Product type:

AllBooksEventsOnline CoursesWebinarsPackages
Medical Group Management Association
Top House Ad

From cyberattacks to planned outages, medical practices need a plan for EHR or PM system downtime

MGMA Stat - July 29, 2021

Electronic Health Records

Policies & Procedures

MGMA Staff Members

The list of things that can go wrong with the technology powering your EHR or practice management (PM) system is long, and the threats to their proper function are growing. Medical practice leaders must be prepared for outages or downtime, regardless of the cause:
  • Cyberattacks (e.g., ransomware) that disable or hold systems hostage
  • Natural disasters or severe weather that interrupt power supplies and/or internet connections to cloud data
  • Upgrades or other planned outages that take longer than normal.

A July 27, 2021, MGMA Stat poll found that 82% of medical practices have an EHR/PM system downtime protocol, versus 18% that do not. The poll had 448 applicable responses.

By 2014, a study published in the International Journal of Medical Informatics found that 96% of healthcare institutions had at least one unplanned downtime of any length in the previous three years, and 70% of them had an unplanned downtime more than eight hours long in that same period. Particularly concerning in that study was the fact that “most institutions had only partially implemented comprehensive contingency plans to maintain safe and effective healthcare during unexpected EHR downtimes.”

The importance of having proper protocols or staff education for EHR/PM system downtime has only grown in recent years. As Lee Holmes, chief executive officer, Intensive Specialty Hospital of Shreveport and Bossier City, La., noted on a recent MGMA Insights podcast, cyberattacks aimed at healthcare facilities aren’t simply growing in number — the severity has intensified, too.

By summer 2020 when Holmes’ organization faced an attack, the range of what ransomware schemers sought from medical practices was closer to $25,000 to $30,000, but they have since reevaluated what larger groups might pay. “Very quickly, [the attackers] assessed that we were a larger organization … and weren’t even willing to talk to us about any number smaller than $100,000.”

That type of ransom, if an organization chooses to pay it, is only part of the bigger financial impact to the organization as part of the attack and its associated downtime on an affected system, Holmes cautioned:
  • Inability to enter orders or interruption of patient care due to lack of access to patient vitals/history, which can affect revenue
  • Time and resources spent restoring your system and checking for data integrity
  • Time and costs associated with reporting a potential HIPAA breach.

In the past, downtime protocols relied primarily on paper versions of the practice’s clinical documentation and workflows. In recent years, MGMA members noted that many EHR and PM system vendors have offered system updates to allow for locally stored documentation that can later be reconciled with a cloud system once downtime has ended.

What to do when things go wrong

The impacts of EHR downtime are well-documented. A 2019 study published in Applied Clinical Informatics found that lab testing results were delayed by 62% on average during EHR downtime, and that downtime paper records were often inconsistent or incomplete. The authors concluded that there’s a need for “better and more detailed downtime contingency plans with a focus on communications, resource allocation and training are necessary.”

Ways to manage downtime

Healthcare provider organizations should have continuity of operations plans for events or situations that interrupt normal business, and a chapter on loss of an EHR or PM system can be useful, as Steve Gravely, chief executive officer, Gravely Group, told EHR intelligence in 2018.
  • The Office of the National Coordinator (ONC) for Health Information Technology has produced SAFER (Safety Assurance Factors for EHR Resilience) Guides — nine guides in total — that provide recommendations for safe use of EHRs, including a contingency planning team worksheet to address scenarios such as an extended power outage, shifting to backup systems and more.
  • In a May 2020 report in the Online Journal of Nursing Informatics, a “Badge Buddy” program was piloted, with a double-sided reference card/cheat sheet affixed to clinical staff members’ badge holders “for speedy access” to outline appropriate steps, including a CLEAR process:
    • Check and communicate the problem
    • Locate the system downtime plans and downtime carts/kits
    • Establish alternative patient care continuity processes
    • Activate IT downtime plan and document information
    • Recover by entering data back into the electronic environment after the downtime.
  • The Academic Medical Center Patient Safety Organization (AMC PSO) has an extensive report, “Patient Safety Guidance for Electronic Health Record Downtime,” that outlines how to prepare for EHR downtime, communication/messaging strategies, migrating to paper-based systems and all other steps leading to recovery/restoration of an EHR.

Do you have any best practices or success stories to share on this topic? Please let us know by emailing us at connection@mgma.com.

JOIN MGMA STAT

Our ability at MGMA to provide great resources, education and advocacy depends on a strong feedback loop with healthcare leaders. To be part of this effort, sign up for MGMA Stat and make your voice heard in our weekly polls. Sign up by texting “STAT” to 33550 or visit mgma.com/stat. Polls will be sent to your phone via text message.

Additional resources

 
Bottom House Ad

About the Author

MGMA Staff Members
X

Shopping Cart

Your cart is empty

Subtotal:
Click here if your organization is tax exempt
X

A State Sales tax exempt certificate must be on file and taxable items cannot be ordered online. For immediate assistance during normal business hours of 7:00am to 5:00pm MT M-Th and 7:00 am to Noon MT on Friday, please call toll-free: 877-275-6462, ext. 1888

X

Checkout

Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country

Grand Total:
Use two letter code for US states
Use three letter code for country
Saved credit card is required for opt-in to autorenew.

Questions? Contact the MGMA Service Center for assistance during checkout or review our return policy for more information.
X

Confirmation

,
,

Total:
Payment:
Balance:
 

Thank you for your purchase! If you purchased an event, you will be receiving a follow-up email from our Learning Management System regarding the product/event purchased and no further action is required.


Loading...