Anesthesia Coding Alert

Office Management:

Let These 6 Questions Test Your Contingency Plan Know-How

Understand what is truly critical to your office operations.

Whether you’re potentially dealing with a hurricane, flood, or tornado, do you and your staff know what to do when disaster strikes? Contingency planning is an essential process for protecting your data in the event of a natural or man-made disaster, even if it’s simply a power outage. 

If you and your staff want to test your contingency planning know-how, take the Contingency Planning Challenge (www.healthit.gov/providers-professionals/privacy-security-training-games), a fun and interactive game developed by the Office of the National Coordinator for Health IT (ONC). Here are a few sample quiz questions from the game: 

1. How does having a Contingency Plan benefit our practice?

A. Planning can help our practice effectively protect and recover our revenue.
B. Planning can help our practice mitigate patient safety issues such as the difficulty of sending prescriptions to the pharmacy for high-risk patients.
C. Planning can help us protect, and if necessary, recover patient records.
D. All of the above.

2. We aren’t located in a flood plain or where there are a lot of hurricanes. We don’t have to worry about any other kinds of risks, do we?

A. No, you only have to plan to respond to natural disasters, like tornadoes, floods and wildfires.
B. Not if you have insurance.
C. No, why waste your time planning for something that is not likely to happen?
D. Yes, if you don’t plan for threats like fire, vandalism or power outages, your information may be vulnerable to loss or damage.

3. The office manager has asked me to help assign personnel roles and responsibilities in our Contingency Plan, because I know everyone in the office and what they do. What are some of the things I may need to consider?

A. Who needs access to ePHI in the event of a natural or man-made disaster?
B. Who should be responsible for implementing the Contingency Plan?
C. Who may need access to our office to help restore lost data?
D. All of the above.

4. Now that we’ve adopted an electronic health record (EHR), I’m worried about what we would do if anything happened to interfere with or damage our health information system. Planning ahead sounds like a good idea. How can we learn more?

A. The HHS Office for Civil Rights (OCR) and the ONC websites provide information on how to prepare for natural or man-made disasters.
B. The National Institute of Standards and Technology (NIST), the federal agency that works with industry to develop and apply technology, measurements and standards, has information about developing a Contingency Plan on its website.
C. The Centers for Disease Control and Prevention (CDC) has information to assist healthcare providers in preparing for unplanned events including public health emergencies.
D. All of the above.

5. We’re a small office, but we need to have a plan to back up data that is on our office computer server, so that it’s available if something happens to our information system. What can we do to save and store data should something happen to the office?

A. Store the encrypted media in a secure location in the office and securely transport the encrypted media from the office to an alternative safe location on a regular basis. Include the process and location in your risk assessment.
B. Research and contract with an offsite hosting vendor that is HIPAA-compliant. Backups could then be scheduled to occur primarily during periods of lower activity.
C. Contact your IT/EHR vendor to discuss setting up a remote backup server that would permit staff to access files they would need on a daily basis from any location if the information on their primary server becomes inaccessible.
D. All of the above.

6. What are some of the procedures we need to include in our Contingency Plan?

A. Procedures for backing up patients’ clinical and billing information.
B. Procedures for restoring any lost clinical or billing information.
C. Procedures that enable critical business processes for protection of the security of health information while operating in an emergency mode.
D. All of the above.

Answer key: 1, D. 2, D. 3, D. 4, D. 5, D. 6, D.