Issue link: https://beckershealthcare.uberflip.com/i/717576
68 CIO / HEALTH IT 59% of Hospitals Had Unplanned EHR Disruption Last Year — Were They Prepared? By Akanksha Jayanthi N early six in 10 hospitals last year expe- rienced an unplanned EHR disruption that made their EHR unavailable to hos- pital staff, but hospitals appeared to be mostly prepared to handle such disruptions, according to a report on hospitals' EHR contingency plans from HHS' Office of Inspector General. The OIG administered an online question- naire between May and July 2015 to 400 hospitals that receive Medicare payments. Investigators also visited six hospitals to further review EHR contingency plans and related documents. e OIG found overall hospitals are highly prepared with contingency plans: 95 percent of hospitals said written policies and proce- dures in their contingency plans specify how to respond to EHR disruptions. Of the 5 per- cent of hospitals that did not have contingency plans, some of them said they were still devel- oping them as they had only recently adopted their EHR. Others noted they had implement- ed practices related to contingency plans but did not have those documented in policies or procedures. HIPAA requires four specific elements in a con- tingency plan: having a data backup plan, a disas- ter recovery plan, an emergency mode operations plan and testing and revision procedures. Six- ty-eight percent of hospitals' contingency plans addressed all four of these requirements. Of the hospitals that experienced an un- planned EHR disruption, 59 percent of the time it was related to a hardware malfunction or failure, 44 percent were related to an inter- net connectivity problem, 33 percent were due to a power failure, 4 percent came from a nat- ural disaster and 1 percent came from a hack- ing incident. (Hospitals were permitted to identify more than one cause of an unplanned EHR disruption.) When EHRs were disrupted, 24 percent of hos- pitals said the disruption resulted in delayed pa- tient care, 15 percent said it resulted in rerouted patient care and 1 percent said it resulted in loss of records. No hospitals said unplanned EHR disruptions resulted in a data breach. Hospitals generally had implemented contin- gency plan recommendations from the ONC and National Institute for Standards and Tech- nology, such as maintaining backup copies of records (99 percent), storing backup data offsite (92 percent), determining how to replace dam- aged equipment (87 percent), having at least two internet paths (78 percent), supplying paper forms in emergency mode (100 percent), main- taining an electric generator (98 percent) and continuously updating contingency plans to re- main up-to-date with system enhancements (85 percent), among others. e OIG suggests the Office for Civil Rights implements a permanent audit program eval- uating hospitals' compliance with HIPAA's contingency plan requirements, especially as cyber threats evolve. "Persistent and evolving threats to electronic health information rein- force the need for EHR contingency plans," according to the report. n Zero to One then you're done! Zero to One then there is none! Request a free sample http://www.palmerohealth.com/requestSamples Please mention Becker when requesting a sample You can't see them or hear them! (GERMS) You are mortied they exist! (GERMS) You can't see it or hear it disinfecting! (DisCide Ultra) But you will be glad it's there! DisCide Ultra protects YOU! Protection YOU can count on! Kills over 21 deadly pathogens! Kills in 1 minute or less without you even seeing it! MRSA HIV E.coli H1N1 Inuenza-A Staph Among others! RSV Pseudomonas aeruginosa H3N2 Salmonella