1) Civil disasters:
Riots, demonstrations, strikes.

Analysis (low risk)
Given the location and nature of the communities and region within which Hillcrest operates, the potential for this type of disaster is seen as extremely low.
Discussion
NA

Communicable disease epidemics.

Analysis (low risk)
Given the stringency of state regulations and Hillcrest policies and practices pertaining to student immunizations and routine health care, as well as to policies and practices pertaining to staff health status and care, and the infection control monitoring done at each Hillcrest program, the potential for this type of disaster to affect Hillcrest is seen as extremely low.

Discussion
NA
(Please also refer to the Hillcrest Infection Control Manual and Hillcrest Policies and
Procedures.
Please also refer to the HEC Plan For Managing Widespread Infection Or Contagion and the HEC Pandemic Management Plan.)

1) Meteorological, Topological and Underground disasters:
Hurricanes and tornadoes, hailstorms, ice storms and snowstorms, droughts, floods, earthquakes.

Analysis (low risk)
For the most part, the potential impact of meteorological, topological and underground disasters is assessed to be low.
Hurricanes, tornadoes, droughts, floods and earthquakes are historically and statistically relatively rare in western Massachusetts, and particularly in the local areas in which Hillcrest campuses are located. For example, the MA Emergency Management Agency states-that moderate to major earthquake activity occurs in Mass. only about every 50 – 70 years, with more serious earthquake activity occurring only every 200 – 300 years. Hurricanes in the region tend to affect western MA. through heavy rains, rather than destructive winds.

Of these types of natural disasters, then, those which have the highest potential for affecting Hillcrest are winter weather related events such as ice storms and snowstorms, and these tend to be most significant for Hillcrest when they affect the electric power supply and the ability of staff to travel to/from the work site.

Discussion
a) Loss of electric power is relatively rare (0 – 3 times/year) and, most commonly, for very short periods of time (less than one hour) when it occurs. These losses are managed using emergency power generators at each Hillcrest residential campus. The generators are positioned to insure safety, the maintenance of relative comfort for students, and adequacy of food storage.

In the event of loss of power at the day program, students can be transported back to their residences.

b) Staff travel — Thanks to the effectiveness of the local municipalities in performing snow removal and road maintenance activities during winter months, staff travel is rarely affected. When and if staff travel is affected for short periods (e.g., half a day), agency staff with four wheel drive vehicles can, have and will assist with staff transport to/from work sites, as possible.

Staff who are unable to travel home after work could be temporarily housed on campus, as necessary, separate and apart from students.

In the event of severely inclement weather, the day program would be cancelled, as it is when local public schools are cancelled due to weather.

The Hazard Vulnerability Analysis should be viewed within the specific context provided by Hillcrest Educational Centers, including the following elements and dimensions:
• Hillcrest primarily provides residential treatment for children and adolescents. Hillcrest also provides day therapeutic education. Students in both types of programs are physically healthy and do not suffer from any major medical problems or physical disabilities. They are capable of self-preservation.
• Hillcrest provides very intensive staffing and supervisor ratios, including awake overnight staffing, at every residential campus.
• Staff are regularly trained in emergency procedures and fire/evacuation drills are regularly conducted.
• Hillcrest campuses are equipped with required fire and smoke detection systems, all Hillcrest buildings are equipped with fire extinguishers, and all HEC dormitories are equipped with sprinkler systems.  Each Hillcrest residential campus is equipped with emergency power generators.
• Hillcrest’s Maintenance Department regularly conducts campus safety inspections and major systems maintenance.
• Hillcrest maintains and utilizes snow removal and sanding/salting vehicles/equipment for use on campuses.

Based upon the geographic location of Hillcrest Educational Centers, state and national agency data, experience and history, it has been determined that the potential hazards most likely to have impact on general agency operations and on the safety, care and treatment of Hillcrest students and on the safety of staff include the following:

I Purpose
The Hazard Vulnerability and Local Resource Analysis is conducted as part of a larger, ongoing effort associated with Emergency Preparedness and Management, in order to:
• insure a safe and supportive environment of care for Hillcrest students and staff.
• to insure the efficient and effective provision of student care and treatment.
• do so in a manner compliant with regulations promulgated by the Mass. Dept. of Early Education and Care (DEEC), Mass. Department of Elementary and Secondary Education (DESE), standards established by the Joint Commission (JC), and all other applicable laws, regulations and standards.

II Objective
The Hazard Vulnerability and Local Resource Analysis is conducted in order to:
• identify reasonably likely potential hazards and disasters.
• identify potential direct and indirect effects these may have on Hillcrest operations.
• identify internal and/or local resources that can be utilized to mitigate and/or respond to emergencies and/or disasters.

Any employee who violates this Program and Policy, or any security policies or procedures adopted in accordance with this Program and Policy, will be subject to disciplinary action, which may include termination of employment.

All employees are required to report to their supervisor or the Program Coordinator any material risk to or breach of the security of Personal Information maintained by the Company. Any supervisor receiving such a report must promptly inform the Program Coordinator.
The Program Coordinator will:
• undertake any action necessary to respond to the risk or breach;
• conduct a post-incident review of the events and all actions taken, if any, to make changes in business practices relating to protection of personal information; and
• document any such post-incident review and all responsive actions taken in connection with any incident involving a breach of security.

The Program Coordinator will conduct regular monitoring to ensure that the Company’s Personal Information security program is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of Personal Information and will upgrade and upgrading information safeguards as necessary to limit risks. The Program Coordinator also will update this Program and Policy periodically to reflect any changes with respect to the risks of Identity Theft.

The Program Coordinator will establish and maintain a security system covering the Company’s computers, including any wireless system, which at a minimum will have the following elements:

(1) Secure user authentication protocols including:
• control of user IDs and other identifiers;
• a reasonably secure method of assigning and selecting passwords, or use of unique identifier technologies, such as biometrics or token devices;
• control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect;
• restricting access to active users and active user accounts only; and
• blocking access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system
(2) Secure access control measures that:
• restrict access to records and files containing Personal Information to those who need such information to perform their job duties; and
• assign unique identifications plus passwords, which are not vendor supplied default passwords, to each person with computer access, that are reasonably designed to maintain the integrity of the security of the access controls
(3) To the extent technically feasible, encryption of all transmitted records and files containing Personal Information that will travel across public networks, and encryption of all data to be transmitted wirelessly.
(4) Reasonable monitoring of systems for unauthorized use of or access to personal information.
(5) Encryption of all Personal Information stored on laptops or other portable devices.
(6) For files containing Personal Information on a system that is connected to the Internet, reasonably up-to-date firewall protection and operating system security patches, which are reasonably designed to maintain the integrity of the personal information.
(7) Reasonably up-to-date versions of system security agent software, which must include malware protection and reasonably up-to-date patches and virus definitions, or a version of such software which can be supported with up-to-date patches and virus definitions and which is set to receive the most current security updates on a regular basis.
(8) Education and training of employees on the proper use of the computer security system and the importance of Personal Information security.

Paper documents containing Personal Information shall be redacted, burned, pulverized or shredded so that personal data cannot practicably be read or reconstructed.
Electronic media and other non-paper media containing Personal Information shall be destroyed or erased so that Personal Information cannot practicably be read or reconstructed.