Contingency planning for electronic health record-based care continuity: A survey of recommended practices

doi:10.1016/j.ijmedinf.2014.07.007

International Journal of Medical Informatics

Volume 83, Issue 11, November 2014, Pages 797-804

https://doi.org/10.1016/j.ijmedinf.2014.07.007 Get rights and content

Highlights

•
EHRs are essential to realize a high-performing healthcare system.
•
Unexpected EHR downtimes appear to be fairly common among healthcare institutions.
•
When EHR availability is disrupted, healthcare must continue.
•
Most institutions have only partially implemented comprehensive contingency plans.
•
Best practices are available to help prepare for and reduce the impact of downtime.

Abstract

Background

Reliable health information technology (HIT) in general, and electronic health record systems (EHRs) in particular are essential to a high-performing healthcare system. When the availability of EHRs are disrupted, alternative methods must be used to maintain the continuity of healthcare.

Methods

We developed a survey to assess institutional practices to handle situations when EHRs were unavailable for use (downtime preparedness). We used literature reviews and expert opinion to develop items that assessed the implementation of potentially useful practices. We administered the survey to U.S.-based healthcare institutions that were members of a professional organization that focused on collaboration and sharing of HIT-related best practices among its members. All members were large integrated health systems.

Results

We received responses from 50 of the 59 (84%) member institutions. Nearly all (96%) institutions reported at least one unplanned downtime (of any length) in the last 3 years and 70% had at least one unplanned downtime greater than 8 h in the last 3 years. Three institutions reported that one or more patients were injured as a result of either a planned or unplanned downtime. The majority of institutions (70–85%) had implemented a portion of the useful practices we identified, but very few practices were followed by all organizations.

Conclusions

Unexpected downtimes related to EHRs appear to be fairly common among institutions in our survey. Most institutions had only partially implemented comprehensive contingency plans to maintain safe and effective healthcare during unexpected EHRs downtimes.

Introduction

The United States of America's (USA) Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 [1] has led to increased adoption and use of health information technologies (HIT), particularly use of electronic health record systems (EHRs) [2] in previously paper-based healthcare systems. As such, healthcare processes are increasingly dependent on availability of HIT. However, HIT is not infallible and is subject to disruptions and downtimes that may threaten the continuity of operations [3] and cause adverse patient care outcomes, both of which can lead to financial and operational difficulties for healthcare organizations [4].

Over the last several years, there have been several highly publicized, widespread (i.e., affecting multiple facilities simultaneously), extended (i.e., lasting greater than 12 h) EHRs downtimes in the USA and Canada [5], [6], [7], [8], [9], [10], [11], [12]. EHRs downtimes have also been reported in China [13]. However, there is little published description of practices that institutions are using to maintain the safety and effectiveness of continuous healthcare delivery while EHRs are unavailable. Our study goal was to describe EHRs downtime practices across a variety of healthcare institutions and identify practices that could be useful for planning for and dealing with EHRs unavailability. By describing and highlighting important elements of contingency plans across a variety of EHRs-enabled healthcare systems, our goal was to provide healthcare organizations with more comprehensive information to prepare for the risks of potential operational disruptions and avoid harm to patients.

Section snippets

Survey development

Before survey development, we reviewed the existing literature and did not find any previous survey that systematically described or assessed EHRs downtime practices within healthcare organizations. Therefore, we developed a survey for the purposes of the present study. The conceptual foundation for the survey was Sittig and Singh's eight-dimension sociotechnical model of safe and effective HIT use. Although not specific to EHRs downtime, this model describes the complex interactions within

Results

We received survey responses from representatives of 50 of the 59 (84%) institutional members of the Scottsdale Institute (i.e., unit of analysis was the institutional member), although not all respondents answered all questions on the survey. Respondents were either chief information officers or other personnel directly responsible for maintaining the organization's HIT infrastructure. Most (96%) represented non-profit organizations, and 80% were affiliated with large (>600 bed) hospital

Discussion

We surveyed representatives of large integrated healthcare systems that were members of a professional organization created to share EHRs-related practices. The vast majority of these organizations were advanced EHRs users as indicated by their mean HIMSS EMRAM score of 4.6. Almost all of our respondent organizations had experienced an unplanned downtime, and most had experienced an unplanned downtime exceeding 8 h in the last 3 years. Three organizations reported patient injury had resulted

Study limitations

The major limitation of the survey was that respondents were from a relatively small number of USA-based, large, integrated, hospital-centric, healthcare delivery systems with significant experience in implementation, use, and ongoing optimization of their HIT and EHRs infrastructures. There were no small, self-contained ambulatory medical practices involved. We do not know how the survey findings on compliance with the practices identified in the survey would differ if the respondents were

Conclusion

Extended EHR-related downtimes occurred in the majority of organizations surveyed. Most institutions had only partially implemented comprehensive contingency plans to maintain safe and effective healthcare during unexpected EHRs downtimes. Preparing for these unexpected downtimes should be a part of every EHR-enabled healthcare organization's overall patient safety strategy. The best practices identified in this survey and in the SAFER Guide on Contingency Planning could help the EHR-enabled

Funding statement

Dr. Singh is partially supported by the Houston VA Health Services Research & Development Center of Innovation (CIN 13–413). The funders had no role in the design and conduct of the study; collection, management, analysis, and interpretation of the data; and preparation, review, or approval of the manuscript; and decision to submit the manuscript for publication.

Author contributions

All authors made substantial contributions to the conception or design of the work; or the acquisition, analysis, or interpretation of data for the work; and drafting the work or revising it critically for important intellectual content; and final approval of the version to be published; and agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved.

Conflict of interest

The authors have no conflicts of interest.

Summary points

What was already known on the topic

•
Reliable health information technology (HIT) in general, and electronic records (EHRs) in particular are essential to a high-performing healthcare system.
•
When the availability of EHRs are disrupted, alternative methods must be used to maintain the continuity of healthcare.

What this study added to our knowledge

•
Unexpected downtimes related to EHRs appear to be fairly common among healthcare institutions.
•

Acknowledgements

We thank Shelli Williamson, Executive Director of the Scottsdale Institute and Ricki Levitan for their help and support of our survey, as well as all the Scottsdale member organizations who participated in the survey.

References (32)

J. Lei et al.
Characteristics of health IT outage and suggested risk management strategies: an analysis of historical incident reports in China
Int. J. Med. Inform.
(February 2014)
N.C. Nelson
Downtime procedures for a clinical information system: a critical issue
J. Crit. Care
(2007)
Health and Human Services
Federal Register: HIPAA Administrative Simplification: Interim Final Rule
(October 2009)
A. Wright et al.
Early results of the meaningful use program for electronic health records
N. Engl. J. Med.
(2013)
P. Kilbridge
Computer crash – lessons from a system failure
N. Engl. J. Med.
(2003)
D.F. Sittig et al.
Legal ethical and financial dilemmas in electronic health record adoption and use
Pediatrics
(2011)
J. Merrick
‘Serious’ computer crash hits hospital trusts
Daily Mail
(July 31, 2006)
L. Rosencrance
Problems abound for Kaiser e-health records management system: an internal report details hundreds of technical issues and outages
Computer World
(November 13, 2006)
B. Brewin
August VA systems outage crippled western hospitals, clinics
Government Executive
(October 5, 2007)
NPR Staff
Anti-virus program update wreaks havoc with PCs
National Public Radio
(April 21, 2010)

C. Terhune

Patient data outage exposes risks of electronic medical records

Los Angeles Times

(August 3, 2012)

K. Robertson

Sutter electronic records system crashed

Sacram. Bus. J.

(August 2013)

E. McCann

Network glitch brings down Epic EMR

Healthcare IT News

(January 28, 2014)

G. Slade

System failure has docs, patients upset

Medicine Hat News

(June 10, 2014)

D.F. Sittig et al.

A new sociotechnical model for studying health information technology in complex adaptive healthcare systems

Qual. Saf. Health Care

(2010)

E. Belmont et al.

Emergency Preparedness Checklist for Information Technology Infrastructure and Software Applications

(2013)

Cited by (56)

Acute care disruptions due to information technology failures in the Netherlands from 2000 to 2020
2024, Health Policy and Technology
Healthcare organizations are becoming increasingly dependent on Information technology (IT) for the provision of routine services. IT failures within hospital systems can impact acute patient care, including emergency department (ED) closure operating room (OR) stops.. The aim of this study is to gain insight into the impact of hospital IT failures in the Netherlands on acute care delivery and to provide recommendations for improved IT failure preparedness and hospital resilience during such an event.
This is a systematic scoping review of major acute care disruptions in Dutch hospitals between 2000 and 2020. Incidence of etiology, duration, ED diversion, and closure of multiple locations was evaluated. IT failures were included when associated with the closure of hospital departments and/or evacuations.
Thirty-nine IT failures resulting in acute care disruption were identified. The majority occurred between 2010 and 2020 (n = 37, 95 %). Of the 39 events, 33 (85 %) were primary IT failures and were mainly caused by computer network and/or hospital software failure. Secondary events predominantly resulted from power failure. Most events (n = 36, 92 %) were resolved within minutes to hours. All events were associated with an ED closure, 27 (69 %) with an operating room (OR) stop and two (5 %) with external hospital evacuation of one or more patients. Furthermore, 17 incidents (44 %) involved multiple hospital locations, and seven (41 %) of these involved closure of multiple locations with an ED.
The impact of IT failures on acute care disruptions in the Netherlands has considerably increased since 2010. This stresses the urge to improve IT security and business continuity in today's hospitals.
Identification and classification of indicators for evaluating health information systems
2024, Health Policy and Technology
Several evaluation methods are used to determine the advantages and disadvantages of healthcare information systems and their contribution to attaining organizational goals. Despite the existence of many evaluation frameworks, there is no comprehensive set of indicators that evaluate different dimensions of information systems. This study aimed to develop a set of indicators for evaluating health information systems.
This research was conducted in three phases. First, based on a literature review of PubMed, Web of Science, Scopus, and Embase databases, studies using the health information system evaluation methods were extracted. Second, consecutive focus group meetings were held with scientific and executive experts to discuss the list of evaluation indicators extracted from the studies. In these meetings, the experts agreed on including, removing, adding, combining, and grouping the indicators. Third, the indicators were weighted using the Analytical Network Process (ANP) method, and the set of evaluation indicators was finalized.
The review of 177 relevant articles resulted in the extraction of 360 indicators. During the focus group meetings, 174 overlapping and duplicate indicators were eliminated and 61 indicators were added to the model based on experts’ suggestions. The remaining 247 indicators were classified into a four-level hierarchy. The final set consisted of 4 dimensions, 16 criteria, 47 markers, and 180 indicators.
We developed a comprehensive general set of indicators that helps researchers, designers, and developers of health information systems to evaluate different dimensions of these systems. This set can also be used to improve the design of relevant systems.
The crippling effects of a cyberattack at an academic level 1 trauma center: An orthopedic perspective
2023, Injury
Malicious cyberattacks are increasing in frequency and severity with healthcare institutions spending an average of over 10 million dollars to resolve the consequences of healthcare data breaches. This cost does not include the effect of a downtime event should a healthcare system electronic medical record (EMR) lose functionality. An Academic Level 1 trauma center suffered a cyberattack resulting in a total EMR downtime of 25 days. Orthopedic operative time was used as a surrogate for OR functionality during the event and a framework with specific examples is presented to promote rapid adaptation during downtime events.
Operative time losses were identified by calculating a running average of weekday total in room operative time during a total downtime event secondary to a cyberattack. This data was compared to week-of-the-year matched data from the year prior and the year after the attack. A framework for creating adaptations to a total downtime event was created by repeatedly interviewing different provider groups and identifying how they adjusted care to the challenges faced.
Total weekday in room operative time during the attack decreased by 53.4% ± 12.2% and 53.2% ± 14.9% when comparing the matched period one year prior and one year after, respectively. Immediate challenges to patient care were identified by small groups of highly motivated individuals, with self-assigned agile teams formed. These teams sequenced system processes, identified failure points, and created real-time solutions. A frequently updated EMR backup mirror and hospital disaster insurance were crucial for mitigating the impact of the cyberattack.
Cyberattacks are expensive and their downstream effects, including downtime events, can be crippling. Agile team formation, process sequencing, and understanding EMR backup times are tactics used to combat the challenges of a prolonged total downtime event.
Level III retrospective cohort
Cyber attack: The new challenge for healthcare facilities?
2021, Anesthesie et Reanimation
Management of a critical downtime event involving integrated electronic health record
2020, Collegian
There are few descriptions of management of unplanned hospital-wide digital downtime and impact on patient care in health literature.
The aim of this study was to undertake a qualitative review of a prolonged critical technology downtime event in an Australian hospital in 2017.
Inductive content analysis was conducted on data collected through face-to-face, semi-structured, individual interviews conducted with nine hospitals employees (five nurses with direct-care/operational responsibilities, and four executive staff, including nursing) who played a role in the incident.
Analysis of the data using an open-source R package led to the extraction of 139 codes, 13 first-level categories, and 4 main categories. Main categories extracted were: impact of event, response to the event, resilience and institutional reserve, and challenges and learnings.
The overall experience for interview participants was positive. Effective communication methods, particularly vertical communication, enabled multi-disciplinary teams (comprising nursing, medical and pharmacy personnel) to safely transition back from downtime paper records to the integrated electronic health record with no harm to patients. Participants identified teamwork contributed to a sense of comradery with clinical colleagues and executive staff. Contingency planning and training are essential for ensuring safe and effective management of technology downtime events.
The prolonged digital disruption and subsequent recovery was managed effectively using a face-to-face communication and support approach. This approach reduced the impact of the digital downtime and ensured patient safety. The data analysis strategy was enhanced using an computer-assisted qualitative data analysis software.
The effects and preventability of 2627 patient safety incidents related to health information technology failures: a retrospective analysis of 10 years of incident reporting in England and Wales
2019, The Lancet Digital Health
Citation Excerpt :
This failure to invest in IT hardware and software was clear in this analysis, with around 30% of safety incidents directly related to infrastructure failures. Despite 96% of organisations having had unplanned downtime as a result of IT failures in the past 3 years, most have only partially implemented comprehensive contingency plans to maintain safe and effective care when their IT systems are disrupted,44 despite clear best-practice guidance being available, such as the Contingency Planning SAFER Guide in the USA.45 The failure to invest in appropriate support services and develop resilient contingency plans was also evident in our study.
The use of health information technology (IT) is rapidly increasing to support improvements in the delivery of care. Although health IT is delivering huge benefits, new technology can also introduce unique risks. Despite these risks, evidence on the preventability and effects of health IT failures on patients is scarce. In our study we therefore sought to evaluate the preventability and effects of health IT failures by examining patient safety incidents in England and Wales.
We designed our study as a retrospective analysis of 10 years of incident reporting in England and Wales. We used text mining with the words “computer”, “system”, “workstation”, and “network” to explore free-text incident descriptors to identify incidents related to health IT failures following a previously described approach. We then applied an n-gram model of searching to identify contiguous sequences of words and provide spatial context. We examined incident details, recorded harm, and preventability. Standard descriptive statistics were applied. Degree of harm was identified according to standardised definitions and preventability was assessed by two independent reviewers.
We identified 2627 incidents related to health IT failures. 2557 (97%) of 2627 incidents were assessed for harm (70 incidents were excluded). 2106 (82%) of 2557 health IT failures caused no harm to patients, 331 (13%) caused low harm, 102 (4%) caused moderate harm, 14 (1%) caused severe harm, and four (<1%) contributed to the death of a patient. 1964 (75%) of 2627 incidents were deemed to be preventable.
Health IT is fundamental to the delivery of high-quality care, yet there is a poor understanding of the effects of IT failures on patient safety and whether they can be prevented. Failures are complex and involve interlinked aspects of technology, people, and the environment. Health IT failures are undoubtedly a potential source of substantial harm, but they are likely to be under-reported. Worryingly, three-quarters of IT failures are potentially preventable. There is a need to see health IT as a fundamental tenet of patient safety, develop better methods for capturing the effects of IT failures on patients, and adopt simple measures to reduce their probability and mitigate their risk.
The National Institutes of Health Research Imperial Patient Safety Translational Research Centre at Imperial College London.

View all citing articles on Scopus

^☆: The views expressed in this article are those of the authors and do not necessarily represent the views of the University of Texas, St. Luke's Health System, or Department of Veterans Affairs.

View full text

Contingency planning for electronic health record-based care continuity: A survey of recommended practices☆

Highlights

Abstract

Background

Methods

Results

Conclusions

Introduction

Section snippets

Survey development

Results

Discussion

Study limitations

Conclusion

Funding statement

Author contributions

Conflict of interest

Acknowledgements

Int. J. Med. Inform.

J. Crit. Care

Federal Register: HIPAA Administrative Simplification: Interim Final Rule

Early results of the meaningful use program for electronic health records

N. Engl. J. Med.

Computer crash – lessons from a system failure

N. Engl. J. Med.

Legal ethical and financial dilemmas in electronic health record adoption and use

Pediatrics

‘Serious’ computer crash hits hospital trusts

Daily Mail

Problems abound for Kaiser e-health records management system: an internal report details hundreds of technical issues and outages

Computer World

August VA systems outage crippled western hospitals, clinics

Government Executive

Anti-virus program update wreaks havoc with PCs

National Public Radio

Patient data outage exposes risks of electronic medical records

Los Angeles Times

Sutter electronic records system crashed

Sacram. Bus. J.

Network glitch brings down Epic EMR

Healthcare IT News

System failure has docs, patients upset

Medicine Hat News

A new sociotechnical model for studying health information technology in complex adaptive healthcare systems

Qual. Saf. Health Care

Emergency Preparedness Checklist for Information Technology Infrastructure and Software Applications