Ninety-five percent of hospitals have written electronic health record contingency plans, but some don’t meet HIPAA requirements, according to new data collected from a survey conducted by the Department of Health and Human Services’ Office of the Inspector General.
The survey sampled 400 hospitals that received Medicare incentive payments for using a certified EHR system as of September 2014. Participating hospitals were asked about their EHR contingency plans in regards to the following: HIPAA requirements, the practices for contingency planning recommended by two Federal agencies, and hospitals’ experiences with EHR disruptions.
Most hospitals reported implementing best practices, including maintaining backup copies of EHR data offsite, supplying paper medical record forms for use when EHR is unavailable and training and testing staff on contingency plans.
However, the OIG also found only about two-thirds of hospitals reported their contingency plans addressed the four HIPAA requirements: having a data backup plan, having a recovery plan, having an emergency-mode operations plan and having testing and revision procedures.
More than half of the surveyed hospitals reported an unplanned EHR disruption, with about a quarter experiencing delays in patient care as a result.