• E-mail
• Print
• RSS

Tip: Don't allow contingency plan testing to disrupt patient care

HIPAA Weekly Advisor, May 15, 2003

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Organizations may be reluctant to test their contingency plans, fearing the risk of medical errors created by system down time. But one of the final security rule's addressable specifications calls for organizations to have a procedure for testing and revising contingency plans.

"The whole notion of HIPAA is to do the right thing," says John Halamka, MD, chief information officer for CareGroup in Boston and for Harvard Medical School. "Making this specification addressable allows organizations to conduct testing in a way that causes minimal clinical impact."

You can't be sure your plan will work until you have a real-world test of it, he says.

Beth Israel Deaconess Medical Center, one of five CareGroup hospitals in the Boston area, had one of those real-world tests on Wednesday, November 13, 2002 (see "When in doubt, go back to paper," from the January 2003 HIS). The hospital experienced a network slowdown. Over the next three days, network connectivity was restored, but service quality was irregular. Late the following Saturday night, the network regained stability and, by Sunday, access to all applications was restored. It was the first time the network crashed.

"What a great opportunity that was to test!" says Halamka. "But there's a difference between having a plan that lists all the things you're going to do in the event of a disaster, and the subtle details you figure out when you really have a serious test of [that] plan."

Beth Israel's contingency plan calls for the use of paper records in the case of system shutdown. "In the middle of our network outage, our chief operating officer had to go down to Staples with his Visa card because we were going through tens of thousands of pieces of paper," he says. "We also learned that we'll need extra staff to bring records from the laboratories to the intensive care units." Now that Beth Israel has had a real test, Halamka is confident the hospital's information systems could function manually in a disaster. "It would be painful, because we'd have to get extra staff, but we could do it," he says. "We had trial by fire. But the amount of pain, effort, and anxiety we had with that test would be hard to go through voluntarily."

Beth Israel now tests its plan periodically when there is an upgrade or major change to the system. There are gradations of testing your contingency plan, explains Halamka. Testing does not mean that you must shut down your organization's entire network. "If you shut off a whole quarter of your network, it's going to have significant ramifications on the remaining part of the network and may cause serious real problems," he says. "We use Web-based provider order entry that reviews every medication [given to patients]. There's now a manual process by which the pharmacist reviews every drug, but what if somebody doesn't see that a patient is allergic to penicillin?"

Choose times that are less disruptive, says Halamka. "Testing at 8:00 a.m. on Monday morning would probably cause such a workflow impact on the organization it would be too painful. You might decide to test on Saturday mornings between 2:00 and 5:00 a.m., because that might be when the information security staff are doing maintenance work anyway."

Editor's note: Excerpted from the May 2003 issue of Healthcare Information Security.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive