IN MAY 2016, the Office of the National Coordinator for Health IT (ONC) published ONC Data Brief 35, which reported that 96 percent of US non-federal acute care hospitals were in possession of a certified electronic health record (EHR) system.1 Two months later, in July 2016, the Office of Inspector General (OIG) issued a report on its study regarding contingency plans for EHRs. OIG surveyed 400 hospitals that had received Medicare incentive payments for a certified EHR as of September 2014.2

The hospitals were asked about written EHR contingency plans in relation to the following four HIPAA requirements:

* Data backup plan

* Disaster recovery plan

* Emergency-mode operations plan

* Testing and revision procedures

Nearly all hospitals reported having written EHR contingency plans, and about two-thirds of those plans addressed the four HIPAA requirements reviewed. Over half the surveyed hospitals reported unplanned downtimes, a quarter of which resulted in patient care delays.

In this article, three health information management (HIM) leaders offer lessons learned during EHR downtime as part of a virtual roundtable, conducted to share experiences and best practices for managing unplanned or extended downtime. The discussion was moderated by Debra Primeau, MA, RHIA, FAHIMA, president of Primeau Consulting Group.

Primeau: What was the reason for your most recent downtime? How long did it last?

Maria Castillo, RHIA, CDIP, CCS, CCS-P, health information management director/privacy officer, Redlands Community Hospital (RCH), based in Redlands, CA: RCH is a 229-bed community-based not-for-profit acute care hospital. Annually, we average 14,000 discharges, 7,000 surgeries, 53,000 emergency visits, and 50,000 clinic encounters.

Our transcription service vendor fell subject to a cyberattack on June 27, 2017, rendering dictation and transcription services completely nonfunctional and inaccessible. One month later [on] July 28, the vendor reactivated our servers and recovered all untranscribed dictations. Within four days, the vendor completed the transcription of reports that had been dictated prior to the date of the attack.

Stephen Giles, MBA, chief information officer, Hollywood Presbyterian Medical Center (HPMC), based in Los Angeles, CA: HPMC is a 424-bed facility averaging approximately 12,000 annual admissions. Recently, HPMC's system was down for 36 hours with the exception of...