Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Alex Ruoff
Aug. 3 — Boston Children's Hospital has two types of crash carts: one for when a patient suffers a potentially fatal condition and another for when the hospital's information technology systems stop working.
The latter is called a downtime cart and holds all the paper forms and directions doctors and nurses need to do their jobs if the hospital's electronic health record system goes down. Boston Children's electronic health records system is used across the hospital to track patient care, register patients and order medications.
Downtime carts and other low-tech replacements for health IT tools are becoming crucial as hospitals face new threats from cybercriminals that have the potential to shut down information networks, hospital executives told Bloomberg BNA. Hospitals are growing increasingly reliant on their IT systems to support their everyday operations, from record keeping to medication ordering and tracking laboratory results, but hospital staff must also face the reality that those systems can and do fail.
“Hospitals are starting to recognize that this is something they need to plan for,” Dan Nigrin, chief information officer for Boston Children's Hospital, told Bloomberg BNA. “We're moving to automate more processes to realize efficiencies, so there's real risk if those systems are taken away.”
IT downtime is a reality for any organization regardless of industry, Charles Christian, vice president of technology and engagement for the Indiana Health Information Exchange, told Bloomberg BNA. Normally, hardware systems such as servers are shut down for repair or software must be taken offline for updates during slow periods with little interruption, he said.
However, nearly 60 percent of hospitals that participated in the federal meaningful use incentive program reported an unplanned disruption in their record systems between 2014 and 2015, according to a recent HHS Office of Inspector General report.
Roughly a quarter of hospitals that lost access to their health records said the event delayed patient care, the report said. Most of those disruptions were caused by hardware failures, not hacking incidents.
But hospitals are increasingly facing directed cyberattacks, such as ransomware attacks, that are designed to disable their IT and health record systems.
The HHS IG found that 20 percent of unplanned downtimes at hospitals lasted more than eight hours. Of those downtimes, 15 percent resulted in rerouted patient care and 1 percent resulted in a loss of records.
No data breaches resulted from those downtimes, according to the hospitals.
Hospital executives and technical personnel have sought to protect their IT systems from natural disasters or other predictable incidents, Christian said.
Many larger hospitals or hospital systems have their own hardened data centers to ensure staff can always access their IT networks, he said. These organizations have redundant hardware to ensure an accidentally cut wire or faulty server can't alone crash their network, Christian said.
Most hospitals also know to regularly back up their clinical data to ensure patient data isn't easily lost, Christian said. Half of the hospitals contacted by the IG said they had backup systems in place in case of an EHR system disruption.
However, smaller hospitals and critical access hospitals—facilities with fewer than 25 inpatient beds that are typically the only local emergency care—can't afford these backup systems, he said. Most are reliant on the company that sold them their EHR system to protect their data and keep their computers online.
To contact the reporter on this story: Alex Ruoff in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Kendra Casey Plank at email@example.com
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)