Why Disaster Recovery Planning is a Must for Healthcare Providers
Data disaster recovery planning — it’s one of those unpleasant tasks that’s easy to put off, like writing a will or getting that all-important annual exam. We here at Frontier IT in Colorado Springs review three reasons why it’s an absolute must for health care providers — be they massive insurance companies and hospital chains or private practices and small-town dentists.
1. It’s life and death — literally.
It doesn’t take much to understand why. Electronic health records are fantastically helpful in that they’re theoretically easier to transmit than paper records. But what if those records disappear completely — with no back-up, paper or otherwise — due to ransomware, a natural disaster or a disgruntled employee? What if a patient whose records are affected needs emergency surgery? What if a healthcare provider at another facility needs those records now?
In the article “Electronic health records: maybe a matter of life and death” published in 2005 by Health Data Management, Dr. Lynn Witherspoon writes about a friend with a cardiothoracic issue who was scheduled for a surgery that was canceled due to Hurricane Katrina. Several weeks later that friend showed up at a non-functioning emergency room with an acute issue, Witherspoon writes. But it was late, it was the weekend, records were inaccessible and doctors were “confused.”
“Without access to their new patient’s health care record, they were forced to begin from scratch,” Witherspoon wrote. “After 11 hours in the emergency room, the results of a CT scan finally revealed the source of the problem. Surgery was begun promptly thereafter but too late for my friend.
“Prompt access to CT scan results done earlier … would have resulted in a different course and might have prevented his death.”
2. HIPAA requires it.
If your business is a HIPAA-covered entity, the law requires that you create a contingency plan “to ensure continued access to electronic protected health information (ePHI) in the event of a system failure,” according to TechTarget. HIPAA-covered entities must also back-up ePHI and explain how this sensitive data set will be moved without violating the law.
3. Your bottom line depends on it.
Ethics and the law aside, disaster and data loss can absolutely devastate, if not kill, a business. According to a 2011 white paper by the AC Group, an hour of electronic health record downtime costs practices an average of $488 per hour — per physician. A two-physician practice would suffer nearly a $1,000 hit per hour — $8,000 per day, $40,000 per week. (It’s getting depressing, so we’ll stop calculating.) Add to that a potential inability to receive payments and HIPAA fines that may total millions and, well … you’ll see why wise businesses owners realize that a disaster recovery plan is a non-negotiable.
If you’re a health care provider without a data disaster recovery plan, don’t fret. We recommend contacting an MSP, or managed service provider, that offers IT services to small and mid-sized businesses in an affordable, à la carte fashion. Frontier IT offers data disaster recovery planning as part of its virtual CIO, or Chief Information Officer, service.
Curious as to what an MSP like Frontier IT could do to improve and protect your health-care practice? Give us a ring. We’re friendly, fully HIPAA compliant and ready to help!
Like what you read? Looking for additional tips and tricks to help small business owners succeed? Check out more of our blog posts here.