In Hurricane Sandy’s Wake, Thoughts About EHR Disaster Security
An argument in favor of electronic health records is the conversion of vulnerable paper-based data to on-line information, which can be better protected from the elements. That is, until hurricanes Sandy and Katrina, when disaster preparedness proved paramount for providers whose practices were damaged by wind and water.
As part of adopting a new electronic health record (EHR) system, take time to develop a disaster plan should wind, water, fire, or electrical failure compromise your system. The plan should not only consider all anticipated possibilities, it should consider the unlikely, experts advise.
Pamela Lewis Dolan, an American Medical Association AMedNews journalist, says there are three core elements found in every plan:
- Security of the practice’s data
- Contingency plan for creating records after the disaster
- Identification of backup power and Internet
Security of the practice’s data is enhanced by storing it offsite, either as a physical file periodically sent to a fortified location or uploaded to the Cloud. If choosing either, find out how well-protected the data is during transport and storage and how easy it will be to access it after a disaster. Is the fortified site safe from the elements and theft? Is the Internet provider able to encrypt the data during transfer, and are the servers on which the data stored secure against misfortune? Verify the security of your data being backed up as well as secure and dependable options available for retrieving the data when needed.
Have a plan of action for when the disaster occurs. What happens when the water recedes or the dust settles? If staff can’t get into the practice, what can be done offsite? Can the practice convert to paper records for a short time if equipment housing the EHR and its data are damaged? Is there a phone tree to contact staff, referring providers, and patients including a cell and text-messaging protocol?
Radiology website AuntMinnie.com quotes Chief Information Officer Karlie Hull of New Orleans saying that after hurricane Katrina, backup tapes were not as helpful to them as data uploaded to the Cloud.
Back-up power is essential, as is restored Internet service. Consider one of the many ways to protect your practice by buying a portable generator BEFORE the disaster occurs, including a supply of fuel and/or a connection to your natural gas line. Equipment can operate for several hours connected to battery-equipped uninterrupted power supply units. Know what your internet service provider’s (ISP) disaster plan is for maintaining or regaining access to the internet. This will be extremely important if your information is stored online (cloud based).
Forces of nature – blizzards, earthquakes, floods, lightning, high winds, and others – can bring your practice to a halt if you haven’t prepared. Discuss how your office can prevent disruption and what steps it will take in the event of a disaster, then document it and discuss it with your staff.
Several resources exist in books and on the Internet. Your colleagues can share tips, as well. The Small Business Administration has several on-line resources, as do EHR vendors and professional associations.