Risk Management Tools & Resources

 


When the System Goes Down: Proactive Planning for Electronic Health Record Downtime

Laura M. Cascella, MA, CPHRM

proactive-planning-EHR-downtime

Electronic health record (EHR) systems are ubiquitous in healthcare and serve as the primary repository for important patient health information. When properly implemented, these systems have proven beneficial as part of emergency management and response efforts. They can help preserve data, facilitate the quick transfer of critical information, and ensure continuity of care.

However, EHR systems are not infallible, and situations can occur in which a system becomes partially or completely inoperable or inaccessible (e.g., as a result of a power outage, technical malfunction, environmental emergency, or cyberattack). In the absence of comprehensive contingency plans, these issues can present significant threats to patients and healthcare organizations.

HIPAA Security Rule

The HIPAA Security Rule requires covered entities (CEs) to develop contingency plans for responding to emergencies/disasters and safeguarding electronic protected health information. As part of contingency planning, HIPAA requires a data backup plan, a disaster recovery plan, and an emergency mode operation plan; the Security Rule also advises CEs to develop testing and revision procedures and to conduct an analysis of applications and data criticality.1

Proactive planning to reduce the risk of EHR downtime — and to ensure that healthcare providers and staff members are prepared if a system does become compromised — can help minimize patient harm and mitigate liability and reputational risks. Proper planning also can help ensure compliance with the HIPAA Security Rule.

The following strategies and recommendations can help guide healthcare organizations as they develop or update their contingency plans for EHR downtime:

  • Involve clinicians and staff members in contingency planning to gather crucial input on backup protocols, procedures, and workflows.
  • Routinely review policies and protocols related to EHR downtime to identify gaps, implement additional safeguards, and account for any workflow or technology changes.
  • Ensure that redundant systems are in place in the event of hardware or software failures. These systems should back up critical data and applications, and the organization should be able to activate them quickly (e.g., within several hours). The Office of the National Coordinator for Health Information Technology (ONC) recommends testing redundant systems quarterly.
  • If applicable, work with your EHR hosting vendor to ensure that patient health information and other data are routinely and automatically backed up at least daily (if not more frequently). Make sure the vendor’s backup protocols will allow your organization to fully recover from system failures or downtime.
  • Include in your contingency plans the appropriate steps for accessing backup systems and data and who is authorized to do so.
  • Have at least two internet access points that are serviced by different providers (e.g., two cable-based options or a cable and wireless option).
  • Determine whether your organization’s backup generator can support the operation of your EHR system — or, at minimum, its critical functions — during a power outage. Make sure adequate fuel is maintained onsite to run the generator for at least 2 days, and test the generator on a monthly basis.
  • Implement a plan for documenting patient care and other important information during system downtime, and ensure adequate paper forms are available. The plan should include safeguards for maintaining privacy and confidentiality of protected health information as well as procedures for updating the EHR system once it is operational.
  • Develop a protocol for how to register new patients and ensure accurate patient identification during system downtime.
  • Educate healthcare providers and staff members about:
    • The risks associated with EHR downtime, such as medication errors, inaccessibility of images and test results, and the need to delay procedures.
    • Best practices for preventing cyberattacks, including strategies for identifying common types of threats and implementing physical and technical safeguards.
    • The organization’s contingency plans, correct procedures for handling system downtime, and recovery processes.
    • Appropriate methods for documenting clinical care and other vital information on paper forms and charts as well as how to maintain HIPAA compliance.
  • Run drills and simulation scenarios related to EHR downtime to support training and assess competency with organizational policies. Consider using Failure Modes and Effects Analysis to proactively test processes and identify potential gaps.
  • Develop a communication policy for when EHR downtime occurs that provides guidance for when to communicate, how often to communicate, and who should initiate communications. Make sure alternate communication methods are in place to notify providers and staff members about EHR issues. These methods should not rely on the information technology infrastructure or internet.
  • Make sure paper copies of your contingency plan and any procedures related to EHR downtime are easily accessible.
  • Monitor and document all instances of EHR downtime (including system recovery time), and keep a log of all testing activities.2

For more detailed guidance related to planning for EHR downtime, see ONC’s SAFER Guide on contingency planning. For more information about various aspects of EHR systems, see MedPro's Risk Resources: Electronic Health Records.

Endnotes


1 HIPAA Privacy and Security Rule, 45 C.F.R. § 164.308(a)(7)

2 The Office of the National Coordinator for Health Information Technology. (2016, July). SAFER self-assessment: Contingency planning. Retrieved from www.healthit.gov/topic/safety/safer-guides