Electronic Health Records and Downtime Procedures
Topic Collection
April 14, 2025
Topic Collection: Electronic Health Records and Downtime Procedures
Patient data is as voluminous as it is vital. Recent cyber-attacks, disasters, and public health emergencies have highlighted the need for patient data to be protected and accessible by emergency medical providers. Most health care facilities use electronic health records (EHR) to store patient health history and other data. There are multiple Health Information Technology/EHR software programs available, making interoperability a challenge. Recent lessons learned highlight both the utility of these programs and the challenges and risks associated with data collection, access, quality, and transfer capabilities. The resources in this Topic Collection include guidance and lessons learned specific to EHR. While ASPR TRACIE strives to share the most current resources in our Collections, some of those included herein are considered “classics” by our cadre of subject matter experts.
Access the following ASPR TRACIE Topic Collections for additional, related information: Communication System; Cybersecurity; Information Sharing; and Virtual Medical Care.
Each resource in this Topic Collection is placed into one or more of the following categories (click on the category name to be taken directly to that set of resources). Resources marked with an asterisk (*) appear in more than one category.
Must Reads
Academic Medical Center Patient Safety Organization (AMC PSO) EHR Downtime Task Force. (2017).
Patient Safety Guidance for Electronic Health Record Downtime: Recommendations of the Electronic Health Record Downtime Task Force.
These evidence and consensus-based guidelines are based on actual incidents as cited by clinical providers that impacted clinical care and recommend practices to protect patient safety during electronic health record (EHR) downtime. Recommendations include having a downtime plan, running EHR downtime drills, training staff, and establishing a communication triage procedure. It considers different clinical areas for specific considerations, such as pharmacy, lab, the blood bank, and radiology. It covers safety event reporting and response, and strategies for system restoration.
Login to favorite or comment on the article
Favorite:
Comments
0
Toggle Open/Close
You must Login to add a comment
- This item doesn't have any comments
American Medical Association. (2017).
Guidelines for Developing EHR Downtime Procedures.
This document provides a list of considerations that planners can use as guidance when developing or improving information technology and electronic health record (EHR) downtime procedures. It describes six categories of considerations: communication, patient visits, documentation, bills/payments, prescription management, and orders/results/referrals. The list can act as a checklist for ensuring that the EHR downtime procedure is comprehensive.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
HealthIT.gov. (2019).
Health IT Privacy and Security Resources for Providers.
The Office of the National Coordinator for Health Information Technology.
This website contains links to many IT-related resources for health care providers, including tools and templates, education and training for health care providers and staff, communications with patients about health information privacy and security, and HIPAA guidance.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
HealthIT.gov. (2023).
SAFER Guides.
Office of the National Coordinator for Health Information Technology.
These nine Safety Assurance Factors for EHR Resilience (SAFER) Guides are organized into three categories: foundational guides, infrastructure guides, and clinical process guides. Team members can use these guides as templates, save them, and share them with others to “optimize the safety and safe use of EHRs.”
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Institute for Safe Medication Practices (ISMP). (2022).
Emergency Preparedness: Be Ready for Unanticipated Electronic Health Record (EHR) Downtime.
ISMP Medication Safety Alert: Acute Care. 27(17):1-5.
This article examines the importance of planning for electronic health record (EHR) downtime and provides two examples of errors that could occur and compromise patient safety. It is recommended that hospital systems assess their risk, select an EHR downtime response team, identify on-call leaders, and develop an emergency readiness binder.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Lyon, R., Jones, A., Burke, R., et al. (2023).
What Goes Up, Must Come Down: A State-of-the-Art Electronic Health Record Downtime and Uptime Procedure in a Metropolitan Health Setting.
Applied Clinical Informatics. 14(3):513-520.
The authors standardized a district-wide downtime procedure and implemented it during an eight-hour downtime. Data recovery was successful with the new procedure, and staff feedback showed 24 areas of possible improvement, including resource allocation, downtime artifacts, downtime support, and communication about when to begin downtime and uptime procedures.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Massachusetts General Hospital Center for Disaster Medicine. (2018).
Hospital Preparedness for Unplanned Information Technology Downtime Events: A Toolkit for Planning and Response.
This resource can assist hospitals and other healthcare organizations with improving their readiness for unplanned IT downtime events. It discusses planning approaches, and key considerations for these types of events.
Login to favorite or comment on the article
Favorite:
1
You must Login to add a comment
- This item doesn't have any comments
Minghella, L. (2013).
Be Prepared: Lessons from an Extended Outage of a Hospital's EHR System.
The author shares her experience losing access to her facility's electronic health record system for ten days following a power outage.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Office of Information Security. (2023).
Electronic Medical Records Still a Top Target for Cyber Threat Actors.
U.S. Department of Health and Human Services.
This presentation highlights that electronic medical records (EMRs) are still a target for cyber attackers, the top data breaches of 2022, profiles of harmful cyber-attack organizations, and the future of EMRs including robotic process automation, internet of things for health, voice recognition, and the blockchain and electronic health records. Finally, it covers protecting the health sector with the Zero Trust Model, cybersecurity best practices, and quickly detecting intrusion to ensure resilience.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Sittig, D., Gonzalex, D., and Singh, H. (2014).
Contingency Planning for Electronic Health Record-Based Care Continuity: A Survey of Recommended Practices.
(Abstract only.) International Journal of Medical Informatics. 83(11):797-804.
The authors surveyed close to 60 U.S. health care institutions to understand their practices when their electronic health records (EHR) were unavailable. They found that 96% of institutions had had unexpected downtime in the last three years, and 70% had downtime lasting more than eight hours in the last three years. The authors conclude that downtime events are common and that most institutions did not implement comprehensive contingency plans. The authors recommend institutions incorporate the recommendations published in the SAFER Guides to minimize the effect of EHR downtime.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
U.S. Department of Health and Human Services, 405(d). (2021).
405(d) Program Presents: A Case Study of “Cancer Care in the Wake of a Cyber Attack".
The presenters provide a case study of a medical center’s actions after a ransomware attack, introducing several federal agency leaders in cybersecurity, and a discussion and Q&A on the topic. They discuss protectively taking the electronic medical record offline resulting in loss of access to laboratory, pathology, pharmacy, and radiology information but containing the damage.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Guidance
Academic Medical Center Patient Safety Organization (AMC PSO) EHR Downtime Task Force. (2017).
Patient Safety Guidance for Electronic Health Record Downtime: Recommendations of the Electronic Health Record Downtime Task Force.
These evidence and consensus-based guidelines are based on actual incidents as cited by clinical providers that impacted clinical care and recommend practices to protect patient safety during electronic health record (EHR) downtime. Recommendations include having a downtime plan, running EHR downtime drills, training staff, and establishing a communication triage procedure. It considers different clinical areas for specific considerations, such as pharmacy, lab, the blood bank, and radiology. It covers safety event reporting and response, and strategies for system restoration.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Aguirre, R., Suarez, O., and Adler, J. (2019).
Electronic Health Record Implementation: A Review of Resources and Tools.
Cureus. 11(9):e5649.
The authors of this article provide information on how to implement an EHR, including information on resources and tools, relevant case studies, testing the EHR, risks, recovery plans, and training strategies.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
American Medical Association. (2017).
Guidelines for Developing EHR Downtime Procedures.
This document provides a list of considerations that planners can use as guidance when developing or improving information technology and electronic health record (EHR) downtime procedures. It describes six categories of considerations: communication, patient visits, documentation, bills/payments, prescription management, and orders/results/referrals. The list can act as a checklist for ensuring that the EHR downtime procedure is comprehensive.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Bookman, K. and Zane, R. (2013).
Expedited Electronic Entry: A New Way to Manage Mass-Casualty Radiology Order Workflow.
(Abstract only.) Prehospital Disaster Medicine. 28(4): 391-392.
After a mass casualty incident (MCI), a task force was formed to review delays in radiology orders. They created a “browse page” that listed every type of x-ray and CT scan that might be needed in a similar event (and all required information was to "Disaster”). Tools like this can save time and hasten patient care in MCI and surge scenarios.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Bouri, N. and Ravi, S. (2014).
Going Mobile: How Mobile Personal Health Records Can Improve Health Care During Emergencies.
Journal of Medical Internet Research-mHealth. 2(1):e8.
This article describes personal health records (PHRs) and their utility in disaster situations. It contrasts the instant availability of PHRs against the electronic medical record/health records that require 3rd party (provider) routing.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Classen, D., Longhurst, C., Davis, T. (2023).
Inpatient EHR User Experience and Hospital EHR Safety Performance.
JAMA Network Open. 6(9):e2333152.
The authors conducted a cross-sectional study to understand how health care workers’ perceived usability (i.e.,” the effectiveness, efficiency, and satisfaction with which specified users achieve specified goals in particular environments”) of electronic health record (EHR) systems impacts hospital safety performance of the EHR. They found a positive association between the two variables and, with the strongest relationships involving integration, functionality, efficiency, time, and ease of learning the system. The authors suggest that involving users in the development and upgrades to EHR programs.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Gecomo, J., Klopp, A., and Rouse, M. (2023).
Implementation of an Evidence-Based Electronic Health Record (EHR) Downtime Readiness and Recovery Plan.
Healthcare Information and Management Systems Society (HIMSS).
The authors present an evidence-based initiative to develop an electronic health record (EHR) downtime plan and recovery toolkit for a Houston hospital to improve nurses’ readiness for unscheduled EHR downtime. Results indicated that nurse knowledge and readiness improved, with EHR “Badge Buddies” (laminated ”cheat-sheets” that hang from nurse’s name badges), the EHR algorithm, and increased collaboration with nursing unit leaders contributing to successful outcomes.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Goar, E. (2017).
The Price of EHR Downtime.
For The Record. 29(11):24.
The author discusses how to estimate the hourly cost of an electronic health record (EHR) downtime for a health care organization. The author also covers how to mitigate the impact of EHR downtime and the vendor’s role.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
HealthIT.gov. (2023).
SAFER Guides.
Office of the National Coordinator for Health Information Technology.
These nine Safety Assurance Factors for EHR Resilience (SAFER) Guides are organized into three categories: foundational guides, infrastructure guides, and clinical process guides. Team members can use these guides as templates, save them, and share them with others to “optimize the safety and safe use of EHRs.”
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Institute for Safe Medication Practices (ISMP). (2022).
Emergency Preparedness: Be Ready for Unanticipated Electronic Health Record (EHR) Downtime.
ISMP Medication Safety Alert: Acute Care. 27(17):1-5.
This article examines the importance of planning for electronic health record (EHR) downtime and provides two examples of errors that could occur and compromise patient safety. It is recommended that hospital systems assess their risk, select an EHR downtime response team, identify on-call leaders, and develop an emergency readiness binder.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Larsen, E., Fong, A., Wernz, C., et al. (2018).
Implications of Electronic Health Record Downtime: An Analysis of Patient Safety Event Reports.
Journal of the American Medical Informatics Association. 25(2):187-191.
The authors reviewed over 80,000 patient safety event reports and identified 76 associated with EHR downtime. They found that 48% of those were associated with lab results, while 14% were associated with medications. For 46% of events, there were no downtime procedures, or the procedure was not followed. They concluded that areas of risk during downtime included patient identification and clinical information communication, which should be planned for during contingency preparation.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Larsen, E., Hoffman, D., Rivera, C., et al. (2019).
Continuing Patient Care during Electronic Health Record Downtime.
Applied Clinical Informatics. 10(3):495-504.
This article used quantitative analysis and seventeen interviews with hospital staff at two mid-Atlantic health care facilities to understand the impact of electronic health record (EHR) downtime on the clinical laboratory. In addition to results “delayed by an average of 62% compared with normal operation,” the authors note that research and contingency planning for EHR downtime can be complicated by the difficulty of collecting data during downtime and provide suggestions for improving downtime management.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Larsen, E., Rao, A., and Sasangohar, F. (2020).
Understanding the Scope of Downtime Threats: A Scoping Review of Downtime-Focused Literature and News Media.
Health Informatics Journal. 26(4):2660-2672.
The authors reviewed technical news media to provide a foundational perspective on electronic health record downtime readiness. They found that between 2012 and 2018, 166 hospitals in the U.S. experienced downtime events and 48.8% of downtime events involved some kind of cyber-attack. The authors propose a bottom-up approach, where clinical staff are involved in the downtime response, and recommend more support for development of contingency plans.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Lyon, R., Jones, A., Burke, R., et al. (2023).
What Goes Up, Must Come Down: A State-of-the-Art Electronic Health Record Downtime and Uptime Procedure in a Metropolitan Health Setting.
Applied Clinical Informatics. 14(3):513-520.
The authors standardized a district-wide downtime procedure and implemented it during an eight-hour downtime. Data recovery was successful with the new procedure, and staff feedback showed 24 areas of possible improvement, including resource allocation, downtime artifacts, downtime support, and communication about when to begin downtime and uptime procedures.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
National Cybersecurity Center of Excellence. (n.d.).
Electronic Health Records on Mobile Devices.
(Accessed 12/12/2023.) National Institute of Standards and Technology.
This website contains information for health care providers responsible for securely documenting patient records on mobile devices. It includes a link to the 2018 NIST Cybersecurity Practice Guide, SP 1800-1, Securing Electronic Health Records on Mobile Devices (which includes information on best practices, how-to guides, and risk assessment tools). A form to join a Community of Interest is also available, which connects professionals and advisors to each other around the topic of cybersecurity for EHRs and mobile devices.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Office of Information Security. (2022).
Electronic Medical Records in Healthcare.
U.S. Department of Health and Human Services.
These slides provide information on electronic medical records and their use in health care, why they are valuable to cyber attackers, the top threats to health records, the costs of data breaches, and how to protect health record data.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Safety Assurance Factors for EHR Resilience (SAFER). (2014).
SAFER Guides for EHRs Video.
Office of the National Coordinator for Health Information Technology.
This video introduces the SAFER guides, which aim to assist health care organizations in optimizing their electronic health records. The checklists introduced include topics such as high priority practices, organizational responsibilities, contingency planning, system configuration, among other areas.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Sahi, A., Lai, D., and Li, Y. (2016).
Security and Privacy Preserving Approaches in the eHealth Clouds with Disaster Recovery Plan.
(Abstract only.) Computers in Biology and Medicine. 1(78): 1-8.
With cloud computing being used to help store and handle large amounts of data, it is important to be aware of threats to security and privacy preservation. The authors review studies and propose and discuss two approaches to healthcare cloud data management: the Security-Preserving approach and the Privacy-Preserving approach.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Scheid, D., Yeaman, B., Nagykaldi, Z., and Mold, J. (2013).
Regional Health eDecisions: A Guide to Connecting Health Information Exchange in Primary Care.
Agency for Healthcare Research and Quality.
While not disaster- or emergency-specific, this guide can help healthcare coalitions and healthcare providers and facilities learn more about the role of electronic health records systems in local health information exchanges (HIE).
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Sittig, D., Gonzalex, D., and Singh, H. (2014).
Contingency Planning for Electronic Health Record-Based Care Continuity: A Survey of Recommended Practices.
(Abstract only.) International Journal of Medical Informatics. 83(11):797-804.
The authors surveyed close to 60 U.S. health care institutions to understand their practices when their electronic health records (EHR) were unavailable. They found that 96% of institutions had had unexpected downtime in the last three years, and 70% had downtime lasting more than eight hours in the last three years. The authors conclude that downtime events are common and that most institutions did not implement comprehensive contingency plans. The authors recommend institutions incorporate the recommendations published in the SAFER Guides to minimize the effect of EHR downtime.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
The Office of the National Coordinator for Health Information Technology. (2017).
Section 4: Opioid Epidemic & Health IT.
Health IT Playbook.
This section of the playbook explains how healthcare providers can use health information technology solutions (including electronic health records) to address the opioid epidemic. Links to other helpful tools and resources are also provided.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
U.S. Department of Health and Human Services 405(d). (n.d.).
Have You Heard About Protecting Electronic Health Records?
(Accessed 12/12/2023.)
This factsheet highlights capabilities of electronic health records (EHRs), the importance of safeguarding protected health information when using them, and statistics associated with EHR use. The second page contains links to resources from HHS 405(d), from the Centers for Medicare & Medicaid Services, the Office of the National Coordinator for Health Information Technology, and the Office of Civil Rights that can help health care facilities mitigate cyber threats.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Walsh, J., Borycki, E., and Kushniruk, A. (2019).
Strategies in Electronic Medical Record Downtime Planning: A Scoping Study.
(Abstract only.) Studies in Health Technology and Informatics. 257:449-454.
The authors reviewed the literature and identified four strategies to incorporate into downtime planning: communications planning, procedure review and revision, system availability, and preparing staff for downtime incidents. They emphasize the importance of developing downtime plans that include these strategies to maintain patient care and operations during downtime.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Wernz, C. (2018).
Evidence-Based Contingency Planning for Electronic Health Record Downtime.
Agency for Healthcare Research and Quality Digital Healthcare Research.
The author created a discrete-event simulation to understand how two hospitals were impacted by electronic health record downtime in the lab and the emergency department. Downtime risks identified included delayed care, increased medical errors, and disrupted communication. Recommendations for minimizing impact include increasing staffing to compensate for downtime, having emergency planners compare downtime and uptime to develop contingency plans and improve care during these events.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Wretborn, J., Ekelund, U., and Wilhelm, D. (2019).
Emergency Department Workload and Crowding During a Major Electronic Health Record Breakdown.
Frontiers in Public Health. 7:267.
The authors studied the effects of a 96-hour period of electronic health record downtime on workload, occupancy, length of stay, and admissions at three emergency departments (a regional trauma center, a community hospital, and a rural community hospital). The authors found that downtime increased staff workload and had variable impact on crowding in emergency departments; they emphasized the need for more/similar research to enable emergency departments to plan for similar events.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Lessons Learned: Earthquakes
Bambrick, A., Passman, D., Torman, R., et al. (2014).
Optimizing the Use of Chief Complaint & Diagnosis for Operational Decision Making: An EMR Case Study of the 2010 Haiti Earthquake.
PLoS Currents.
After the 2010 Haiti earthquake, the U.S. Department of Health and Human Services used an Electronic Medical Record (EMR) system to support healthcare decision-making and report patient encounters. The authors share lessons learned, including the need to improve the EMR diagnosis categorization process since close to half of the records were missing medical data.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Levey, G., Blumberg, N., Kreiss, Y., et al. (2010).
Application of Information Technology Within a Field Hospital Deployment Following the January 2010 Haiti Earthquake Disaster.
Journal of the American Medical Informatics Association. 17(6): 626-630.
This article explains how the Israel Defense Force Medical Corps set up a field hospital after the 2010 Haiti earthquake, complete with information technology that included electronic medical records (EMR). The authors share their positive experiences with the EMR and encourage the incorporation of similar field-based systems in disaster response plans.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Lessons Learned: General
Dave, K., Boorman, R., and Walker, R. (2020).
Management of a Critical Downtime Event Involving Integrated Electronic Health Record.
Collegian. 27(5):542-552.
The authors conducted semi-structured interviews to understand how unplanned downtime impacted patient care in an Australian hospital. They found that effective communication was key to safely transition from paper records back to electronic health records. Teamwork, contingency planning, and trainings were also important.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Heisey-Grove, D., Chaput, D., and Daniel, J. (2015).
Hospital Reporting on Meaningful Use Public Health Measures in 2014.
U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology.
The authors share how hospitals reported data (immunizations, emergency department visits, and infectious disease laboratory results) as it related to the Centers for Medicare and Medicaid Services' Electronic Health Record (EHR) Incentive Program. While not disaster-specific, the findings can be used to determine readiness and integration and identify gaps in EHR planning.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Landman, A., Teich, J., Pruitt, P., et al. (2015).
The Boston Marathon Bombings Mass Casualty Incident: One Emergency Department’s Information Systems Challenges and Opportunities.
Annals of Emergency Medicine. 66(1): 51-59.
The authors share findings from post-incident briefing that included challenges with “unidentified patient naming convention, real-time situational awareness of patient location, and documentation of assessments, orders, and procedures.” To address these lessons learned, they updated select systems and clarified roles and responsibilities for maintaining electronic systems.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Larsen, E., Fong, A., Wernz, C., et al. (2018).
Implications of Electronic Health Record Downtime: An Analysis of Patient Safety Event Reports.
Journal of the American Medical Informatics Association. 25(2):187-191.
The authors reviewed over 80,000 patient safety event reports and identified 76 associated with EHR downtime. They found that 48% of those were associated with lab results, while 14% were associated with medications. For 46% of events, there were no downtime procedures, or the procedure was not followed. They concluded that areas of risk during downtime included patient identification and clinical information communication, which should be planned for during contingency preparation.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Larsen, E., Hoffman, D., Rivera, C., et al. (2019).
Continuing Patient Care during Electronic Health Record Downtime.
Applied Clinical Informatics. 10(3):495-504.
This article used quantitative analysis and seventeen interviews with hospital staff at two mid-Atlantic health care facilities to understand the impact of electronic health record (EHR) downtime on the clinical laboratory. In addition to results “delayed by an average of 62% compared with normal operation,” the authors note that research and contingency planning for EHR downtime can be complicated by the difficulty of collecting data during downtime and provide suggestions for improving downtime management.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Lokmic-Tomkins, Z., Bhandari, D., Bain, C., et al. (2023).
Lessons Learned from Natural Disasters around Digital Health Technologies and Delivering Quality Healthcare.
International Journal of Environmental Research and Public Health. 20(5):4542.
In the context of climate change and increases in weather-related disasters, electronic health records (EHRs) are an important component of a resilient health care system when reaching underserved or remote areas. The authors cover lessons learned globally in EHR (e.g., use cloud-based systems to facilitate continuity of operations), telehealth and telemedicine, electronic prescribing and referrals, mobile health, artificial intelligence and machine learning in health care, the internet of things for health (e.g., monitoring devices) and robotics.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Lyon, R., Jones, A., Burke, R., et al. (2023).
What Goes Up, Must Come Down: A State-of-the-Art Electronic Health Record Downtime and Uptime Procedure in a Metropolitan Health Setting.
Applied Clinical Informatics. 14(3):513-520.
The authors standardized a district-wide downtime procedure and implemented it during an eight-hour downtime. Data recovery was successful with the new procedure, and staff feedback showed 24 areas of possible improvement, including resource allocation, downtime artifacts, downtime support, and communication about when to begin downtime and uptime procedures.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Simpson, C. and Novak, L. (2013).
Place Matters: The Problems and Possibilities of Spatial Data in Electronic Health Records.
AMIA Annual Symposium Proceedings.
The authors discuss how linking electronic health record data could have helped healthcare providers identify at-risk patients after the Middle Tennessee Flood of 2010. They emphasize that geocoding patient addresses can be combined with other data to help produce “actionable alerts, reminders and other events for clinical decision support, care coordination and outreach.”
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
U.S. Department of Health and Human Services. (2016).
Hospitals Largely Reported Addressing Requirements for EHR Contingency Plans.
Office of the Inspector General.
This report details findings from a questionnaire sent to 400 hospitals that are reimbursed for using a certified electronic health records (EHR) system. Nearly all respondents reported having contingency plans for their EHR systems, but the authors emphasize the need for the Office of Civil Rights to implement a related, consistent audit program.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
*
Wretborn, J., Ekelund, U., and Wilhelm, D. (2019).
Emergency Department Workload and Crowding During a Major Electronic Health Record Breakdown.
Frontiers in Public Health. 7:267.
The authors studied the effects of a 96-hour period of electronic health record downtime on workload, occupancy, length of stay, and admissions at three emergency departments (a regional trauma center, a community hospital, and a rural community hospital). The authors found that downtime increased staff workload and had variable impact on crowding in emergency departments; they emphasized the need for more/similar research to enable emergency departments to plan for similar events.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Lessons Learned: Hurricanes
DeSalvo, K. and Petrin, C. (2017).
From Katrina to Wildfires: Leveraging Technology in Disaster Response.
Health Affairs Blog.
Healthcare planners can learn more about how incorporating electronic health records (EHR) and other lessons learned from recent disasters bolstered the medical responses to Hurricane Harvey and the California wildfires. The authors share lessons learned from Hurricane Katrina (particularly from the Veteran’s Administration, which used EHR at the time); describe the role of the Health Information Technology for Economic and Clinical Health Act; and share how tools such as EmPOWER serve vulnerable populations before, during, and after disasters.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Genes, N., Chary, M., and Chason K. (2013).
An Academic Medical Center's Response to Widespread Computer Failure.
American Journal of Disaster Medicine. 8(2):145-50.
The authors describe the disruption of the computer systems at Mount Sinai Medical Center in New York City on a single day, the hospital's response to the event, and subsequent modifications to emergency plans incorporating lessons learned. They found that departments that utilized a combination of electronic and paper systems were impacted less than the Emergency Department, which was completely reliant on electronic medical records.
Login to favorite or comment on the article
Favorite:
2
You must Login to add a comment
- This item doesn't have any comments
Sebek, K., Jacobson, L., and Wang, J. (2014).
Assessing Capacity and Disease Burden in a Virtual Network of New York City Primary Care Providers Following Hurricane Sandy.
Journal of Urban Health. 91(4): 615-622.
The Primary Care Information Project (PCIP) at the New York City Department of Health and Mental Hygiene worked with local clinicians to establish an electronic data system, and the authors reviewed PCIP-generated data sets to assess the impact of Hurricane Sandy. The authors discuss findings, including the strengths and challenges associated with using electronic health records in post-disaster settings.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Lessons Learned: Infectious Disease
Jin, D., Samuel, S., Bowden, K., et al. (2022).
Just-in-Time Electronic Health Record Retraining to Support Clinician Redeployment during the COVID-19 Surge.
(Abstract only.) Applied Clinical Informatics. 13(5):949-955.
The authors describe how the surge in ICU care during the COVID-19 pandemic required rapid electronic health record (EHR) training for clinicians retrained as ICU clinicians and redeployed during the pandemic. The study deployed clinical informatics fellows as trainers; post-training survey findings indicated increased comfort and perceived levels of preparedness to use EHRs in an ICU setting, thus “conserving physician resources.”
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Kurtzman, L. (2017).
UCSF Innovators Use EHRs to Track Hospital-Acquired Infection.
This article summarizes a study that used electronic health records (EHR) to track patient movement and the odds of C. diff infection resulting from exposure. EHR allowed the researchers to note patient locations outside of their hospital rooms (e.g., CT scanners in the emergency department) which contributed to the study’s robust methodology and results.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Oza, S., Jazayeri, D., Teich, J., et al. (2017).
Development and Deployment of the OpenMRS-Ebola Electronic Health Record System for an Ebola Treatment Center in Sierra Leone.
Journal of Medical Internet Research. 19(8): e294.
The authors share their experiences and lessons learned from developing “OpenMRS-Ebola,” an EHR system for the Kerry Town (Sierre Leone) Ebola Treatment Center.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Pryor, R., Atkinson, C., Cooper, K., et al. (2020).
The Electronic Medical Record and COVID-19: Is It Up to the Challenge?
American Journal of Infection Control. 48(8):966-967.
The authors highlight the barriers electronic health records posed to infection preventionists during the COVID-19 pandemic (e.g., rapidly notifying COVID-19 positive patients, tracking cases tested at an outside facility, and automatic isolation orders). They emphasize the importance of being nimble in similar situations as they change frequently and encourage infection preventionists to work closely with IT staff to maximize EHR capabilities.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Upadhyay, D., Sittig, D., and Singh, H. (2014).
Ebola US Patient Zero: Lessons on Misdiagnosis and Effective Use of Electronic Health Records.
Diagnosis. 1(4): 283.
The authors share their hypothesis regarding the treating physician’s notes from the primary encounter with the first-ever travel-associate case of Ebola in U.S. history and highlight how language and symptom description were likely chosen from pre-scripted options in the electronic health record (EHR) system, contributing to a missed diagnosis. They explain the ripple effects of diagnostic errors made in EHRs and suggest related reforms in policy and practice.
Login to favorite or comment on the article
Favorite:
1
You must Login to add a comment
- This item doesn't have any comments
Lessons Learned: Information Technology Failure/Cyberattack
Dameff, C., Tully, J., and Chan, T. (2023).
Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US.
JAMA Network Open. 6(5):e2312270.
The authors examined patient volume and stroke metrics in an emergency department while a nearby, but separate facility experienced a month-long ransomware attack. They found that hospitals adjacent to health care facilities impacted by ransomware attacks may experience increases in patient census and impacts to time-sensitive care for conditions such as stroke. The authors conclude that ransomware attacks “should be considered a regional disaster” because of these impacts to neighboring hospitals.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Goodwin, A., Wilburn, C., Wojewoda, C., et al. (2022).
Anatomy of a Cyberattack: Part 2: Managing a Clinical Pathology Laboratory During 25 Days of Downtime.
(Abstract only.) American Journal of Clinical Pathology. 157(5):653-663.
The authors described how their academic health care facility experienced a cyber attack which “led to a complete shutdown of major patient care, operational and communication systems” and the electronic health record, lab information, pharmacy, scheduling, billing, coding, and other systems. While these were incapacitated, the lab facilitated operations with manual interventions for specimen testing, hired additional staff, and used different communication modalities for patient care to mitigate the effects of the unplanned downtime.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Larsen, E., Rao, A., Sasangohar F. (2020).
Understanding the Scope of Downtime Threats: A Scoping Review of Downtime-Focused Literature and News Media.
Health Informatics Journal. 26(4):2660-2672.
The authors reviewed technical news media to provide a foundational perspective on electronic health record downtime readiness. They found that between 2012 and 2018, 166 hospitals in the U.S. experienced downtime events and 48.8% of downtime events involved some kind of cyber-attack. The authors propose a bottom-up approach, where clinical staff are involved in the downtime response, and recommend more support for development of contingency plans.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Neprash, H., McGlave, C., Cross, D., et al. (2022).
Trends in Ransomware Attacks on US Hospitals, Clinics, and Other Health Care Delivery Organizations, 2016-2021.
JAMA Health Forum. 3(12):e224873.
The authors explain who and why ransomware attacks on health care organizations are growing in frequency and sophistication. Between January 2016 and December 2021, 374 ransomware attacks exposed the protected health information of almost 42 million patients, caused electronic health record downtime, cancellations, and ambulance diversions. The authors share that actual numbers are higher and suggest increased and more direct monitoring and reporting of these incidents to improve understanding of how cyber-attacks affect patient safety and health care in general.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Office of Information Security. (2023).
Electronic Medical Records Still a Top Target for Cyber Threat Actors.
U.S. Department of Health and Human Services.
This presentation highlights that electronic medical records (EMRs) are still a target for cyber attackers, the top data breaches of 2022, profiles of harmful cyber-attack organizations, and the future of EMRs including robotic process automation, internet of things for health, voice recognition, and the blockchain and electronic health records. Finally, it covers protecting the health sector with the Zero Trust Model, cybersecurity best practices, and quickly detecting intrusion to ensure resilience.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
U.S. Department of Health and Human Services, 405(d). (2021).
405(d) Program Presents: A Case Study of “Cancer Care in the Wake of a Cyber Attack".
The presenters provide a case study of a medical center’s actions after a ransomware attack, introducing several federal agency leaders in cybersecurity, and a discussion and Q&A on the topic. They discuss protectively taking the electronic medical record offline resulting in loss of access to laboratory, pathology, pharmacy, and radiology information but containing the damage.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Plans, Tools, and Templates
Cascella, L. (2017).
Weathering the Storm: Electronic Health Records and Disaster Recovery.
This article includes a list of considerations that planners can use as guidance when developing or improving information technology and electronic health records systems.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Harrison, A., Siwani, R., Pickering, B., et al. (2019).
Clinical Impact of Intraoperative Electronic Health Record Downtime on Surgical Patients.
Journal of the American Medical Informatics Association. 26(10):928-933.
The authors examined how electronic health record (EHR) downtime affected patients in the operating room. They found that there was no association between downtime and patient outcomes, post-operative length of stay, or mortality after 30 days.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Healthcare & Public Health Sector Coordinating Councils. (2023).
Health Industry Cybersecurity – Coordinated Healthcare Incident Response Plan (CHIRP).
This template aims to prepare health care organizations for the operational impacts of a cybersecurity incident by bringing together separate components of emergency plans. It contains information on command center synchronization, incident identification, communication strategy, containment strategy, and the interim solution request process.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
HealthIT.gov. (2019).
Health IT Privacy and Security Resources for Providers.
The Office of the National Coordinator for Health Information Technology.
This website contains links to many IT-related resources for health care providers, including tools and templates, education and training for health care providers and staff, communications with patients about health information privacy and security, and HIPAA guidance.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
HealthIT.gov. (2020).
The ONC HealthIT Playbook.
The Office of the National Coordinator for Health Information Technology.
This playbook aims to make it easier for health care organizations to access digital information resources and implement health IT. The playbook contains strategies, recommendations, and best practices to use health IT to advance care.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
HealthIT.gov. (2022).
Patient Unified Lookup System for Emergencies (PULSE).
The Office of the National Coordinator for Health Information Technology.
PULSE aims to support access to information during disasters and public health emergencies. It is a state and local approach to sharing vital health information, allowing state and local entities to customize access to health information in preparation for and during disasters.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Massachusetts General Hospital Center for Disaster Medicine. (2018).
Hospital Preparedness for Unplanned Information Technology Downtime Events: A Toolkit for Planning and Response.
This resource can assist hospitals and other healthcare organizations with improving their readiness for unplanned IT downtime events. It discusses planning approaches, and key considerations for these types of events.
Login to favorite or comment on the article
Favorite:
1
You must Login to add a comment
- This item doesn't have any comments
Office of the National Coordinator for Health Information Technology. (2014).
Self Assessment Contingency Planning: General Instructions for the SAFER (Safety Assurance Factors for Electronic Health Record Resilience) Self Assessment Guides.
When electronic health records (EHR) are unavailable, this can have a negative effect on patient care and can lead to medication errors, images being unavailable, and the need to cancel procedures. The guidance in this document can help healthcare facilities establish contingency planning for planned or unplanned EHR outages.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Safety Assurance Factors for EHR Resilience (SAFER). (2016).
Self-Assessment: High Priority Practices.
The Office of the National Coordinator for Health Information Technology.
This webpage contains information on using the SAFER Self-Assessment Guides on recommended practices for electronic health record practices not directly related to downtime. It contains a checklist specific to high priority practices which assists with understanding relevant critical planning issues and whether a facility has fully, partially, or not yet implemented the measures.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Western Health. (2023).
EMR Downtime Procedures.
This website provides links to a business continuity plan, action cards, checklists, and other resources developed by Western Health (Australia) that can by tailored and incorporated into U.S. health care facility emergency plans.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Agencies and Organizations
Centers for Medicare & Medicaid Services.
Electronic Health Records.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Healthcare Information and Management Systems Society.
Interoperability and Health Information Exchange.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
Office of the National Coordinator for Health Information Technology.
HealthIT.gov.
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
U.S. Department of Health and Human Services.
HHS 405(d).
Login to favorite or comment on the article
Favorite:
You must Login to add a comment
- This item doesn't have any comments
