NHS Fylde and Wyre Clinical Commissioning Group Business Continuity and Incident Response Plan Version Control Version Number Reason for Update Date of Update Accountable Emergency Officer Sign off 01 25/3/14 NHS Fylde & Wyre Governing Body Sign Off Page 1 of 37
Contents 1.0 Purpose 2.0 National Guidance and Statutory Requirements 3.0 Objectives 4.0 Plan 4.1 Introduction 4.2 Business Continuity management roles and responsibilities 4.3 Reviewing 4.4 Response (Hazard Analysis and Risk Assessment) 4.5 Business Impact Analysis 5.0 Framework for Fulfilling Duties Related to Emergency Preparedness Resilience and Response (EPRR) 6.0 Responsibilities 7.0 Hazard Analysis and Risk Assessment 8.0 Resource Allocation 9.0 Development of Plans 10.0 Training 11.0 Testing, Monitoring and Communication of Plans 12.0 Review 13.0 References and Underpinning Materials Page 2 of 37
Appendices: Appendix 1 Appendix 2 Appendix 3 Appendix 4 Fylde and Wyre CCG on-call manager Action Card Process Plan for Activation / Response to an incident or threat to business continuity Proforma - Crisis Response Team Notes Proforma - Actions Required Log Page 3 of 37
1.0 Purpose 1.1 The purpose of this document is to set out a holistic management process and plan (Business Continuity Plan - BCP) that identifies potential threats to the CCG as a Business Unit and the impacts to business operations that those threats, if realized, might cause. This plan provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of the CCG, its key stakeholders, reputation, activities and the process for restoration of normal functions and services. 1.2 This plan details how NHS Fylde & Wyre CCG will meet its duties as set out in legislation and associated statutory guidelines, as well as any other issues identified by way of risk assessments and identified capabilities. 2.0 National Guidance and Statutory Requirements 2.1 The responsibilities for emergency planning are set out in the Civil Contingencies Act (CCA) 2004, Section 46 of the Health and Social Care Act 2012 and the NHS Commissioning Board Emergency Preparedness Framework 2013. 2.2 The Civil Contingencies Act 2004 aims to establish a consistent level of civil protection across the United Kingdom. The act provides a framework for organisations and agencies planning for local and/or national emergencies and explains how these organisations and agencies should work together, providing a framework to formalise joint working. 2.3 Under the Civil Contingencies Act (2004), a number of multi-agency organisations were designated as Category One or Two Responders. Category One responders are those organisations at the core of emergency response (e.g. emergency services, local authorities) and must comply with a full set of legal duties under the CCA. Fylde and Wyre CCG is a Category Two Responder. 3.0 Objectives 3.1 The Objectives of this document are to ensure NHS Fylde & Wyre CCG acts in accordance with the Civil Contingency Act 2004, the Health & Social Care Act 2012 and the Department of Health national policy and guidance by: 3.1.1 Ensuring the CCG can maintain its Core Activities and continue to meet the requirements of its stakeholders by managing any incident that may cause a business disruption to the organisation, such as: o o o o o Loss of Technology (IT/Communications) Denial of Premises (Fire/Flood) Staff Shortages (e.g. Flu Pandemic) Utility Failure (Electricity/Gas/Water) Key Suppliers/Partners Failure Page 4 of 37
3.1.2 Ensuring in its capacity as a Category 2 Responder that the CCG diligently engage and cooperate with Category 1 responders in terms of 1) Planning and Prevention and 2) responding to Emergencies this will be achieved through support to Category 1 responders, supporting the NHS England Area Team to discharge its EPRR duties and functions locally and ensuring representation on the Local Health Resilience Partnership (LHRP). 3.1.3 Ensuring that as Commissioners, the CCG includes relevant EPRR elements (including business continuity planning) in contracts with provider organisations in order to: Ensure that resilience is commissioned in as part of the standard provider contracts and to reflect local risks identified through wider, multi-agency planning Reflect the need for providers to respond to routine operational pressures e.g. winter, failure of providers to continue to deliver high quality patient care, provider trust internal major incidents Enable NHS funded providers to participate fully in EPRR exercises and testing programmes as part of the NHS England EPRR assurance processes. 4.0 Plan 4.1 Introduction A Business Continuity Plan (BCP) is a documented collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical activities at an acceptable pre-defined level (BS NHS 25999:1 Guidance, 2009). 4.2 Business Continuity Management Roles and Responsibilities a) Accountable Emergency Officer: The Accountable Emergency Officer is responsible for Emergency Planning Resilience and Response (EPRR) and for ensuring that business continuity plans are robust to support delivery of core business functions and to ensure these are updated as necessary. In addition the Accountable Emergency Officer will act as the CCG s representative on health economy wide EPRR and Business Continuity groups. The role of Accountable Emergency Officer within Fylde and Wyre CCG is part of the Chief Clinical Officers remit. b) CCG Governing Body: The CCG Governing Body is responsible for setting the strategic context in which business continuity and service recovery procedures are developed, and for the formal review and approval of this Policy. The Governing Body is also responsible for determining the accepted levels of business as usual, through monitoring service delivery and approving suggested developments. Through the commissioning and contract monitoring processes, the Governing Body is responsible for gaining assurance that providers commissioned by the CCG have adequate Business Continuity Management systems and processes in place to ensure service continuity. Page 5 of 37
c) CCG Senior Managers (Chief Operating Officer, Senior Operating Officers and Chief Finance Officer) will: ensure the BC plan is reviewed regularly and updated as necessary to maintain good quality control of document information Notify any BC plan revisions to the Emergency Preparedness Officer Support business continuity awareness and acceptance amongst staff and ensure that all of their staff are aware of their responsibilities within the BC plan. Participate in training and or exercises. d) The Emergency Preparedness Officer is responsible to the Accountable Emergency Officer for ensuring that Fylde and Wyre CCG meets its statutory duties and complies with all EPRR guidance e) All CCG Staff: All staff are responsible for understanding the plan and co-operating with the implementation any relevant plans as part of their normal duties and responsibilities. 4.3 Reviewing The Business Continuity Plan should be revised annually by the Executive Management Team and be ratified by the Governing Body. It should also be reviewed should any significant service re-configuration take place. 4.4 Response (Hazard Analysis and Risk Assessment) 4.4.1 Fylde and Wyre CCG will conduct Business Impact Analysis (BIA) on all areas of its activity (in accordance with BS NHS 25999 guidance 2009) in order to establish the dependencies of each function in terms of its everyday tasks / critical functions and the Maximum Tolerable Period of disruption before which the viability of that function will be affected. This will be reviewed annually and form the basis of the Business Continuity Plan. 4.4.2 As Category two Responders under the CCA, Fylde and Wyre CCG will respond to reasonable requests to assist and co-operate the NHS England Area Team should any emergency require wider NHS resources to be mobilised. Fylde and Wyre CCG will have a mechanism in place to support NHS Area Teams to effectively mobilise and coordinate all applicable providers that support primary care services should the need arise. Examples of such wider requests may include: a) Co-ordination of healthcare support resources to provide direct support when a Rest Centre has been established b) Co-ordination or notification of healthcare support resources in an outbreak situation e.g. ensuring vaccination programmes are undertaken c) Notifying GP Out of Hours providers of any service problem with the 111 service d) Co-ordination and liaison with local partners with regard to urgent care issues such as winter bed crises. e) Management of local incidents on behalf of the NHS England Area Team in circumstances where multiple incidents are occurring simultaneously across Lancashire Page 6 of 37
f) Other Business continuity issues such as widespread IT failure affecting Many GP practices g) Other issues affecting CCGs own business continuity such as fuel disruption, pandemic flu or a large scale disaster h) Emergency / Out of hours for Individual Patient Funding requests i) Emergency / Out of Hours Safeguarding Management When Category 2 responder activity is either requested by NHS Lancashire Area Team (Silver Command) the CCG On-Call Manager (out of hours) must comply with the Clinical Commissioning Group (CCG) On call Staff Action Card (Appendix 1) and will link back to the CCGs nominated Crisis Response Team leader (usually the Chief Operating Officer) or other nominated Fylde and Wyre person (if Blackpool CCG are providing On-call cover they must inform F&W CCG Senior Manager as well as BCCG and vice versa) 4.4.3 NHS Fylde & Wyre CCG will work collaboratively within the local health economy to prevent business as usual pressures and minor incidents within individual providers from becoming significant or major incidents. This could include the management of commissioned providers to effectively coordinate increases in activity across their health economy which may include support with surge in emergency pressures. Page 7 of 37
4.5 Business Impact Analysis is a process of analysing business functions and the effect that a business disruption might have upon them (ISO 22301:2012). 4.5.1 Analysis of Functions No WHAT IS PROVIDED (BUSINESS FUNCTION)? (This should be quite short and derive from the aims and objectives of your directorate) WHO DELIVERS AND WHERE? TO WHOM? HOW? WHY? 1 Commissioning Contracting and Procurement Department Chief Operating Officer Senior Commissioning Managers (x4) Commissioning Manager (x 1) Commissioning officers (x 2) Office based at CCG Offices, Wesham. Regular meetings occur across Fylde Coast occasional other meetings within North West S&LCSU Embedded team Quality & Performance manager x1 BI Analysts x 2 Finance x 1 Contract Managers x 5 Support officers x 2 Commissioned Providers; Partner Organisations e.g. LCSU, LCC, BBC, NHS Area Team. CCG Member practices, member of the public Commissioning Support unit, Commissioning Partners, other Lancashire CCGs, NHS E and LCC Personal Office Working Remote working using IT/telephony Use of meeting rooms at base & other organisations Meetings with providers Collaborative meetings with Commissioners To Commission and provide safe and effective health services in consultation with and designed to meet the needs of the Fylde and Wyre population To monitor Contract Performance and Analyse and produce Integrated business intelligence *Note: Embedded team work across F&W and BCCG Page 8 of 37
2 Finance & Information Management Chief Finance Officer Head of Finance & Business Finance Manager (2) Information Manager CSU support Office based at Wesham Regular meetings across Fylde Coast and Preston. Occasional meetings in M/C Commissioned Providers; Partner Organisations LCSU, LCC, BBC, NHS Area Team. CCG Member practices, member of the public Personal Office Working Remote working using IT / telephony Use of meeting rooms at base & other organisations Meetings with providers To provide financial management across the CCG functions and achieve financial targets To offer advice and business support to CCG colleagues To engage with and provide mandated returns to Area Team Collaborative meetings with Commissioners To promote financial best practice across the CCG Assure the Governing Body that Information Governance is maintained and promoted within the CCG To provide an IT service to CCG member practices 3 Corporate/Secretariat Head of Comms, Engagement and Development (1) Corporate Affairs/Gov Body Secretary (1) Exec Assistant (1) Personal Assistant (1) Admin Assistants (4) Council of Members, Governing Body members and all CCG staff Personal Office Working Remote working (using remote IT/telephony) Use of Meeting Rooms at Base and other locations To contribute to the development of the organisation and delivery of its objectives. To provide Communications, engagement and marketing support. Page 9 of 37
Office based at Wesham some meetings off site Co working with CCG and other Colleagues Meetings with Providers Home working To oversee and provide leadership for the organisational development function; and Freedom of Information function To ensure the CCG s business is managed in accordance with the CCG s Constitution and statutory requirements. To ensure effective processing of the business of the Council of Members, Governing Body and subcommittees. To provide administrative and support functions within the CCG. 4 Quality and Governance/ Contract Quality and performance Chief Nurse (1) Senior Governance Mgr (2) Clin Qual / Gov Mgr (1) PPE Mgr (1) Pharmacist (1) Office based at Wesham Regular meetings / visits in dispersed locations e.g. Hospitals, GP Surgeries, CCGs, LCSU, LA Offices, Public Premises Commissioned Providers; Partner Organisations e.g. LCC,LCSU, PHE (E) NHS (E) AT, other CCGs; 3 rd Sector Organisations and the Public Personal Office Working Remote working (using remote IT / telephony) Use of Meeting Rooms at Base and other locations Co working with CCG and other Colleagues To Promote and monitor Quality of care across the range of provision. To promote Primary Care Development To identify and challenge quality failings. Page 10 of 37
Occasional Meetings on a wider NW footprint Meetings with Providers Home working To engage with and receive feedback from all stakeholders including the public To maintain and promote safe health care and; Assure the Governing Body that good Governance is in place 5 Safeguarding Designated Nurse x 1 Safeguarding Manager Admin x 2 Designated DR x 1 (P/T) Office Base at Wesham Regular and emergency / short notice meetings with partner organisations either at base or at partner locations. Occasional Meetings on a wider NW footprint Commissioned Providers; Partner Organisations e.g. LCC,LCSU, PHE (E) NHS (E) AT, other CCGs; 3rd Sector Organisations and the Public Personal Office Working Remote working (using remote IT / telephony) Use of Meeting Rooms at Base and other locations Co working with CCG and other Colleagues Ensure that the CCG delivers its statutory responsibilities to ensure that Children, young people and adults are safeguarded through effective commissioning and monitoring arrangements *Note safeguarding team are shared with LN CCG and can work from either base. Meetings with Providers Home working Page 11 of 37
4.5.2 Analysis of Dependencies Dependencies are the important services that you rely upon to discharge day-to-day business tasks (ISO 22301:2012). The Maximum Tolerable Period of Disruption is the duration after which an organization s viability will be irrevocably threatened if product and service delivery cannot be resumed (ISO 22301:2012). Business function NO.1 COMMISSIONING, CONTRACTING AND PROCUREMENT DEPARTMENT OVERALL CONSEQUENCES OF NOT PROVIDING THE FUNCTION INTERNAL EXTERNAL LAL IMPLICATIONS DEPENDANTS DEPENDANTS FINANCIAL IMPLICATIONS MAXIMUM TOLERABLE PERIOD OF DISRUPTION MINIMUM LEVEL OF ACTIVITY All departments Governing Body Membership Council Area Team LCSU Commissioned Providers GP practices Public Sector partners MONITOR Failure to meet national and local legislation and guidance Suspension of authorisation to operate as a CCG Non- effective Service Potential Litigation cost Fines to CCG for not meeting targets / breaching trajectories One week Contract monitoring of existing contracts Maintain leadership responsibility associated with NHS E Winter resilience planning process Page 12 of 37
Business function No.2 FINANCE AND INFORMATION MANAGEMENT OVERALL CONSEQUENCES OF NOT PROVIDING THE FUNCTION INTERNAL EXTERNAL LAL IMPLICATIONS DEPENDANTS DEPENDANTS FINANCIAL IMPLICATIONS MAXIMUM TOLERABLE PERIOD OF DISRUPTION MINIMUM LEVEL OF ACTIVITY All departments Governing Body Membership Council Area Team LCSU Commissioned Providers GP practices Public Sector partners MONITOR Failure to achieve financial targets and information governance requirements Failure to meet national and local legislation and guidance Suspension of authorisation to operate as a CCG With holding of funds and additional monies due to CCG failure to meet targets Providers not being paid in timely manner resulting in liquidity issues Financial penalty being incurred from providers and suppliers 1 day (if affected day was prior to scheduled payment run then morning only) 1.Provide assurance to Gov Body / membership on financial management matters 2. Be responsive to financial / information incidents and occurrences 3. Review and prioritise financial issues 4. Maintain financial communications with Area Team 5. Review and prioritise Information governance issues 6. Assist Category One Providers (LAT) as Directed Page 13 of 37
Business function No.3 CORPORATE SECRETARIAT OVERALL CONSEQUENCES OF NOT PROVIDING THE FUNCTION INTERNAL EXTERNAL LAL IMPLICATIONS DEPENDANTS DEPENDANTS All Departments Governing Body Membership Council All key stakeholders Patients and the public Failure to meet Corporate Governance requirements. Failure to meet national and local legislation and guidance Suspension of authorisation to operate as a CCG Failure to meet legal requirements around engagement and consultation (which could lead to legal challenge) Failure to meet legal requirements around communication, such as the development of the annual report FINANCIAL IMPLICATIONS Potential legal fees Potential pay-outs due to litigation; Fines to the CCG for failure to meet legislation (ie FOI targets) (There are also significant reputational risks associated with failure to meet legislation) MAXIMUM TOLERABLE PERIOD OF DISRUPTION Maximum five days; however, this will depend on the communications issues encountered during that time and may well be shorter as a communications service may be required to get information out to stakeholders, patients and the public, or that the secretariat may be required to support a business-critical function MINIMUM LEVEL OF ACTIVITY 1. Internal communication, including communication with practice members 2. Communication with the public, as appropriate 3. Support to category one responders 4. Respond to reactive queries, e.g. the media and parliamentary briefing unit 5. Dealing with Freedom of Information requests 6. Responding to MP letters 7. Organising and providing secretarial support to key meetings, e.g. the Governing Body and associated committees Page 14 of 37
Failure to meet legal requirements around equality and diversity (e.g. non-compliance of website to Disability Discrimination Act website standards) Business function No.4 QUALITY AND GOVERNANCE OVERALL CONSEQUENCES OF NOT PROVIDING THE FUNCTION INTERNAL EXTERNAL LAL IMPLICATIONS DEPENDANTS DEPENDANTS FINANCIAL IMPLICATIONS MAXIMUM TOLERABLE PERIOD OF DISRUPTION MINIMUM LEVEL OF ACTIVITY All Departments Governing Body Membership Council NHS (E) Area Team LCSU Commissioned Providers GP Practices Local Gov Partners PH England 3rd Sector Partners e.g. Healthwatch CQC Monitor Failure to meet Corporate Governance requirements. Failure to meet national and local legislation and guidance Suspension of authorisation to operate as a CCG Potential pay-outs due to litigation; Fines to the CCG for breaches of set trajectories (e.g.hcai) 5 working days Quality and Governance Management processes underpin Service monitoring and development some of them are critical (e.g. Post Infection Reviews MRSA) and will affect the Quality Premium 1.Provide assurance to Gov Body/ membership on safety and quality of Commissioned Services 2. Be responsive to incidents and occurrences 3. Review and prioritise incident investigations 4. Support GP Practices 5. Review and prioritise risk assessments 6. Monitor and review risk registers 7. Appraise and receive feedback from key stakeholders including public 8. Assist Category One Providers (LAT) as Directed / able Page 15 of 37
Business function No.5 SAFUARDING OVERALL CONSEQUENCES OF NOT PROVIDING THE FUNCTION INTERNAL EXTERNAL LAL IMPLICATIONS DEPENDANTS DEPENDANTS FINANCIAL IMPLICATIONS MAXIMUM TOLERABLE PERIOD OF DISRUPTION MINIMUM LEVEL OF ACTIVITY All Departments Governing Body Membership Council Patients, Residents of Fylde and Wyre NHS (E) Area Team LCSU Commissioned Providers GP Practices Local Gov Partners PH England 3rd Sector Partners Healthwatch CQC Monitor Failure to meet Statutory responsibilities of CCG re: Safeguarding Children / Adults Potential pay-outs due to litigation; Fines to the CCG for breaches of set trajectories ( HCAI) There is no tolerable period of disruption to Safeguarding responsibilities Ensure that the CCG delivers its statutory responsibilities to ensure that Children, young people and adults are safeguarded through effective commissioning and monitoring arrangements Page 16 of 37
4.5.3 Critical Activities Critical Activities are those activities which have to be performed in order to deliver the key products and services which enable an organisation to meet its most important and time-sensitive objectives (ISO 22301:2012). NUMBER BUSINESS FUNCTIONS CRITICAL ACTIVITIES (IN PRIORITY ORDER) POTENTIAL THREATS (to achieving Critical activities) 1 Commissioning Contracting and Procurement Department 2 Finance & Information Management Winter Planning Contract Monitoring Delivery of Commissioning plan Work on predominant elements of the Commissioning cycle 1. Provide financial advice and management of CCG allocations and finances 2. Support Governing Body and member practices re financial queries and other financial issues 3. Liaise with Area Team and complete any statutory returns required 4. Respond to any information governance requirements 5. Assist Category one Providers (AT) as requested Lack of clinical engagement and leadership from Clinical Leads (GP Members) Staff Sickness Failure of IT & Communication Services (both Intra and or external to the NHS Net) Electricity Failure Denial of Premises e.g. Flood / storm damage or extremes of weather preventing travel Breakdown in Relationships with Partners / Providers Business failure of Strategic Partners (LCSU) Interruption to the business of Providers (Major Incident) Staff sickness Failure of IT and Communication Services internal and SBS links Electricity failure Denial of Premises e.g. storm damage Breakdown in relationship with Providers Business failure of suppliers SBS Interruption to Provider business insolvency, major incident Strike or failure in postal services SBS payment system Page 17 of 37
3 Corporate / Secretariat 1. Ensuring statutory responsibilities around communication and engagement are met, in particular around service development and change 2. Internal communication, including communication with practice members 3. Communication with the public and key stakeholders through a variety of tools, as appropriate 4. Organising and providing secretarial support to key meetings, e.g. the Governing Body and associated committees 5. Dealing with Freedom of Information requests 6. Respond to reactive queries, e.g. the media and parliamentary briefing unit 7. Responding to MP letters 8. Assist category one responders, as directed Quality and Governance 1. Provide Assurance to Gov Body/membership on safety and quality of Commissioned Services 2. Be responsive to incidents and occurrences 3. Review and prioritise incident investigations 4. Support GP Practices 5 Review and prioritise risk assessments 6. Monitor and review risk registers 7. Appraise and receive feedback from key stakeholders including public 8. Assist Category One Providers (LAT) as Directed/able Staff Sickness Failure of IT & Communication Services (both Intra and or external to the NHS Net) Electricity Failure Denial of Premises Flood / storm damage or extremes of weather preventing travel Breakdown in Relationships with Partners / Providers Business failure of Strategic Partners (LCSU) Interruption to the business of Providers e.g. (Major Incident) Staff Sickness Failure of IT & Communication Services (both Intra and or external to the NHS Net) Electricity Failure Denial of Premises Flood / storm damage or extremes of weather preventing travel Breakdown in Relationships with Partners / Providers Business failure of Strategic Partners (LCSU) Interruption to the business of Providers (Major Incident) Page 18 of 37
5 Safeguarding 1. Ensure that the CCG delivers its statutory responsibilities to ensure that Children, young people and adults are safeguarded through effective commissioning and monitoring arrangements Staff Sickness Failure of IT & Communication Services (both Intra and or external to the NHS Net) Electricity Failure Denial of Premises Flood/storm damage or extremes of weather preventing travel Breakdown in Relationships with Partners / Providers Business failure of Strategic Partners (LCSU) Interruption to the business of Providers (Major Incident) Page 19 of 37
4.5.4 DIRECTORATE RECOVERY TIME OBJECTIVES (RTO) Recovery time objectives are the target time set for: Resumption of product or service delivery after an incident; or Resumption of performance of an activity after an incident; or Recovery of an IT system or application after an incident. NOTE: The recovery time objective has to be less than the maximum tolerable period of disruption. (ISO 22301:2012) LEVEL RISK RATING DESCRIPTOR DESCRIPTION 1 Required Restore within 1 month 2 Necessary Restore within 1 week 3 Important Restore within 1 day 4 Essential Restore within 4 hours 5 Vital No interruption acceptable (Restore within 1 hour) Levels 1 2 - Departments day to day planning will address these issues Levels 3-5 - The critical functions addressed in this plan and must be restored within 1 day Page 20 of 37
4.5.5 FYLDE AND WYRE CCG BUSINESS CONTINUITY RISK ASSESSMENTS Refer to CCG Risk Assessments for the below cause of disruption. The table below is an overview of the directorates risk assessments and Business Impact Analysis (BIA) BUSINESS CONTINUITY PLANS CAUSE OF DISRUPTION (REFER TO RISK ASSESSMENTS) RELATED RISK ASSESSMENT SCORES IMPACT ON BUSINESS FUNCTIONS RTO LEVEL RISK RATING DESCRIPTOR SCENARIO 1 Loss Of Technology (IT/Communications) Risk Assessment R7 2 to 6 1, 3, 4, 2,5 2 4 Restore within 1 week Restore within 4 hours SCENARIO 2 Denial Of Premises (Fire/Flood) Risk Assessment R4 3 to 5 1, 2, 3, 4, 5 2 Restore within 1 week SCENARIO 3 Staff Shortages (Flu Pandemic) Risk Assessment R12-2 1, 3, 4, 2,5 2 3 Restore within 1 week Restore within 1 day SCENARIO 4 SCENARIO 5 Utility Failure (Electricity/Gas/Water) Key Suppliers/Partners Failure Eg: U Safeguard System Risk Assessment R8-3 1, 2, 3, 4, 5 2 Restore within 1 week R.13 1, 2, 3, 4, 5 2 Restore within 1 week Page 21 of 37
4.6 Fylde & Wyre CCG Continuity & Prioritised Recovery Plan This recovery plan relates to the Business Impact Analysis for F&W CCG (4.5 above) DENIAL OF PREMISES FIRE / FLOOD/ UTILITY FAILURE (GAS ELECTRICITY WATER) Function Recovery Time Objective Activity / Tasks Management Dependencies IT Requirement Critical Dependencies Remarks Commissioning Contracting and Performance 2 (within one week) 1. Move to other designated area within Wesham if available / as directed 2. Home based working using laptop / Mobile 3. Re-arrange meetings (via admin support) at alternative locations i.e. provider premises, Stadium, Jubilee house Daily telephone contact with functional lead (tele-conference) Mobile Laptop (and token) Ipad All staff to ensure Laptops & Mobiles are carried out in structured evacuation Finance and Information Management 2 1. Move to other designated area within Wesham if available / as directed 2. Home based working using laptop / Mobile 3. Re-locate designated Finance Rep to temporary admin hub at Stadium (BCCG) Daily telephone contact with functional lead (tele-conference) Mobile Laptop (and token) Ipad Ledger System Temp CCG hub at BCCG All staff to ensure Laptops & Mobiles are carried out in structured evacuation Corporate Secretariat 2 1. Move to other designated area within Wesham if available / as directed - or move to Stadium or Jubilee House as alternative base 2. Establish temporary Admin Hub 3. Communicate location and contact details to all CCG Staff by Telephone / Email Maintain daily contact with Executive Lead IT access at decant locations Exec / functional leads Establishment of Hub at alternative location will be on direction of lead executive (depends on potential length of outage) Page 22 of 37
(including GP Practices, Clinical Leads and Lay members) 4. Maintain contacts / normal admin support services for all CCG staff 5. Ensure Admin hub is staffed 9-5 daily Provide daily Situational Updates for all staff by Email Mileage / Car Parking Costs will apply Quality and Governance 2 1. Move to other designated area within Wesham if available / as directed 2. Home based working using laptop / Mobile 3. Re-arrange meetings (via admin support) at alternative locations i.e. provider premises, Stadium, Jubilee house Daily telephone contact with functional lead (tele-conference) Mobile Laptop (and token) Ipad Datix / Insight (Web Based) All staff to ensure Laptops & Mobiles are carried out in structured evacuation Safeguarding 2 1. Move to other designated area within Wesham if available / as directed 2. Home based working using laptop / Mobile 3. Use existing North Lancs CCG Office facility 4. Re-arrange meetings (via admin support) at alternative locations i.e. provider premises, Stadium, Jubilee house, Moor Lane Mills Maintain daily contact with Chief Nurse Mobile Laptop (and token) Ipad Must be secure office / storage for documentation All staff to ensure Laptops & Mobiles are carried out in structured evacuation Page 23 of 37
LOSS OF TECHNOLOGY (IT / TELEPHONY) Function Recovery Time Objective Activity / Tasks Management Dependencies IT Requirement Critical Dependencies Remarks Commissioning Contracting and Performance 2 Restore within 1 week 1. Maintain paper records (transcribe once system restored) 2. Use laptops in Off-line mode if possible 3. Move to paper diaries 4. Use Mobile phones for communications 5. Keep admin staff aware of movements / appointments / meetings Mobile Laptop (and token) Ipad Keep functional leads aware of daily movements Ensure colleagues work numbers are stored in work mobiles Ensure adherence to Information Governance standards at all times. Finance and Information Management 4 Restore within 4 hours 1. Maintain paper records (transcribe once system restored) 2. Use laptops in Off-line mode if possible 3. Move to paper diaries 4. Use Mobile phones for communications 5. Keep admin staff aware of movements / appointments / meetings Mobile Laptop (and token) Ipad Shared Business Services SBS CSU Partners As above Corporate Secretariat 2 Restore within 1 week 1. Maintain paper records (transcribe once system restored) 2. Maintain paper diaries 3. Maintain close links with execs where Diaries are managed 4. Ensure IT access at decant locations Ensure Partners and provider organisations are made aware of Technology failure As above Page 24 of 37
Quality and Governance 2 Restore within 1 week 1. Maintain paper records (transcribe once system restored) 2. Use laptops in Off-line mode if possible 3. Move to paper diaries 4. Use Mobile phones for communications 5. Keep admin staff aware of movements / appointments / meetings Mobile Laptop (and token) Ipad Datix / Insight (Web Based) As above Safeguarding 4 Restore within 4 hours 1. Maintain paper records (transcribe once system restored) 2. Use laptops in Off-line mode if possible 3. Move to paper diaries 4. Use Mobile phones for communications 5. Keep admin staff aware of movements / appointments / meetings Mobile Laptop (and token) Ipad As above Page 25 of 37
STAFF SHORTAGES (PANDEMIC) Function Recovery Time Objective Activity / Tasks Management Dependencies IT Requirement Critical Dependencies Remarks Commissioning Contracting and Performance 2 1. Chief Operating Officer / most Senior Commissioner available to Prioritise work activities in conjunction with EMT Crisis Response Team / EMT Mobile Laptop (and token) Ipad Area Team CSU Provider Organisations Co-operation / assistance from CCG staff may be required on a wider footprint as a CATORY 2 Responder Finance and Information Management 4 1. Functional leads ensure staff are cross trained in critical reporting / payment systems and that access codes / passwords are held cross trained personnel 2. Chief Financial Officer / most senior finance manager available to prioritise work activities in conjunction with EMT Crisis Response Team / EMT Mobile Laptop (and token) Ipad Area team Provider Organisations Shared Business Services SBS Co-operation / assistance from CCG staff may be required on a wider footprint as a CATORY 2 Responder Corporate Secretariat 4 1. Executives / functional Leads (EMT) to prioritise work activities in conjunction with most senior administrator 2. Ensure Media Response capabilities are maintained 3. Ensure all staff are kept informed of issues via coordination of a daily email bulletin (including GP Practices, Membership, Lay Members, Area Team) 4. Complete returns / sitreps as required from Area Team Crisis Response Team / EMT IT access at decant locations Liaison with EMT / Crisis Management Team HR function at S&L CSU Co-operation / assistance from CCG staff may be required on a wider footprint as a CATORY 2 Responder Page 26 of 37
Quality and Governance 1. Chief Nurse / most senior available Governance Manager to prioritise work activities in Conjunction with EMT Crisis Response Team / EMT Mobile Laptop (and token) Ipad Datix / Insight (Web Based) Internal Dependants Commissioning / Contracting / Safeguarding / Secretariat Co-operation / assistance from CCG staff may be required on a wider footprint as a CATORY 2 Responder Safeguarding 4 1. Chief Nurse F&WCCG and Nurse Lead LNCCG will support Head of Safeguarding to prioritise deployment of staff / workload. 2. Work collaboratively within Lancashire Safeguarding Network to secure and provide cross cover Crisis Response Team / EMT LNCCG Mobile Laptop (and token) Ipad LN CCG (Shared Asset) Critical Function should be ring fenced from CATORY 2 response Page 27 of 37
5.0 Framework for Fulfilling Duties Related to Emergency Preparedness Resilience and Response (EPRR) Planning and Prevention 5.1 NHS Fylde & Wyre CCG is responsible for ensuring that provider contracts contain sufficient depth and detail in regard to EPRR. In addition, NHS Fylde & Wyre CCG is expected to ensure delivery of these outcomes through contribution to an annual EPRR assurance process facilitated by the NHS England Local Area Team. The NHS Standard Contract includes the appropriate EPRR provision and this contractual framework will be used wherever appropriate by NHS Fylde & Wyre CCG when commissioning services. Contract monitoring and review will encompass the review of EPRR and there may be occasions where the LHRP uses the CCG as a route of escalation where providers are not meeting expected standards this will be managed via the established contract monitoring process. 5.2 NHS Fylde & Wyre CCG will enable and facilitate in-house training and exercising programmes, engaging where appropriate and in collaboration with the NHS England Local Area Team and LHRP. 5.3 NHS Fylde & Wyre CCG will take part in the Local Health Resilience Partnership and in particular will: Escalation Co-operate and share relevant information with category one responders. Corporately support the NHS England Area Team in discharging its EPRR functions and duties locally, ensuring representation on the LHRP and engaging in health economy planning groups. 5.4 The CCG has an EPRR Policy and Business Continuity Management Plan that have been developed in order to respond to internal emergencies and support Category One Responders as required (see section 4.3.2) Page 28 of 37
6.0 Responsibilities 6.1 The Accountable Emergency Officer The Accountable Emergency Officer is responsible for the strategic implementation of Emergency Planning resilience and response (EPRR) in accordance with the aims as detailed within section 3 of this procedure. The role of Accountable Emergency Officer is required under the H&SC Act 2012. The Accountable Emergency Officer will also represent the CCG on the Lancashire Local Health Resilience Partnership (LHRP), or alternatively appoint an appropriate representative. The Accountable Emergency Officer is responsible for all aspects of operational implementation of the aims contained within section 3 of this policy and will report to the Governing Body on progress. The role of Accountable Emergency Officer within NHS Fylde & Wyre CCG being part of the Chief Operating Officers remit. Responsibilities include: Seeking assurance, through contractual arrangements, that the plans of commissioned services from Acute Trusts, Community Providers and Ambulance Services, are robust and in line with their relevant responder category Attending the Lancashire Local Health Resilience Partnership (LHRP) Through the Lancashire LHRP ensure that CCG plans are linked to those of NHS England s Area Team Lancashire and are, where appropriate, linked to those plans within Local Authorities 6.2 The Emergency Preparedness Officer The Emergency Preparedness Officer is responsible to the Accountable Emergency Officer for ensuring that NHS Fylde & Wyre CCG meets its statutory duties and complies with all EPRR guidance by: Developing and continuously monitoring the emergency plans Ensuring that staff are appropriately trained and have the necessary skills to respond to an incident notification Providing regular updates and annual reports to the CCG Accountable Emergency Officer on work undertaken Lead the resilience elements of the CCG Risk Register. Page 29 of 37
7.0 Hazard Analysis and Risk Assessment 7.1 A hazard analysis & risk assessment will be undertaken by the emergency preparedness officer and will include detailed assessments of all potential incidences that may occur. 7.2 The assessments will be monitored through the CCGs Risk Register review process and will relate to both internal and external potential threats. Risk assessments will be regularly reviewed, at least annually, or when such an incident dictates the need to do so earlier. Any external risk may be required to be entered onto the Local Resilience Forum Community Risk Register if it is felt to pose a significant risk to the population. This action will be coordinated through the NHS Lancashire Area Team. 8.0 Resource Allocation 8.1 Under the requirements of the CCA the CCG is required to support the Area Team by responding to reasonable requests to assist and cooperate should any emergency require wider NHS resource to be mobilised. To this end it is unlikely that the CCG would be able to provide any staff resource from a capacity point of view, however the CCG could work with local health providers and NHS Staffordshire and Lancashire CSU to identify staff support for the Area Teams response. The CCG will also work with providers to ensure that arrangements are in place to support mutual aid. 8.2 From a financial perspective NHS Fylde & Wyre CCG have contingency arrangements to cover increased activity within the local acute provider due to a major incident. This financial resource would not be provided indefinitely and, should this exceed budgeted allocations, discussions would need to take place to contain costs within defined budgets. This is a part of the standard process agreed for managing increased activity. 8.3 For a limited period Home Working may be approved by the Accountable Emergency officer and reviewed daily by each functional lead, reporting back to the Emergency Accountable Officer in such circumstances adherence to the CCG Information Governance policies will be required. In regard to CCG office based resource issues there is a reciprocal agreement with the Staffordshire &Lancashire Commissioning Support Unit that, in the event of a major incident affecting either work place, then hot desking is agreed at each other s base. Should there be an issue in terms of staffing numbers then the CCG could call on the S&LCSU to provide additional support along with undertaking a review of priority work areas and redistributing available staff. 9.0 Development of Plans 9.1 This plan enables NHS Fylde & Wyre CCG to respond to the identified risks contained within the risk register. 9.2 Multi agency plans will be developed through the Local Health Resilience Partnership. NHS Fylde & Wyre CCG will work in partnership with the Local Health Resilience Partnership and Lancashire Area Team (NHS England)to ensure its actions and responsibilities detailed within multi agency plans and clearly understood. Page 30 of 37
9.3 Plans requested in accordance with contracts, service specifications and threat specific agreements (including provider business/service continuity plans) will be monitored through the usual contract monitoring arrangements. 9.4 Assurance in respect of emergency planning will be provided annually to the CCG Governing Body annually by testing, reviewing and revising the EPRR policy, Business continuity plans and underpinning risk assessments. 10.0 Training 10.1 F&W CCG will ensure that staff are made aware of the Emergency and Business Continuity Plans during the annual policy review This will include: Induction Training for all staff Update Training for the Accountable Emergency officer and Emergency Preparedness officer to cover NHS England core competencies On Call Training for On-Call Managers only 10.2 Training needs will be identified through the risk assessment process and coordinated by the Emergency Preparedness Officer. 11.0 Testing, Monitoring and Communication of Plans 11.1 NHS Fylde & Wyre CCG EPRR Policy and Business Continuity Plans will be tested and reviewed annually, led by the Emergency Preparedness Officer. 11.2 CCG Exercises will be held on an annual basis. The CCG will participate in Fylde Coast and pan Lancashire EPRR exercises as directed. 11.3 Live incidents which require the plans to be evoked, have a debrief process and lead to review/improvements of the plans will be considered as the annual test where applicable. 11.4 Communicating within the CCG, local health partners and the wider public on our processes and procedures in terms of EPRR is of significant importance. To this end this document, and those documents underpinning it, will be placed on the CCGs website and shared with the emergency planning leads of local and regional organisations. In addition staff will be briefed on arrangements via a local team brief. 12.0 Review 12.1 This policy shall be reviewed bi-annual or as and when incidents or national guidance deem it to no longer be fit for purpose. Page 31 of 37
13.0 References and Underpinning Materials The Civil Contingencies Act 2004; The Health and Social Care Act 2012; NHS Commissioning Board planning framework ( Everyone Counts: Planning for Patients ); NHS standard contract; NHS Commissioning Board EPRR documents and supporting materials NHS Commissioning Board Business Continuity Management Framework (service resilience) (2013); NHS Commissioning Board Command and Control Framework for the NHS during significant incidents and emergencies (2013); NHS Commissioning Board Model Incident Response Plan (national, regional and area team); NHS Commissioning Board Core Standards for Emergency Preparedness, Resilience and Response (EPRR) ; National Occupational Standards (NOS) for Civil Contingencies Skills for Justice; BSI PAS 2015 Framework for Health Services Resilience ; ISO 22301 Societal Security - Business Continuity Management Systems Requirements. ISO 22313 Societal Security Business continuity management systems Guidance. The Business Continuity Institute Good Practice Guidelines 2013 Global Edition Freedom of Information Act 2000 Competencies for NHS Commissioning Board co-chairs of Local health resilience partnership (LHRPs) Competencies for Director of Public Health (DPH) co-chairs of LHRPs Cabinet Office National Recovery Guidance Page 32 of 37
APPENDIX 1 (Page 1 of 2) ACTION CARD Accountable to FYLDE & WYRE CLINICAL COMMISSIONING GROUP - ON CALL STAFF Category 2 Responder NHS England (Lancashire) Incident Manager (1 st on-call) NHS Strategic Commander (Area Team Director) Purpose: As a Category 2 Responder F&W CCG has a responsibility to co-operate with the Lancashire Area team (NHS England) by responding to reasonable requests should any emergency require wider NHS resources to be mobilised. Examples may include: j) Co-ordination of healthcare support resources to provide direct support when a Rest Centre has been established k) Co-ordination or notification of healthcare support resources in an outbreak situation ensuring vaccination programmes are undertaken l) Notifying GP Out of Hours providers of any service problem with the 111 service m) Co-ordination and liaison with local partners with regard to urgent care issues such as winter bed crises. n) Management of local incidents on behalf of the NHS England Area Team in circumstances where multiple incidents are occurring simultaneously across Lancashire o) Other Business continuity issues such as widespread IT failure affecting many GP practices p) Other issues affecting CCGs own business continuity such as fuel disruption, pandemic flu or a large scale disaster CCG on Call Manager is responsible for: Managing local system pressure and support the area team s response to an emergency or incident WHEN MADE AWARE OF SIGNIFICANT EMERGENCY OR INCIDENT THE ON-CALL MANAGER MUST: Number Action Time Completed 1. Establish contact with the NHS England (Lancashire) Incident Manager 2. Inform the NHS England (Lancashire) Incident Manager (1 st on call) if you are actively managing pressure having been escalated from a provider 3. Notify F&W CCG Chief Operating Officer of the situation / Notify BCCG Chief Operating Officer of the situation 4. Implement business continuity arrangements for F&W CCG if indicated and agreed with COO 5. Respond to requests form the NHS England (Lancashire) Incident Manger to support the wider response (see below) Page 33 of 37
APPENDIX 1 (Page 2 of 2) To support a wider response, the NHS England (Lancashire) Incident Manager may request CCG on call staff to: Establish and maintain contact with local commissioned services (include NHS, private and voluntary sector organisations) Attend local Silver (Tactical level) groups (held by Police or Local Authorities) Attend their own Incident Co-ordination Centre to provide hands on support as part of the Incident Management Team if required. Identify local issues or considerations to be included in the initial risk assessment or threat and risk decision making model template Obtain the local information required to complete the required SITREPS (situation reports) Instruct local services to deliver the plans agreed by the Incident Director in Command of the NHS (for example: suspend elective work, implement business continuity plans, extend operating hours, increase services, deploy staff, enact mutual aid) Engage with Community Services Providers, Out of Hours and Social Services to activate any support / notify them of any service problem with NHS 111 Direct CCG staff in support of the incident response (for example: identify staff who may be able to support administration roles) Provide a liaison for local authorities to the Incident Management Team Provide direction or advice to local communications support (for example: in house or CSU commissioned) Page 34 of 37
APPENDIX 2 Process Plan for Activation/Response to an incident or threat to business continuity Crisis Occurs (Emergency plan may already be in action) Consider if crisis is able to be contained within usual resources Yes No No further action at this stage Discuss with COO or CFO and agree that business continuity plan should be activated Set up crisis response team Notify staff and any service or other organisation/stakeholder that may be affected Progress and any further developments to be assessed daily as a minimum. It may need to be more frequent. Initiate business continuity plan Page 35 of 37
APPENDIX 3 Crisis Response Team Notes Reason for Invoking Plan: Date: Time: Brief Summary of Situation: Department/s Affected: Other Organisations Involved / Alerted: Name of note taker: Date: Page 36 of 37
APPENDIX 4 ACTIONS REQUIRED LOG Immediate: Within 8 Working Hours: Within 1 Working Day: Within 3 Days: Within 1 Week: Situation to be reviewed every..hrs /.days Name of note taker: Date: Page 37 of 37