What happens to your EHR when you have a power outage?

If you are either transitioning from a paper system, or considering it, one question you may not have considered is what happens during an unexpected power outage?

Experts sometimes refer to having a “disaster preparedness plan” and the Health Insurance Portability and Accountability Act (HIPAA) requires that you have one in place.¹ However, if your practice is implementing a new electronic health records (EHR) system, then you will need a new plan.

Emergencies come in all shapes and sizes

Although an emergency contingency plan should guide your staff in the case of fire, natural disaster, or even a terrorist attack, a more likely scenario is that of a power outage. With a paper system, business can most likely continue as usual. But with an EHR, patient records are inaccessible without electricity.

Whether a power outage occurs during business hours or in the middle of the night on a holiday, your contingency plan should make sure no data is lost or compromised. As you work to put together a plan, there are several points to consider.

How is data stored?

One of the big decisions in choosing an EHR system is deciding between a system that is offered as Software as a Service (SaaS) or one that is a local installation. SaaS systems are sometimes referred to as being “in the cloud,” while local installation systems are those where applications are stored directly onto your hardware.

There are distinct advantages and disadvantages to both, and many factors, including an emergency contingency plan, will likely play into your decision. ²

Any reputable vendor will be able to discuss the advantages and disadvantages, and all EHRs that have been certified by the Office of the National Coordinator (ONC) must meet rigorous security standards. ³

Who Is responsible?

Just as it is helpful to have one person serve as the HIPAA officer, and one person be trained as an expert on your EHR system it is helpful to have one person be responsible in the case an emergency.^4,5,6 In the event of a disaster, This person executes your communication system, so that everyone on your staff can easily be made aware of what is going on.

Can you expect help?

Many vendors offer services that may be helpful in the event of a power outage. You will want to make sure you understand what sort of support services are available to you before you need them. Some vendors offer these services requiring ongoing payments and some provided as part of your purchase of the EHR system. Being aware of what your vendor offers before you need it is essential.

Although it may not seem as if a power outage is an emergency, if your patients’ data is lost or compromised, there is a real danger that your practice is not compliant with HIPAA. Putting together a basic plan, then reviewing it annually or even quarterly, is good business practice.

 

References

¹ U.S. Department of Health and Human Services. “Emergency Situations: Preparedness, Planning, and Response.” http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/. Published November 2014. Accessed August 2015.

^{2 Howell, D. “For and against SaaS and installed applications.” http://www.techradar.com/us/news/software/applications/for-and-against-saas-and-installed-applications-1139860}. Published March 2013. Accessed August 2015.

^{3 HealthIT.gov. “ONC Health IT Certification Program.” http://www.healthit.gov/policy-researchers-implementers/onc-health-it-certification-program}. Published March 2015. Accessed August 2015.

⁴ Shaw G. “Navigating HIPPA in the Electronic Age: What DCs Must Know.” http://www.acatoday.org/content_css.cfm?CID=5630. Published March 2015. Accessed August 2015.

⁵ HealthIT.gov. “How should I train my staff?” http://www.healthit.gov/providers-professionals/faqs/how-should-i-train-my-staff. Published January 2013. Accessed August 2015.

⁶ Bonin I. “Planning For The Unexpected Ehr Downtime: 4 Key Steps.” http://meetings.hayesmanagement.com/blog/planning-for-the-unexpected-ehr-downtime-4-key-steps. Published April 2015. Accessed August 2015.