The Recovery After the Storm: Are Electronic Records More Vulnerable to Disaster?

Topics: Healthcare IT Management

Healthcare organizations are speedily moving to digital workflows. The benefits include improved patient care, lower overhead, increased efficiency and, most notably, substantial financial incentives from the federal government.

FAST FACT: About 3 out of 4 healthcare providers say their EHR system has resulted in enhanced patient care, according to a recent study.

DID YOU KNOW: 79% of providers report that their practice functions more efficiently because of EHR/Meaningful Use standards.

That’s the good news. But even digital records come with downsides. Just like their paper siblings, digital records are also vulnerable to disaster. That’s why compliance regulations compel you to have a disaster recovery plan in place.

The Virtues of Going Electronic

Okay, you might be wondering: If electronic records are so vulnerable to failure in a crisis or disaster, why have healthcare providers turned to them so enthusiastically? For starters, many providers report that EHRs help improve patient care by increasing efficiencies and driving cost savings. In a national survey of doctors who are achieving Meaningful Use goals, 79 percent say their practice functions more efficiently because of EHR/Meaningful Use standards, and 75 percent receive faster lab results.

EHRs afford easier records access both onsite and remotely. At headquarters, your mandated use of electronic health records can help pare down physical records and increase available space. Remotely, EHRs can enhance interoperability by making it easier to share data across departments, facilities and health systems.

Then there are the very tangible metrics of money: An EHR plan can be eligible for financial incentives offered in either the Medicare or Medicaid EHR Incentive Program. By keeping to their EHR transition schedules, providers may also avoid financial penalties; any organization that fails to comply with Meaningful Use requirements in 2015 or beyond faces reduced Medicare reimbursements.

Get Prepared: Assess Your System’s Vulnerabilities

Ironically, the key advantage of electronic records—faster, more centralized access—makes their potential loss all the more devastating. Here’s what you can do to minimize fallout in the event of a disaster, natural or otherwise:

  • Determine the biggest or most immediate threats to your data. Floods, tornadoes and other natural disasters can wreak havoc on your EHR. But your data is more likely to be interrupted or lost because of something far more commonplace, like a tree branch falling on a power line.
  • Assess and identify other kinds of threats, such as cyber attacks, malware, inadvertent or deliberate data breaches and even terrorist attacks.
  • Determine where and when your electronic data is most at risk. Explore potential vulnerability points throughout all stages of the information lifecycle. Your plan should provide for protection when your information is in active use, in transit, in storage or at other points along the way.
  • Safeguard your EHR with a solid disaster recovery plan. Providers must be able to access patient records in a timely manner to deliver quality care. A thorough, documented plan helps ensure that access.

Revamp Your Disaster Recovery Plan: A Checklist

Kick-start your plan with these critical first steps:

  1. Analyze, identify and prioritize your records; understand what you have and where you’re storing it all.
  2. Build in redundancies and backups to keep the system functioning and to recover data securely, reliably and consistently.
  3. Clearly understand your Recovery Point Objective (RPO), the amount of data loss that’s deemed acceptable, defined by application; and your Recovery Time Objective (RTO), the time it would take to recover after a disaster or other interruption.
  4. Update your disaster recovery plan regularly to reflect the emergence of new data sources and electronic record formats.
  5. Monitor your archives and test your disaster recovery plan. It’s not good enough to come up with a plan, plop records into an archive and sit back and relax. You don’t want to wait until disaster strikes to discover that your plan no longer works.
  6. Conduct routine data integrity checks to correct file corruptions. You need to trust your data, especially post-disaster.

With the rapid spread of electronic records throughout the healthcare industry, it’s more important than ever to develop an EHR that incorporates a solid disaster recovery plan. A trusted partner can offer a variety of solutions, everything from continuous, automated backup of electronic data to the best strategies for meeting your RPO and RTO. Together you can prepare a plan that protects your system—and your patients.

Five Questions to Ask a Prospective Partner

When considering an offsite provider, experience and consistency rule. Vet your prospective partner by asking its team these questions:

  • What kind of experience do you have with disaster scenarios?
  • How quickly can you get us back online?
  • How would you get our data back to us?
  • What is your disaster recovery track record/success rate?
  • What kind of security do you provide to safeguard electronic data (e.g., encryption, authentication, passwords)?

Do you have more questions about your current Health Information and Management strategy? Read additional Knowledge Center stories on this subject, or contact Iron Mountain’s consulting services team. You’ll be connected with a knowledgeable product and services specialist who can address your information management challenges.


Related Content:

Preparing your healthcare organization for the high stakes game of data security

Evaluating a hybrid approach to offsite data storage

Disaster Recovery and Patient Care: It’s Complicated—and Essential