EHRs and information availability: are you at risk? The EHR initiative is changing the face of disaster and the nature of prevention planning

Health Management Technology, May, 2006 by Jim Grogan

Ultimately, the patient is the beneficiary of this information protection, just as citizens count on banks and other financial institutions to protect and keep private sensitive information. As financial institutions have seen, for each electronic fence or border that is constructed, determined individuals and organizations will attempt to breach the security and gather information for malicious intent, or compromise the EHR infrastructure or data to disrupt reliable patient care.

Consideration of Failures

What happens when there is a disaster, failure or interruption within the EHR architecture? We need to immediately consider the impact on the quality of patient care. Automated systems are not new to business models, and we can learn from past experiences outside of the healthcare arena.

A phenomenon surrounds the implementation of any automated support system: During the implementation phase, a degree of trepidation exists among users of the new system based on fear of technology, incomplete or inadequate training, and basic human nature that resists change. After the initial rollout when systems are functioning smoothly--the operational phase--an excitement accompanies the boost in productivity and efficiency, both of which have been mentioned as goals throughout the national EHR discussion over the past several years. After a period of time, however, even the best systems will require and undergo constant refinement and improvements during maintenance phases.

As systems become accepted, the old processes (pre-automation) lose ground in corporate memories. Users become dependant on automation to perform even the simplest tasks. Prior to automation, downtime procedures are simple: fall back to manual reports, manual operations, paper records and continue as best as possible until the automated system is restored.

However, highly automated support systems like future EHRs often will lack the paper records needed to fall back on during a system failure or disaster. When it comes to implementing EHR solutions, information resilience cannot be an afterthought, but needs to be designed into the solution at the start. Traditional tape backup or electronic data replication requirements can only be determined by examining the impact on patient care before an outage occurs.

EHR systems make it far easier for users to review the digital information in real-time and to take advantage of automated diagnostic tools that help practitioners to quickly pinpoint irregularities. When planning for disasters or failures, those charged with this responsibility need to consider those who electronically access medical histories and test results and the levels of efficiency, productivity and the quality of patient care they need to provide.

Sources of Risk: Disasters and Downtime

The only prediction that is certain about EHR systems and supporting infrastructure is that they will fail at some point. The best-designed systems are subject to physical threats or electronic attacks. The highest quality components experience normal wear and tear and either fail or need replacement, introducing downtime. Possible sources of system failures include: