what areas of the facility they are in. We're not providing any of that information.

What we have done is created a standard response to share with our vendors, and we created a standard—I call it a guidelines document—to explain to our team what the expectations are. I am happy to make that document available to anybody that wants it. But again, it's just a guideline and it is not official or sanctioned by any regulatory or accrediting agency.

What my team started hearing first was the request, “I don't care what you're doing, drop it and go do this now.” And that started coming from our hospital administrators, from our nursing staff, from a variety of different people that they are used to taking direction from within the facility. So it became really clear to me that I needed to put something in place that would be a document they could refer to, that would address what the expectations were of them for completing their scheduled maintenance, what the priorities were for their activities, and what the statement of expectations was for our vendors.

So I just created a document that I called a “Protocol for Scheduled Maintenance Compliance during a Declared Health Emergency.” It's a one-page document, it was reviewed by our regulatory compliance coordinator. She had a conversation with the person at HFAP. We are an HFAP-accredited organization, so she had a conversation with the person at HFAP asking, “Is this okay?” The response from HFAP was basically “Get done what you can get done, document what you can't.”

So based on that response, my department's specific guidelines simply state that when a health emergency is officially declared at a local, state, or national level, the availability of equipment and labor resources may be impacted in a way that negatively affects the completion of scheduled inspections. If possible, inspections on all equipment will still be completed as scheduled. If it becomes apparent that scheduled inspections would need to be deferred, the priorities for completion are as follows: Inspections on life support equipment and critical equipment are competed first. The work will be performed for equipment that is available when the appropriate labor resources are also available.

And just to add a comment on that, we have identified a number of our vendors that are willing to come in after hours to work in areas such as the radiology area or work on our linear accelerators outside of normal patient schedules. So they are choosing to come in after hours to complete regularly scheduled work, whereas in a normal situation they would be charging us. So that's part of the collaborative response that we have seen from a number of our vendors. It is appreciated. It works well for everybody. So again, the work will be performed for equipment that is available when the appropriate labor resources are also available.

I have seen some templates out there on suggested waivers. Again, noting that nothing is being considered for medical equipment, especially life support equipment. So in this document that I put together, I made it clear that our first priority is going to be complete inspections as scheduled if we can, especially on life support and critical equipment. But I also documented the expectation for what happens when that will not be done on time. And so for any inspections that cannot be completed as originally scheduled, due to the impact of this health emergency, the scheduled work order will remain open, the responsible technician will add a note or comment as follows, and I gave them very specific language to include. That language is “inspection managed per health emergency protocol.”

If we are consistent with the documentation in our work orders, then it's going to be apparent to any surveyor who goes to look at our history, what the reason was for a scheduled inspection not being completed on time. I understand that they may still not approve of this process, but at least we are consistent with our wording. All 12 of my hospitals will have the same type of documentation in the work orders that have to be deferred, not completed on time. Those work orders will stay open and we will ask the technicians to add that comment every time they attempt to get to a piece of equipment to perform an inspection, but that equipment is unavailable. “Unavailable” in this context has taken on a new meaning. If I look at the demand for ventilators across the country right now and in some of our organizations, there is no way I'm going to instruct my technicians to pull a ventilator out of that pool just because it's due for a scheduled inspection. So we will not be pulling ventilators out of the pool to do the inspections, we will not be asking our caregivers to swap out a ventilator that's in use on a patient just because it has an open work order in our CMMS.

I think that that's the reasonable and rational approach that has been approved by my organization leaders and that's what really is in the best interest of patient care, which is why we are all doing what we are doing every day. So that's a basic overview of the comments that I wanted to share.

COVID and Vendor Communication (00:27:31)

Karen Waninger: I also wanted just to let you know that the statement that we give our vendors who were asking about whether we have COVID patients asking what areas they are in, we are giving them a standard response that basically says their service personnel will be escorted by one of our technicians and will be expected to use the same PPE and the same precautions that our technicians are using, and it is in everybody's best interest to keep all of our workforce protected regardless of the risks. Whether it's COVID or whether it's some other contagious disease, our facilities have universal precautions and standard protocols posted in the patient areas that our employees are expected to follow. And so we will be escorting our vendor technicians, even if they're coming in after hours. We are adjusting schedules as needed to make sure that they have someone with them, if necessary, and that they are properly assisted with donning the personal protective equipment that is needed to keep their employees safe. So that's an overview of the changes we've made in our program at Franciscan. With that, I will pass it over to Stephanie.


MedSec and the Cybersecurity Perspective

Increased Cybersecurity Risks during COVID Crisis (00:29:32)

Stephanie Domas: As if everything that the previous presenters have not already put enough on your plate, I'm going to throw another topic on here, which is cybersecurity. So what I want to do is bring some cybersecurity awareness to what's kind of happening in healthcare spaces, specifically how it affects medical devices and your role as an HTM in the ecosystem.

One of the sad truths that I'll open with is that we are seeing an increase in cyberattacks on healthcare during this pandemic. It's important to keep in mind a lot of bad guys, they're not nice people and they view this chaos absolutely as an opportunity for increasing the successful rate of attacks against health care. So we are seeing an increased number of healthcare cybersecurity-based attacks. So how that pertains to medical devices kind of ties into the next two points here where a lot of new medical devices are being purchased right now and part of that purchase is that they're not going through the traditional cybersecurity due diligence that a lot of hospitals now have in place. So they're not being risk assessed at purchase time for cybersecurity, meaning they're coming in with a bit of an unknown about their cybersecurity risk.

In addition to that, we're seeing older devices being brought out of storage. We're seeing increased medical device movement. So you see pop-up clinics, we're seeing borrowing devices—Mike mentioned how they were borrowing equipment from academic centers—we see borrowing equipment from other facilities, and new expansions of where medical devices are inside of the hospital system. So you see things like ICU expansions, tents being set up for temporary ICU beds.

All of that leads to this idea that there is a lot of new medical devices, they're moving around both physically and on your networks. That is a very attractive thing to attackers. What we're seeing in the space is that it's not new or novel, cyberattacks that are being thrown at the hospital systems right now, it's actually old attacks. But because of these devices coming out of closets, coming out of old use, not going through the traditional cybersecurity due diligence, devices are getting set up with kind of old settings that are susceptible to old attacks. Some of these old attacks are now working against the new medical devices that we're seeing move around the network.

One of the things that's also of interest that I want to point out is that the FDA has released updated regulatory guidance around ventilators specifically. And the cybersecurity portion of that I want to mention is that the FDA has inside of this guidance document stated that they do not intend to enforce, as strictly as previously they would have, software updates that enhance the ability for remote patient care in these systems. In layman's terms, what that means is they are not going to enforce the traditional due diligence and scrutiny that they would on a software update to a medical device. In this case, if the software update is being put in place to make it so remote patient care can be given, meaning that you could set or reconfigure things like ventilators remotely, which limits the caregivers’ hands-on time near a patient.

There are good clinical reasons why this is happening, but from a cybersecurity perspective, what it means is you're going to start to potentially see software updates available for these medical devices that allow this remote configuration, but understanding that these patches have not gone through the traditional cybersecurity due diligence. So there's some risk involved and I won't tell you whether or not you should or should not install them. It's a risk-based decision that your team will have to make is that they can provide remote configuration and care of patients and of these ventilators, but also understand that they haven't gone through the traditional due diligence that would typically happen inside of a software update that would be coming out for a medical device.

Another one I want to mention is relaxing of a HIPAA enforcement. What HIPAA has done or what the Office of Civil Rights—which is responsible for enforcing HIPAA—has done, is they have released a notification of enforcement discretion for some of the HIPAA rules during this pandemic. What that means is it's not an excuse for us to throw HIPAA by the wayside, but what it does mean is that also some of these remote connectivity solutions that are coming out to enable some of this remote to medical care and medical devices that can be remotely tasked.

Again, some of these HIPAA rules being relaxed, it actually entices attackers because they know corners are going to be cut in regards to getting things up to speed quickly, equipment's trying to be set up quickly, telehealth solutions are being set up quickly, and some of the traditional due diligence that would happen from a HIPAA perspective is being skipped for good reasons. But understand that that actually attracts attackers as well, because they know now that some of those traditional hardening steps from a cybersecurity perspective are not actually being applied to systems. So this will attract even more attackers.

Measures to Increase Cybersecurity (00:35:36)

Stephanie Domas: One of the last things I wanted to give—that was all kind of background awareness knowledge–is I wanted to give a couple of just actionable pieces of advice. But I understand there's a lot on everyone's plate. There are a couple, not easy, but there are a couple actionable things that if you're able to fit it into the provisioning of these new medical devices as they move, as new ones enter your networks, that these can have significant cybersecurity protection.

The first and foremost one is changing default passwords before deploying medical devices. If older medical devices are being brought out of stores, they're being brought from outside clinics, they likely have the default passwords, default credentials all set up on those devices. If you have the ability and the time to change those, even if you bring in 10 new of the same device and you change all 10 to the same password, that's still better than having left them as the manufacturer's default password. A nontrivial amount of cybersecurity attacks are successful because the default passwords were simply left on a system and most default passwords are pretty easily guessable.

The next is verifying what network you're connecting to. This one has shown to be a problem with all of the device movement, having these temporary pop-up clinics, having some of these ICU expansions, is that traditionally your health or your hospital IT team probably has specific networks the medical devices are supposed to be limited to. But as we see this device movement and temporary uses of medical devices in non-traditional spaces, we're seeing medical devices get put on guest networks, the public-facing networks. These are all really big concerns from a cybersecurity perspective. My advice would be as you're setting up these medical devices in new areas, triple-checking what network that they are getting added to. If you're being asked to put them on something like a guest or a public network, if it is possible for you to question that decision and make sure that that has actually been approved at some kind of a cybersecurity level. Putting these medical devices on publicly accessible networks is absolutely a recipe for them getting attacked.

And the next is checking if there are software updates available. So I mentioned that a number of manufacturers are releasing software updates so they enable remote capabilities and configuration of these medical devices to help limit the exposure that clinicians are getting from having to, say, reconfigure a ventilator, but then also understanding that those software patches have not gone through the traditional cybersecurity due diligence. There’s risks involved with them. So understanding that usability risk, the stability risk, and the cybersecurity risk, but understanding that there are potentially software updates available for some of these devices that could actually aid in their ability to remotely care for some of these patients that are of high risk.


We have all heard about ventilator shortages and the associated issues with that: staffing using unfamiliar old vents, part shortages, critical repair issues, low manufacturing standards, etc. Are there any other pieces of medical equipment that have been a sticking point in other areas that had been hit or that may be anticipated to be a problem in the future? (00:39:32)

Mike Busdicker: Here are some of the things that we've taken a look at. Of course, the first thing we did was run down through our ventilators, and we did look at the vents, but I would like to get a little bit more in-depth on the vents. And the suggestion that I would have on that front, if you haven't already done that, is to be able to divide those vents out by capabilities. So you're looking at ARDS-capable vents—those that are acute respiratory distress syndrome—vents that are ARDS capable, any advanced vents, noninvasive vents that can be moved to invasive, vents that are neonate only. And then you want to make sure that you divide out anything like your CPAPs or BiPAPs that could create aerosolizing of the virus and make sure that those are a last resort in use as well.

Other things that we found that we're tracking to is our feeding pumps, infusion pumps. We've actually instituted or put in a plan B for each one of those that include gravity feed. So we're making sure that we've got the consumables that will be able to do that from a gravity feed perspective and we will utilize that on low-acuity patients first and have the most critical patients have the feeding pumps and the infusion pumps.

Thermometers as well, I know a lot of the healthcare facilities or organizations out there are going to temperature check visitors as well as staff coming into the facilities and that we just deployed probably well over 300 thermometers across the system to implement that. We're looking at beds, and again, from the acuity standpoint, how many ICU beds do you have, how many standard patient beds are there, what do you have as a backup as you stand certain areas up?

And then monitors, whether they're vital sign monitors, patient monitors, as well as we've stood up two ICU expansions and we had to take a look at what our nurse call capabilities were in those expansion areas. And then, once we stood those up and started looking at the equipment piece, a lot of our systems, our vents, and patient monitors, and other things, are connected to the EMR. And can you do that in those standup expansion areas? Do you use a connectivity engine, do you have enough of those, and is there a shortage of those and what do you need in order to connect those devices to the EMR?

And then from a staffing standpoint, we really put together a business continuity plan that said what happens if our staff starts going down, what happens if ... We look at it from a regional perspective, then a system-level perspective, and then in the continuity plan, to be able to implement things like Karen was talking about, to be able to identify what critical work is, as well as some of our non-essential staff. And I say “non-essential,” they're all essential. But our service coordinators, our parts and inventory, those type of individuals: Can we have them working from home and if we can, what does it require? What can we use to set them up so they have that? I hope that helps a little bit with that question about equipment shortages and staffing in those areas.

What kind of precautionary measures are being put in place in terms of staff scheduling to minimize contact between hospital HTM professionals? For example, are the HTM professionals working different shifts, or is the team being divided so that they are working a rotational schedule? Also, in the event that a member of the HTM team tests positive for COVID-19, are other workers also required to go into isolation too? (00:43:28)

Karen Waninger: Let me take those in reverse order. I want to speak to the second one first. If a coworker tests positive, the most important thing is to understand your hospital protocol, and to follow all of the changes as those changes happen. Early on, it was thought that 14-day isolation was required for anybody who may have been exposed. Our organization quickly realized if we did that, we would run out of staff. So we have taken a different approach and right now, any of our coworkers report to our employee health. They go through an assessment, and then take directions specifically from the employee health based on their specific vulnerabilities, the specific type of exposure, and the other four factors that are typically used when they're doing an assessment as to whether somebody is eligible to be tested or not.

Right now, our other coworkers are continuing to work unless they show symptoms. Some of them may be asked to wear just a general face mask if they have a cough or a cold unrelated. Clearly each individual situation has to report to employee health, and has to follow the recommendations from there.

The other part of the question was about staff scheduling. First and foremost, we made allowances for any of our employees who were in immune-compromised conditions to be able to work from home. I'm sure this is a shock for you all, but we have some database cleanup that these employees could spend time on, and so that's been addressed very early on, before we had actual positive patients in our organization. Those immune-compromised coworkers were allowed to work from home.

We are reassigning work as needed. Some of our areas have been closed, so the equipment is easily accessed. Our ambulatory surgery centers ... We are not doing elective surgeries, and only emergency surgeries are being done in our hospitals, so we've got a lot of equipment that's available now during the day that may not have been otherwise. We have not put together a specific rotation or shift change. We are asking our team members to use good judgment with social distancing, even when they are at work, and we are making adjustments on a day-to-day basis for work assignments. But we have not put anything formal in place.

What will the aftermath be like in disinfecting facilities and equipment? (00:47:02)

Jared Wilson: Just like everything else, it's going to be a matter of just referring to your instructions for use (IFUs). Beyond the IFUs, and using whatever the manufacturers recommend for cleaning agents, work directly with your infection control officer to go through all of your devices. There's not going to be a one-size-fits-all solution as far as a cleaning agent. It's just going to be a matter of device-by-device going through all the IFUs. … So every device, you'll have your service manual, your user manual, but usually there'll be a condensed version, there'll be your IFU. That'll give you standard cleaning procedures, and that's what you need to be referring to for all devices, and they're all going to be unique.

Beyond all the tremendous amount of work we're doing to combat this pandemic, how are we taking care of our most valuable assets, besides providing standard and extra safety protections, PPE, to HTM staff? What other measures are their respective organizations doing in terms of taking care of their staff? Things like extra training, shift and schedule changes or adjustments, compensation, days off, or incentives. (00:48:07)

Mike Busdicker: I'll echo some of the things that Karen said when she was talking, and that is shift flexibility. When we look at ... And they are our most valuable assets, is the people that work for us, our caregivers in our departments. One of the first things we did here as we started the process was looked at shift flexibility. And we said because of the school closings, we've got some of our HTM personnel who need to stay home now at certain times because their kids are home, and maybe they've got a spouse or a partner that works different hours. So we've allowed shift flexibility. Again, we didn't put anything in place from a standard perspective, but we said, "We're going to work with you in whatever way we can to allow you the flexibility to be able to work the hours that you want or need to." And also with that, we've got some that say, "I'm more comfortable working in the evening based on what's going on with the pandemic than I am during the middle of the day." So we allow them to flex on that as well as their shift times.

Some of the other things that we're doing, we look at making sure ... Our organization puts out a communication every night. They send out a COVID-19 communication from the organizational perspective, with different things on it as far as PPE and what to expect, as well as making sure that our caregivers know the employee assistance program is available to them if they just need to talk or they just need to get out, as well as telling our staff, "Listen, if you're involved in this and you're getting to a point where it's frustrating or your anxiety's up... Just take a walk. Just step away, take a walk, and just take some time to clear your head."

We make sure that our staff is ... One of the first things we did is we sent out a message to all of our staff and said, "Who is N95 fit-tested? Who's had powered air-purifying respirator (PAPR) training?" And for those individuals that have not been, we've said, "We're going to make that available to you right now. If you'd like to do it now, we'll make it available. If not, we can do just-in-time training or whatever you're more comfortable with, as well as mask and glove removal." In our organization, the staff, if they're patient- or visitor-facing out on the floors, they need to wear a mask. What we're asking them to do is to reuse those masks and not throw them away after one use, so we've given them training on how to remove that mask the best way, how to store it in a paper bag, as well as face shields and contained goggles.

We're also asking staff to ... From our leadership perspective, so our directors and supervisors, to document everything associated with strictly COVID-19 responses. So do we have overtime that's being accumulated because of expansions or testing equipment that's coming in, the loaners or rentals, or that equipment that's coming in for testing? Or parts ordering. Keep track of all of that COVID-19–related stuff, because at the end of it, you know what? We're going to toot our horn and say, "Here's what clinical engineers, here's what HTM did in response to the pandemic within the organization, and how we helped out."

Every morning I have a daily report that my directors and supervisors do and that identifies each individual staff member. Are they in the shop? Are they not in the shop? Are they out because of COVID-related issues? Or are they out just on standard PTO? We keep track of that every single day across the organization.

Then the other thing is, we've got a lot of organizations around here that are offering a free lunch or things like that for healthcare workers that are on the front lines. And what I told my staff is, "You are on the front lines, take advantage of those things. Get your free dozen donuts on Monday from the donut shop," as well as if we could schedule something with our suppliers to provide lunch to our staff, we're doing that as well.

Are the ANSI, NEMA, and MDS2 forms for the risk assessment and management of security risks required and/or being utilized by users and clinical engineers? (00:53:09)

Stephanie Domas: The forms that are mentioned are forms that are not necessarily ... It depends on your organization whether or not they're being required. They are not required from a regulatory perspective. From an FDA perspective, those forms are not required to be filled out or disclosed to hospitals in the purchase of a medical device. You see an increased number of hospitals requesting them, specifically the MDS2 form. It's …the Manufacturer Disclosure Statement for Medical Device Security. Essentially it's a medical device cybersecurity disclosure form. And so for those not familiar with it, in situations like this where I mentioned a lot of the upfront cybersecurity risk assessments are struggling to be completed, those forms can be really great places to look real quick to see things like, can I change the passwords?... what passwords can I change?... and help quickly answer and carry out some of those recommendations I have. But they are not required forms, unless you as a hospital system have decided they're a required form, and are asking the manufacturers for them.

Has the Joint Commission, DNV, or HFAP suspended surveying for the time being? (00:54:44)

Danielle McGeary (answering for AAMI): AAMI has been in contact with The Joint Commission and DNV and yes, they have suspended their surveys for the time being. We have not specifically heard from HFAP. We can follow up, but I would assume that they probably followed The Joint Commission and DNV.

Is the ASHE [American Society for Health Care Engineering] 1135 waiver request a valid approach? (00:55:10)

Mike Busdicker: Yeah, it is. It is a valid approach. The biggest thing that I think you're going to run into and what we've seen here, and maybe Karen could validate or ... What we're seeing is the timeframe. You can submit and put that 1135 waiver request in, but it's just taking ... I would imagine that there's a lot of them coming through, but the timeframe, it's just the lead time on it, it's just taking a phenomenal amount of time to get it pushed through and approved. And we haven't even gotten anywhere near getting ours approved out here. I know that AAMI has talked with CMS, and I think pushed from an industry standard, but I think it's just the lead time on trying to get it approved. It is a viable option, but getting it approved is another thing.

Karen Waninger: I actually took a look at that as well as the spreadsheet of all of the recommended requirements for their interim life safety and their critical checks. The ASHE document had some very good recommendations for deferment times. They're saying on a lot of it, 60 days after the end of the health emergency, which I think is reasonable and appropriate. But back to Mike's point, I'm not sure if there's any value in actually filing that waiver as much as there is just creating your own documentation or reference, so that you can show the actions that you took, the rationale behind taking those actions, and have a plan to go past what this scenario is, and to get back to a normal operating state from there.

Mike Busdicker: And I think Danielle, you could start this process for the 1135 waiver and then do exactly what Karen said, and just say, "While we were waiting, this is what we've implemented."

During this time, how can we train our BMETs that are not trained in ventilator repair to be able to work on them, and where do we find resources for ventilator maintenance? (00:57:37)

Mike Busdicker: Well I would say, here, one of the things that we would look at is the sharing of our resources across our system. We have 112 FTEs across the system and we've got a number of them that are ventilator trained, and they're trained on different types or different manufacturer models of ventilators. But that doesn't mean that we can't take one person from a site that's in our southern geographic area, and utilize them in the northern geographic area to get vents back up and running and functional and available to use for COVID-19 patients. Outside of that, rely on those health systems. We're in an unprecedented time, and utilize those healthcare systems or organizations within your state. We've got different organizations within the state of Utah, and we know those individuals, and we could reach out and understand what their training is so that we could potentially utilize that, as well as them utilizing our staff to help. This is a national problem, not just a single healthcare problem.

Jared, from a consulting perspective, have you seen this? And what would be your advice for those small hospitals that are maybe facing this challenge? (00:59:07)

Jared Wilson: One of the things that we've done in my company is establish a group where we can have HTMs reach out to each other directly, across state lines, wherever, to help each other. If I've got expertise in imaging, and someone has it on C-arm, then I can help them out. But if I need help with a sterilizer, then they can help me out. So that is definitely something that I have seen be very valuable, not just now but in the past, but especially right now.

Mike Busdicker: And especially lean on those HTM societies if you've got them.

Jared Wilson: Absolutely.

Danielle McGeary: AAMI does have a free COVID-19 discussion group in AAMI Connect in the HTM discussion group. So if you're not a member of that group and would like to be, please reach out. It's a great way to talk to your peers, ask questions, get real-time answers and see what other people are doing. Or if you're stuck looking for service or parts, it's a great avenue to reach out. And again, that's open to everyone during this time. You don't need to be an AAMI member, so if you'd like to be part of that discussion group, just please shoot me an email and we'll get you all set up.

Some states are revising their requests for supplemental ventilators from federal and other sources. What role, if any, are you playing to inform your state's government on existing clinical equipment inventories? (01:00:33)

Karen Waninger: What we have identified here in our Indiana and Illinois locations is the state has distributed allocations of ventilators, and our incident command center from each of our hospitals is feeding to our corporate incident command center. And then we have representatives from our corporate incident command talking to our regional and state incident command centers. So that information is being collected and fed throughout the organization, as well as up to the states. What we are seeing right now, fortunately, is no shortage of ventilators. What we are seeing, however, is that the ones supplied from the state are a different manufacturer [or model] than what we have originally.

Mike Busdicker: I would say the same thing that I said earlier on in the presentation, is make sure you insert yourself into that process. What we found early on was that our county health departments were asking for information from local facilities, while the state was asking it from our corporate facilities, so we had requests coming from multiple directions. And what we made sure is that we inserted ourselves into the process from the corporate side and the state side and said, "Listen, we need to communicate this. This communication needs to go across the state,” so that we don't have multiple requests coming in, we have one source of truth, and then ensuring that we identify, like our ventilators, like I said, in the terms that they understand from the ARDs, the noninvasive, and those from that aspect.

And then when there's any type of ... all of our health systems come together and report that data and information, and what we need to do from a state level then, is look at it and say, "If we're going to request from FEMA, then it needs to come from the state itself with input from all of the health systems within the state on what our projections and plans are and what we need.” And, again, when those vents come in, I know there's organizations out there that are doing the best they can and are trying to help, but if they're not companies that deal with medical equipment, servicing of ventilators, putting that stuff back together, making it functional and operational and know what it is they're doing, I would be extremely hesitant with that and ensure that the HTM community is involved from the start.

Karen Waninger: Just one more thing to add on. We've had all of our vice presidents of medical affairs for each of our facilities very involved, and our respiratory therapists and anesthesiologists from all of our sites have worked together. So this truly is an organization-wide approach. They have decided what priority they're going to take with their ventilators. The ventilators, the anesthesia machines that could be repurposed as ventilators, the BiPAPs, how those could have filters and attachments added to use those in a worst-case scenario. So all of that has been addressed from the medical team and not just the HTM team. We've had good conversations across the board on that.

If a healthcare system is deploying medical devices on an appropriately segmented network, do the remote access software updates still present a significant risk? (01:04:31)

Stephanie Domas: If that network segment is actually properly locked down, I would say it depends on what type of remote access it's presenting. Some of these remote access solutions are Internet facing, meaning that segment will still have to go out to the Internet, and then it would be tasked from a remote web portal. So there is still an Internet-facing risk. Some of these updates are allowing it to be tasked from a nurses’ station or a central station that is then located on the same network. In that case, the risk is not there because it's never Internet-facing traffic. There's still some risk if it's one that actually still reaches out to the Internet, but having it on a properly segmented network is absolutely a great step and a great security control.

What are you doing about vendors who refuse to come on site and perform PMs on life safety devices? (01:05:40)

Karen Waninger: We actually just had a conversation with our risk management team and our legal team on Monday about that just to make sure that we were all on the same page. Those service contracts have wording in there. It's usually not to the organization's favor unless you've had legal and risk review it before you put those service agreements in place. If it's a time and materials agreement, then you are somewhat at the mercy of the policies of that vendor.

So we are, again, just reassuring our vendors that our technicians will be with them. We will make sure that they have the proper protection. We will make sure that the equipment is properly disinfected as it is removed from any patient room, regardless of what disease or sickness that patient had. So it goes back to just a lot of them may not be aware of universal precautions and standard protocols. It's our job to educate them and reassure them.

Mike Busdicker: Yep, I agree Karen. And we haven't run into that situation yet out here, knock on wood, but what we have communicated and what we'll continue to communicate with our suppliers is if we have a full-service contract on those devices and they're required PM, we are continuing to communicate with them that there is no waiver from CMS on that, and that they are required to come in under contractual terms. And if they don't, then we will hold them accountable for that missed PM or no PM being done on that. So we will hold them monetarily accountable for that as well as the potential of breach of contract.

Now there's some of them out there that they're the only player in the game, and there's not much that you can do with that except really try and push it up the chain with them to try and get them in there. But, and I agree with Karen on the time and materials side, you're kind of at their mercy unless you've got alternative sources that you could go to on them and say, "I've got a supplier here that's willing to come in and do this and take all the necessary precautions and we're going to help them with that. And if you're not willing to do that then we may utilize other sources in the future."

Will AAMI may be taking an advocacy role with CMS to temporarily ease PM completion requirements? (01:08:20)

Danielle McGeary (answering for AAMI): AAMI is not an advocacy organization and we do not advocate, but what we do is we provide education and information to relevant partners such as our regulatory partners and manufacturers. I can assure you that we have reached out to CMS and we have expressed our concern in regards to what we're hearing from the field. And we bring that information forward while keeping the individuals, organizations, and hospitals confidential, of course. And it is our understanding that DNV and The Joint Commission have been talking to CMS on a daily basis. So we have been talking to CMS from all different angles and they have heard our concerns, and we will continue to follow up with them.

Mike Busdicker: Can I go back real quick on the other one and just mention something real quick? And that is, one of the things that we've done here at Intermountain Healthcare is we took a look at it. Not only do we have our internal business continuity plan, but we've requested continuity plans from all of our major suppliers. And it's not just the national letter that they've sent out to everybody. What we want to know is, what if this happens in this region and you're short-staffed? What is your business continuity plan? What is your continuity plan to provide us parts? What is it? So we've asked for those and we've filed those business continuity plans with the internal HTM business continuity plan.

Karen Waninger: I just want to add one comment with regards to the advocacy with CMS. When these organizations are coming onsite for surveys, keep in mind that they are supposed to be surveying based on what they find in the organization at the time of the survey. I know that they like to look at your historical documentation, but they're supposed to only be doing citations based on what they find at the time of the survey. So, if surveys have been deferred, I think that we're going to have time to recover as long as you can appropriately document what actions you did take during the time of the health emergency. Again, I'm not an official on this by any means, but based on my past experience during numerous surveys and in conversations with the different accrediting agencies, that has been the approach that they have taken.

Karen, do you agree with the 60-day window that was recommended? (01:11:06)

Karen Waninger:I believe that makes sense. If you can get to it sooner, great. If you can't get to it, 60 days is going to, I believe in most instances, give you time to get back to those highly critical inspections that were unable to be completed during the emergency. So I believe that is a reasonable time frame.

Since CMS has not issued a blanket waiver to defer PMs, how are you measuring your on-time completions? (01:11:42)

Mike Busdicker: So, again, right now it's business as usual with the department as we continue to move forward and in our business continuity plan, what we put in there was as if we start to experience staff shortages because of the pandemic, then what we're going to do is start evaluating what PMs are due and scale back. We're going to scale back on those non–life support, noncritical devices that we feel as though we don't need to do at this point. That could be our off-site clinics, it could be our InstaCares, as well as within the walls of our acute care settings as well. And what we'll do is code them differently on a completion type code that we can be able to track and say these were closed out because we went into our business continuity plan, implemented that, and here's what we scaled back on and we will separate them out from the different completion percentage, or completion dates, or average time to repair, or average time for the PM completion.

Karen Waninger: Danielle, in my protocol that I've put out from my team, I actually addressed that specifically with a bullet point. We will consider any such deferred inspections to be compliant with the applicable inspection schedule and management plans where appropriate documentation of management activities is included in the service history.

Is there any new guidance concerning the reuse and reprocessing of N95 respirators? (01:13:39)

Danielle McGeary (answering for AAMI): If you go to we have a resources page set up that addresses a lot of those issues, where we're not the subject matter experts on the phone right now to answer that specific question.

Mike Busdicker: ECRI also put out a document that came from STERRAD that talks about sterilization of N95s.

Are there efforts in place to determine if the medical air and oxygen systems are capable of handling additional ventilators, especially in newly set up areas? (01:14:06)

Mike Busdicker: When we've stood up our expansion ICUs in our area in some of our facilities, what we did is we made sure that we worked hand in hand with facilities management and gave them what we're looking at in the specs and they were able to go in and take a look and say, "Yes, we can handle it." Or, at one of our facilities they said, "No, we need to upgrade this in order to be able to do it." They asked for the dollars, it was given to them. They did the upgrade. And now we're good to go.

Please provide some insight on how your HTM staff addresses cleaning medical devices with muffin fans and filters, for example, diagnostic ultrasound machines. Are these type of machines dedicated to Covid patient rooms? Are these machines taking the central supply’s staging area for cleaning? (01:15:39)

Karen Waninger: So, for example, we have a portable X-ray device that was taken to our outside drive-through testing facility area, our temporary triage unit for our emergency department expansion. That device will go through a standard wipe-down and cleaning before it comes back into the hospital. One of the other approaches that we have as an option is to make sure that these devices are set aside for the 96-hour cycle to make sure that any live spores would no longer be alive.

Mike Busdicker: At this point right now, no we don't. But what we have done in a lot of our acute care facilities, some of our rural facilities, we've said, "You know what? You're not Covid treatment patient facilities unless they're really low acuity,” and then you can isolate them in the isolation room at those rural facilities. At our larger facilities what we've done is we've said, "This floor is designated, this area is designated." And then we've looked at it and said, "Okay, to designate this area, what are we going to need in there to provide the patient support that we need? Do we need an ultrasound machine? Do we need a portable X-ray? What other stuff that we need?" And once we roll them into that designated area, that's where they're at… is in that designated area until we deem that we may need them somewhere else. And if we do then we're going to do a full disinfectant sanitization and cleaning of those devices before they go anywhere else.

Karen Waninger: And just one clarification, our infectious disease team took a look at, for example, the fans in the MRI, the CT, as a patient is going through. They deemed that those fans were not producing aerosolized virus and so those devices, that equipment, goes through its standard wipe-down between patients. We have worked with our vendors to make sure that we're using the right disinfecting wipes so it's not damaging the screens, not damaging the tables and the plastic components or the fiberglass components, as well. So that goes back to Jared's comments about knowing your instructions for use and what really can be used for disinfectant on the different types of equipment.

With all the new different equipment, not just ventilators, being added to HIMs, are you seeing capability issues amongst equipment and data sharing? (01:18:33)

Mike Busdicker: At Intermountain, we haven't reached peak so a lot of the things that we've got right now from an equipment perspective that are different than from the standards that we've set within the organization are actually sitting in a warehouse or a storage area at a staging point right now until we see that peak start to climb. And, again, the nonstandard equipment that we've gotten in, whether it's loners or even new acquisition, that equipment is on the list last. So we use everything that we've got standardized first and then we'll move to those that are not, with the anticipation that we may not be able to digitally capture, we may not be able to capture that information across the network, into the EMR, and it may have to be entered manually by paper or from that aspect.

What are you seeing from a cybersecurity firm's perspective? (01:19:45)

Stephanie Domas: I'm foreseeing a lot of increased data sharing, which is where some of my precautions came about from making that more alluring to attackers. You're seeing more medical devices, they're moving, they're being put on temporary networks, they're communicating back to more remote servers, which I mentioned now with the ability to do some remote tasking of some of these new medical devices and remote configuration. So you're seeing that kind of information now leaving hospital networks. We're seeing just a lot more data being exchanged on networks that have potentially been set up in a hasty manner or it's not a network that was traditionally hardened for medical devices. It's just drawing more attacker scrutiny and more attacker attention. But we're definitely seeing a large increase in the amount of medical device data that is going around on these networks.

For Coronavirus updates from AAMI, including important resources, visit