Ransomware attacked the California Health System with claims of 17 million patient records stolen.
PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their Downtime Contingency Plan. A downtime contingency plan contains the procedures that are followed to maintain the ability to provide patient care in the event of a computer outage. This typically involved going back to recording patient information on paper for later entry into the computer systems when they are back online.
It is important to note that going back to paper can result in additional workload for staff and delays and inconveniences for patients. But what if there was not a downtime contingency plan in place?
Imagine if your systems went down, how would you continue to function during the time your computers are not available.
- Do you have a plan in place?
- Have you tested the plan to make sure it will work when needed?
- What paper forms might you need to enable you to best record information from patient encounters during this down time?
- Are the forms optimized to allow your staff to be as effective as possible in both providing and documenting patient care?
- Are the forms optimized to allow your billing team to review the records so that you are reimbursed for the services you provide during the downtime?
Computer downtime can present challenges in terms of providing quality care, and it also presents challenges in terms of finances for your practice. Having a downtime contingency plan and TESTING it is vital to enable you to get through events of this nature with a minimum of disruption to your practice.
In this particular instance, the attack on PIH Health also impacted their phone systems. Luckily not all of the facilities associated with the Health Care System had phone disruptions and they were able to re-route calls. This event and the ability of PIH health to mitigate the impact of the phone system outage reminds us that our downtime contingency plan must also include plans on what to do if we lose access to our practice telephone system.
When you develop and review the plans for your practice you should have separate plans for downtime of each of the systems in your practice such as your EHR, Billing System, Phone System. What about other vital devices and equipment at your practice including your autoclave and your digital imaging system
When we learn about events of this nature that happened to somebody else, it is good time to look at what we are doing and evaluate how we might respond if that happened to us. Have you identified all vital systems for your practice, and do you have contingency plans for each of those systems? Downtime contingency planning for systems that involve patient information is a vital part of your HIPAA risk mitigation strategy. Being prepared for disasters involves much more than protecting your data, it involves protecting your patients and your practice.
If you need assistance with developing your downtime contingency plans or any other aspects of HIPAA compliance, please contact TLD Systems at
(631) 403 6687
Read Comments