HAZARD VULNERABILITY ANALYSIS & ASSESSMENT IN HEALTHCARE: ADDRESSING THREE HVA RISK CATEGORIES

Matt Icenroad

We explore different risk categories that organizations should address in their hazard vulnerability analysis processes.

Share this post

Our world is faced with significant hazards, risks, and consequences from improper preparedness, response frameworks, and resiliency. To mitigate this, healthcare organizations utilize Hazard Vulnerability Analyses (HVA) to understand various risk factors and calculate risk scores for specific hazards. The previous articles in this series explored the use and accuracy of HVA tools as well as how the Delphi Technique can be employed to facilitate the risk assessment and hazard vulnerability analysis process in healthcare. In this article, we further explore three different HVA risk categories that organizations should address in their hazard vulnerability analysis processes.

Cybersecurity Threats

For many, cybersecurity concerns continue to rise to the top of healthcare organizational risk assessments. Although malicious actors may strike at any institution, cyberattackers largely target supply chain and financial institutions due to their impact on the American economy. Healthcare organizations are specifically vulnerable to cybersecurity threats, including data breaches, phishing and ransomware attacks.

Cyberattacks on protected health information (PHI) are especially critical as they can disrupt the provision of health care services to patients. According to the U.S. Department of Health and Human Service’s Office for Civil Rights (OCR), reports of PHI breaches by healthcare covered entities increased 45% from 2019 to 2020 with over 700 breaches reported in 2021.

To add to this, the Russia-Ukraine war has raised concerns over Russian hackers launching broader cyberattacks against Western allies. Governments and intelligence agencies have warned that nearly all organizations are at risk from Russian cyberthreats, whether state-sponsored or led by criminal organizations.

Click here to read more about Russian cyber threats from Jensen Hughes security risk consulting expert, Kenneth Bouche.

Energy Storage Systems

The use of energy storage systems (ESS) has accelerated substantially over the last two decades to meet the rising power needs of governmental agencies, power utility companies and commercial building owners. In healthcare organizations, when combined with other energy supply systems, ESS can offer a low-cost electricity solution that can be used to ensure continuous power supply for critical operations. Furthermore, ESS can be used to support new innovative technologies for staff, visitors, and patients, such as charging stations for electric cars in parking decks.

Lithium-ion ESS, however, carries a risk of fire and explosion not found within legacy energy storage systems. Although the fire protection community has developed standardized guidance for energy storage systems, even comprehensive fire protection, life safety and facility hazard mitigation strategies may not address all the risks. Hazard vulnerability assessments can be used to close these gaps.

Click here to read more about ESS safety concerns from Jensen Hughes industrial safety expert, Jens Conzen.

Clinical Engineering

Healthcare organizations continue to expand their service capabilities while introducing new innovative technologies and clinical devices to support delivery of care. While medical devices, in general, are not often perceived as carrying a great deal of risk in emergency preparedness programs, the hazards posed by devices that support clinical teams should be considered during hazard vulnerability analysis.

Medical devices are ubiquitous in healthcare. Thus, they are likely to be involved in hospital adverse clinical events and may play a role in operational concerns. Emergency preparedness programs need to account for the potential impact of medical device failures, such as the risks and hazards associated with automatic dispensing cabinets, the failsafe battery turnover of life saving equipment, and the unknowns of other medical devices requiring a level of resiliency.

Read more about medical device failures from Jensen Hughes risk forensics expert Scott Lucas.

Jensen Hughes is engaged with healthcare partners to discover these hazards, risks, and consequences and develop innovative solutions to complex challenges. Come back in a few weeks for the next article in our HVA series, where we review a case study involving the use of the Delphi Technique in hazard vulnerability analysis.

Stay up-to-date on our Hazard Vulnerability Analysis series:

Get in Touch

By completing the above form you have read, understood and accept our Privacy terms as well as our Cookie terms. Read our Privacy Policy.

Jensen Hughes ensures non-discrimination in all programs and activities in accordance with Title VI of the Civil Rights Act of 1964. If you need more information or special assistance for persons with disabilities or limited English proficiency, contact the Jensen Hughes Compliance Team at 410-737-8677 or compliance@jensenhughes.com. 

More blog posts from Jensen Hughes


Fine Art Security: A High-Tech + Crucial Component of Estate Security

Feb 2, 2023

When most people think of fine art security, they likely visualize museums, art galleries and high-end jewelry boutiques. But many private clients own expensive collections of possessions, such as art.

Read more
Using Digital Technology to Transform Your Police Department

Jan 24, 2023

Remember when business guru and Cisco CEO John Chambers famously announced that every organization will be digital?

Read more
Just Accepted a Position as Police Chief? Here’s Who You Can Turn to for Advice

Jan 19, 2023

It’s surprising how many times police chiefs have asked our law enforcement consulting team for advice on who to reach out to for information, feedback, and guidance on addressing technical police-related matters or community crises.

Read more