Hint: Patient safety should be your first priority in a malware attack. It’s no secret that healthcare hackers cost Medicare providers millions annually. And with MACRA’s focus on quality issues like ePrescribing, health information exchange, and enhanced patient engagement through portals and online provider access, the need for stronger cybersecurity will increase. It’s a good idea to implement strategies to prepare for disaster before it strikes. Once you establish your protocols, ensure that all staff members are aware of them and fully understand the plan — then perform annual drills to confirm that everyone can put the plan into action. Plan ahead: Most practices have annual meetings where they discuss changes to the EHR or new policies. During these meetings, perform a “mock downtime” practice run during which your staff members demonstrate what they would do in the event of an EHR outage. These practice sessions are of the utmost importance. “Don’t wait until an outage happens, as patient lives are at stake,” cautions Bob Steele, executive vice president of clinical services with the HCI Group in Jacksonville, Fla.. Consider these things as you write-up your protocols: Remember: The federal government’s Contingency Planning SAFER Guide warns that, “EHR unavailability, which will occur in every EHR-enabled healthcare environment, represents a significant potential patient safety hazard that directly affects patient care.” Patients could suffer from medication errors, the unavailability of radiological tests, canceled procedures, and other care issues if EHRs fail to work properly. Look at the SAFER guidelines at: https://www.healthit.gov/safer/safer-guides.