How does your practice function when your technology is lost?

By Brian L Tuttle, CPHIT, CHP, CHA

 

If you are familiar with the psychologist Abraham Maslow, and his famous “hierarchy of needs”, then you will know he clearly was not born in the age of the internet.  According to Maslow, “needs” are listed in order of importance beginning with essentials like: food, water, safety, security, love, prestige and ending with the elusive self-actualization.  However, in today’s modern age it seems the list should go like this: INTERNET, CELL PHONE, food, water, safety, security, love, prestige and self-actualization.

This of course is a little bit of jest but have you considered what your practice would do if you lost your technology?  Do you have a plan for just a day or two of downtime?  What about a long term plan?  Does your practice have any Contingency Plan at all?

In performing over 200 HIPAA audits, I have noticed an alarming trend; most practices do not have a Contingency Plan in place at all!   Did you know that this is a required standard of the HIPAA security rule as stated in citation 164.308(a)(7)(i), and failure to do so could result in fines, or worse, the total loss of your practice in the event of a disaster?

In this article, we are going to focus on the minor disaster.  Minor disasters happen much more frequently – for example, the loss of access to technology.  What would you do?

The first thing you need to do is isolate the problem.  What caused the outage?  Is it the internet service provider?  Obviously this will bring down any web based EMR.  Is it the server that houses your EMR onsite?  Do you have a contact list of entities to call – IT vendor, EMR vendor, internet service provider, etc? 

Tip: When calling IT provider or EMR support be sure to mention you are “completely down” as this usually will expedite the process.  Remember the adage “the squeaky wheel always gets greased first.”

You should have a plan in place that allows you to function and continue to see patients when no technology is available.  On the clinical side you can revert to paper for charge capturing, patient visit recording, prescriptions, etc.  Do you have these items handy? (i.e. super-bills, prescription pads, etc.)?   

What about patient histories?  The move to an “all electronic” world means these charts may not even exist at your practice anymore.   In some cases, it is possible to access the server (assuming it is onsite) using a very powerful UPS (uninterrupted power supply) which can power the server and a printer.  This would give you the ability to print from within your practice management system in a pinch.  Tip:  An entry level UPS should last about 30 minutes. However, the time can vary, depending on the load of the server.     

One other suggestion would be to keep a copy of the EMR and patient database on a local laptop.  This would allow you to access patient records on a machine with a long battery life. Even in a complete power outage, you could gain emergency access to patient data.

What if your internet is down for a few days and your EMR is housed on the web?  

One thing to consider would be to use an “air card.” Most cell phone vendors offer these at reasonable prices.  In some cases, a cell phone with internet access can even be used as an “ad-hoc” modem plugged into PC to get you online.  Also in some cases, the cell phone itself can be used to access the internet and therefore the EMR. 

Another thing to consider is getting a backup internet line.  Example: if you currently use a T1 to access the internet, purchase a cheap DSL or cable line as a backup.

The bottom line is you need to have a contingency plan in place for minor events as well as major catastrophes.  Not only is it a requirement per the HIPAA Security Rule but it is also a wise business decision.

How do you develop a Contingency Plan for your practice?  To start,download this BCP Template – pdf to create your plan.  For more information, please contact:  brian.tuttle@ingaugehsi.com



Comments are closed.