By Christine Kern, contributing writer
One quarter of healthcare institutions with EHR disruptions also saw delayed patient care as a result.
Over half (59 percent) of U.S. hospitals surveyed reported unplanned EHR outages, with one quarter of reporting delays in patient care as a result according to findings from a report issued by the Health and Human Services (HHS) Office of the Inspector General (OIG).
The survey revealed most EHR outages were caused by hardware malfunctions, followed by internet connectivity problems, power failures, and natural disasters. Perhaps surprisingly, hacking or breaches accounted for only 1 percent of outages.
ONC has been pushing for universal EHR adoption and the move to interoperability, and a report found 96 percent of all non-federal acute care hospitals were already using a certified EHR in 2015. Yet, despite the adoption rates, a 2014 AmericanEHR Partners’ survey found more than half (53 percent) of those surveyed reported their EHR was difficult or very difficult to use.
The study surveyed 400 hospitals receiving Medicare incentive payments for using a certified EHR system as of September 2014 and found almost all hospitals that received a Medicare incentive payment for using certified EHRs reporting having an EHR contingency plan in place as required by HIPAA and two-thirds address all four HIPAA requirements reviewed by OIG.
The poll also found hospitals were generally implementing a number of ONC and NIST recommended practices for EHR contingency plans. Among the most commonly implemented practices were using paper records for backup and providing alternative power sources like generators, reported by 90-100 percent of all hospitals.
“Persistent and evolving threats to electronic health information reinforce the need for EHR contingency plans. Since we administered this review’s hospital questionnaire in 2015, awareness of cybersecurity threats to health information technology has grown,” the OIG report stated. “Disruptions from these and other threats can present significant safety risks to patients. Contingency plans are crucial because they are designed to minimize the occurrence and effects of such disruptions.”
OIG had previously recommended the implementation of a permanent audit program to assess HIPAA compliance in this regard, with recent events serving to underscore the importance of such a program. The report stated, “This review and cyberattacks that have occurred since 2014 underscore our previous recommendation that OCR fully implement a permanent audit program for compliance with HIPAA.”