Adopting NFPA 99

NFPA 99-2015 establishes criteria for levels of health care services or systems based on risk to patients, staff, or visitors in health care facilities to minimize the hazards of fire, explosion, and electricity. Here’s what’s in the current code and what engineers need to know once their authorities having jurisdiction enforce this version.

By Michael A. Crowley, PE, FSFPE, Jensen Hughes, Houston June 15, 2015

The 2015 edition of NFPA 99: Health Care Facilities Code is available for adoption by authorities having jurisdiction (AHJ) as well as by building department, state hospital licensing groups, the Dept. of Veterans Affairs, and other government entities. There have been minor technical changes to the update of the 2015 edition, which is a refinement of the 2012 edition that introduced risk-based codes.

The 2012 edition of this code was a major rewrite and change in approach. The editions prior to 2012 were based on building occupancy classification as evaluated using NFPA 101: Life Safety Code. Typical examples of occupancies were health care, ambulatory care, and business.

NFPA 99-2015 edition is a refinement of the 2012 edition. The concept and application of the risk-based NFPA 99 is the direction of the code. Risk-based codes shift more responsibility to the designers than in a prescriptive code. Collaboration between owners, users, designers, and the AHJ is important to the proper use of a risk-based code. The appeal of the risk-based code is custom applications of design criteria to the project. There is potential for cost savings and ongoing savings in operations.

NFPA 99 was updated in 2012 to address the trends in health care delivery. Procedures, care, and treatment of patients have evolved over the years. The building or facility and services provided also have changed. While the occupancy of the building provided a general risk evaluation for patients, many procedures, care, and treatments moved to buildings and areas with fewer than four persons being rendered incapable of self-preservation. Complicated and potentially high-risk procedures, care, or treatments are being performed on one patient at a time in facilities with systems that may not be able to respond the same as a higher risk facility, such as an ambulatory care center or acute care hospital.

In the major rewrite of the 2012 edition of NFPA 99, the occupancy designations were replaced with risk categories. Risk categories are based on the risk of the procedure, care, or treatment provided to the patient regardless of the building occupancy in which it occurs. This was a major shift in the application of this code. The technical changes were minor; however, the application by risk to patient can increase the level of systems required to protect the patient.

NFPA 99 is now a risk-based code. It requires the owner and design team to perform a risk assessment for the procedures, care, or treatments that will occur in areas of the building. From this risk assessment a risk category is designated. Chapter 4 lists the four risk categories. In chapters 5 through 13, the risk category is used to determine the activities, systems, or equipment requirements. Some chapters have not developed requirements for all of the risk categories.

Defining the risk category

Risk categories are:

  • Category 1: Activities, systems, or equipment whose failure is likely to cause major injury or death of patients, staff, or visitors shall be designed to meet Category 1 requirements as detailed in the code.
  • Category 2: Activities, systems, or equipment whose failure is likely to cause minor injury of patients, staff, or visitors shall be designed to meet Category 2 requirements as detailed in the code.
  • Category 3: Activities, systems, or equipment whose failure is not likely to cause injury to patients, staff, or visitors, but can cause discomfort, shall be designed to meet Category 3 requirements as detailed in the code.
  • Category 4: Activities, systems, or equipment whose failure would have no impact on patient care shall be designed to meet Category 4 requirements as detailed in the code.

The code gives some guidance to determine what is considered major injury. Section A 4.1.1 lists items that the technical committee considered major injuries. Some examples include loss of an eye, chemical burns, and hypothermia.

Chapter 5 on medical gas and vacuum systems is an example of the change to a risk-based approach. The chapter identifies three risk categories specific to these systems. Risk-category-1 medical gas and vacuum systems provide reliability and robustness to minimize the failure rate or failure mode. Category-1 systems are selected if failure of the system results in loss of life or major injury. This requires the owner, users, and design team to evaluate the risk based on the activity, procedure, or treatment of the patient. There are tools available and referenced in the annex material of the code (Section A 4.2) to assist in properly assessing risk. Figure A 4.2 is a simple sample risk evaluation. The code does not require detailed risk assessments. However, the code does require a risk assessment be performed. New to the 2015 edition, the risk assessment is not required to be documented if the risk is Category 1.

Major changes

Changes to NFPA 99 may impact a fire protection engineer’s design approach. These are:

  • Wet procedure location options are available
  • Ventilation of anesthetizing locations was removed
  • Information technology (IT) and communication systems, a new topic, was introduced in NFPA 99-2012
  • Emergency management criteria were expanded in the 2012 edition
  • Fire protection criteria were added in the 2012 edition.

Wet procedure locations: The code defined previously all operating rooms as wet procedure locations, which had set the criteria for special protection against electric shock in the wet procedure locations. Section 6.3.2.2.8.4 allows the owner/designer to perform a risk analysis to determine if the operating room can be used without being considered a wet location. Procedures and equipment can be used in the operating rooms to reduce the risk of the operating room being a wet procedure location. This documentation must be accepted by the health care governing body. Owners and designers may have an option to omit special protection against electric shock if they can demonstrate a risk mitigation plan to address the wet procedure location issues.

Ventilation of anesthetizing locations: In NFPA 99 editions prior to 2012, there was a requirement to prevent the circulation of smoke in the anesthetizing locations and prevent the introduction of smoke into the anesthetizing location in case of fire. This was not a smoke control system per NFPA 92: Standard for Smoke Control Systems; however, it did limit smoke movement in the anesthetizing locations. The technical committee removed these requirements.

While NFPA 99 is clear that the requirement is no longer needed, the proposed rules by the Centers for Medicare and Medicaid Services (CMS) for the adoption of NFPA 101 has added the old NFPA 99-1999 edition requirement back to the rules. CMS did not provide technical justification for requiring these controls on anesthetizing locations. The proposed CMS rule changes are available online.

Owners and designers will need to monitor the adoption process. Ventilation may be required when CMS updates to NFPA 101-2012, if the proposed rule change is adopted.

IT and communication systems: IT is becoming more critical to the health care environment. Requirements for protecting IT are outlined in Chapter 7. This was new to the previous edition of the code and has not been in wide use in the United States. There are no technical changes from the previous edition. In addition to IT, there are criteria for telecommunications and nurse call systems. The criteria are based on previously established industry standards and are considered a “gathering place” for the requirements. This chapter also is set up for possible future reserved requirements on items ranging from Internet protocol security cameras to patient tracking systems.

The future will determine if criteria for the reserved topics are needed; 2012 has not yet been put into practice in many jurisdictions, so only time will tell what other changes must be made to the code.

Emergency management: This topic is an exception to the four risk categories. Table 12.3 addresses the emergency management categories.

  • Emergency management category 1: Those inpatient facilities that remain operable to provide advanced life support services to injured responders and disaster victims. These facilities manage the existing inpatient load as well as plan for the influx of additional patients as a result of an emergency.
  • Emergency management category 2: Those inpatient or outpatient facilities that augment the critical mission. These facilities manage the existing inpatient or outpatient loads; however, they do not plan to receive additional patients as a result of an emergency or do not plan to remain operable should essential utilities or services be lost.

Emergency management requirements for both categories require a hazard vulnerability analysis (HVA). The HVA should include natural events, human-caused events, and technological events. The owner or designer should analyze the effort needed for continuing operations, patient care, procedures, and staffing based on these three types of events. These requirements are more robust than editions prior to NFPA 99-2012. CMS and The Joint Commission criteria were the basis for the revisions. The NFPA 99-2012 and 2015 editions attempt to bring the criteria into a single document.

Fire protection: In the 2012 edition, chapter 15, features of fire protection were added. The intent of this chapter was to gather the unique fire protection features in health care occupancies.

Requirements in chapter 15 reference other NFPA codes and standards for fire protection. This chapter is not part of the risk categories for a building. The requirements and references apply to all health care facilities. Major items addressed include flammable liquids and gases material handling, laboratories, utilities, waste and linen chutes, fire detection, alarm and emergency communications, automatic sprinklers, manual extinguisher equipment, compact shelving, maintenance, and testing of fire protection systems and loss prevention in the operating rooms.

The “defend in place” concept as described in Section 3.3.32 is unique to the health care occupancy. Defend in place is the operational response to an emergency in a building, in which the initial action does not involve evacuation of building occupants. Defend-in-place buildings have requirements for the fire detection and alarm zoning to coincide with the smoke zone. Automatic sprinkler systems also are required to coincide with the smoke zones. If zoning is not possible, the code allows the facility fire plan to address defend-in-place protection for the combined zones.

Operating room fires have been an issue in the recent past. Section 15.13 addresses safety procedures for use of flammable germicides and fire safety precautions in the operating room. Staff training is an important function for operating room fire precautions.

NFPA 99-2015 is ready for adoption by local, state, and federal officials.

However, CMS is considering updating to the 2012 edition of NFPA 101, which references the use of NFPA 99-2012. Therefore, when NFPA 101-2012 edition is adopted, the referenced NFPA 99-2012 edition also will apply.

Currently there is limited adoption directly or by reference of NFPA 101-2012. CMS has proposed changes to NFPA 99-2012 edition. When the final CMS rules are issued for use of the updated NFPA 101, NFPA 99 may have changes to the requirements as dictated by the CMS adoption rule. Therefore, the future requirements are not clear.


Michael A. Crowley is vice president, development at Jensen Hughes. He is a fire protection engineer with 35 years of engineering consulting experience. Crowley is currently chair of the technical correlating committee for NFPA 99.