Match the “Examples of Potentially Useful Practices/Scenarios”on the left with the “Contingency Planning SAFER Guide RecommendedPractice” on the right. (Each example matches with only onerecommendation, and every recommendation has either one or twoexamples.)
_A large healthcare organization that provides care 24hours per day has a remotely located (i.e., >50 miles away and>20 miles from the coastline) “warm-site” (i.e., a site withcurrent patient data that can be activated in less than 8 hours)backup facility that can run the entire EHR.
_The organization maintains a redundant path to theInternet consisting of two different cables, in different trenches(a microwave or other form of wireless connection is alsoacceptable), provided by two different Internetproviders.
_In the event of a power failure, there is anuninterruptible power supply (UPS), either batteries or a“flywheel,” capable of providing instantaneous power to maintainthe EHR for at least 10 minutes
_The on-site, backup electrical generator is able tomaintain EHR functions critical to the organization’s operation(e.g., results review, order entry, clinicaldocumentation).
_The organization maintains enough paper forms to carefor patients on an in-patient unit for at least 8 hours. Paperforms could include those required to enter orders and document theadministration of medications, labs, and radiology on eachunit.
_The organization has a daily, off-site, complete,encrypted backup of patient data.
_The organization has a “read-only” backup EHR systemthat is updated frequently (optimally at leasthourly).
_There is a mechanism in place to register new patientsduring downtime, including assignment of unique temporary patientrecord numbers along with a process for reconciling these newpatient IDs once the EHR comes back online.
_The organization conducts unannounced EHR “downtimedrills” at least once a year.
_The organization has methods other than electronic(i.e., not email, Twitter, voice-over-IP) to notify keyorganizational administrators and clinicians about times when theEHR is down (either planned or unplanned).
_A paper copy of the current EHR downtime and recoverypolicy is available on clinical units.
_Access to the “read-only” backup EHR is disabled (e.g.,icons on the computer screens are “greyed out” or not available)during periods of normal EHR operations.
_The user interface of the read-only backup EHR systemis visibly different than the fully operational system (e.g., thereis a different background color for screens, a watermark acrossscreens, data entry fields are greyed out).
_The organization conducts simulated phishing attacks[i.e., sends fraudulent (but safe) email messages or websites thatappear to be from legitimate sources] to raise user’s awareness ofthe problem.
_The organization regularly monitors and reports onsystem downtime events.
_The organization creates easy mechanisms for users toreport slow system response time to the IT Helpdesk.
_The organization convenes a multi-disciplinary group ofclinicians and IT professionals to review the >24 hours downtimeevent and its management, identify potential root causes, anddiscuss future prevention or mitigating procedures.
A.) A communication strategy that does not rely on thecomputing infrastructure exists for downtime and recoveryperiods
B.) An electric generator and sufficient fuel areavailable to support the EHR during an extended poweroutage
C.) Written policies and procedures on EHR downtimes andrecovery processes ensure continuity of operations with regard tosafe patient care and critical business operations
D.) Patient data and software application configurationscritical to the organization’s operations are backedup
E.) Functional system downtimes (i.e., unacceptably slowresponse time) are identified and addressedproactively.
F.) The user interface of the locally maintained backup,read-only EHR system is clearly differentiated from thelive/production EHR system
G.) Policies and procedures are in place to ensureaccurate patient identification when preparing for, during, andafter downtimes
H.) Hardware that runs applications critical to theorganization’s operation is duplicated
I.) Staff are trained and tested on downtime andrecovery procedures
J.) There is a comprehensive testing and monitoringstrategy in place to prevent and manage EHR downtimeevents.
K.) Users are trained on ransomware preventionstrategies including how to identify malicious emails.
L.) Paper forms are available to replace key EHRfunctions during downtimes
M.) Review unexpected extended system downtimes greaterthan 24 hours using root-cause analysis or similarapproaches.
