Medicare Compliance & Reimbursement

Be Cyber Aware:

Draft an Airtight EHR-Back-Up Plan

Hint: Patient safety should be your first priority in a malware attack.

It’s no secret that healthcare hackers cost Medicare providers millions annually. And with MACRA’s focus on quality issues like ePrescribing, health information exchange, and enhanced patient engagement through portals and online provider access, the need for stronger cybersecurity will increase.

It’s a good idea to implement strategies to prepare for disaster before it strikes. Once you establish your protocols, ensure that all staff members are aware of them and fully understand the plan — then perform annual drills to confirm that everyone can put the plan into action.

Plan ahead: Most practices have annual meetings where they discuss changes to the EHR or new policies. During these meetings, perform a “mock downtime” practice run during which your staff members demonstrate what they would do in the event of an EHR outage. These practice sessions are of the utmost importance. “Don’t wait until an outage happens, as patient lives are at stake,” cautions Bob Steele, executive vice president of clinical services with the HCI Group in Jacksonville, Fla..

Consider these things as you write-up your protocols:

  • Put the patient’s safety first. One of your focus areas when creating your offline EHR strategy should inevitably be patient safety, since it’s critically important, and it could suffer in the absence of electronic records. Medication administration and allergy identification should be at the top of your list, advises Steele.
  • Establish a code status system. The patient’s code status should be readily available and obtainable in emergency situations. “Do not rely on the EHR — ensure an alternative form of code status identification is in place, i.e., a colored armband, etc.” Steele says.
  • Keep test results flowing. Create a process for receiving test results in lieu of the electronic fashion, partic­ularly in fast-paced and critical care areas such as the emergency department, labor and delivery floor, and critical care unit, Steele advises.
  • Maintain your daily schedule. Ensure you have a way to keep track of appointments, admissions, therapy sessions, lab visits, and other important sessions.
  • Revert to paper. Have systems and products in place to convert to paper charting when your EHR goes down. This includes having the materials at hand, training staff on how to use them, and maintaining policies on when to use paper.
  • Utilize practice flowcharts. Your paper supply won’t be limited to encounter notes — you’ll also need ample up-to-date copies of forms and flow sheets for other departments, such as requisitions for ordering lab tests, x-rays, consultations, and other information, Steele says.

Remember: The federal government’s Contingency Planning SAFER Guide warns that, “EHR unavailability, which will occur in every EHR-enabled healthcare environment, represents a significant potential patient safety hazard that directly affects patient care.” Patients could suffer from medication errors, the unavailability of radiological tests, canceled procedures, and other care issues if EHRs fail to work properly. Look at the SAFER guidelines at: https://www.healthit.gov/safer/safer-guides.

Other Articles in this issue of

Medicare Compliance & Reimbursement

View All