Data Disaster Preparedness For Physician Practice
Data Disaster Preparedness
As physician practices have embraced moving toward EMR(electronic health record), a lot of resources have and will be spent on choosing the best system to meet the practice needs and to qualify for the Federal Stimulus dollars for meaningful use EHR (electronic health record) implementation.
Do you have a plan, process and policy for data protection? Yes it is true most practices have had medical billing services in an electronic format for several years but the EMR has opened the way for patient confidential health records to be at risk.
EMR vendors address protection of data both for the practice and the patient by use of encryption and passwords as a part of their security systems. But HIPAA (Health Insurance Portability and Accountability Act) mandates both recoverability and data protection to be implemented. These elements may be addressed by larger EMR vendors but some smaller based systems may not automatically address these components. Practice leaders and administration must make sure all aspects of data protection is reviewed and addressed to include the following:
• Data backup
• Data storage
• Data retention
• Recovery time
• Recovery point
Data backup can be performed by several different methods including magnetic tapes referred to as tape backup, image capture, virtualization or this process can be outsourced for practices with limited IT resources. Data backups are usually completed daily and time to complete ranges from about 15 minutes to several hours. Each of these methods is associated with a specific cost. The cost and resources needed for each method should be compared with your available budget and available resources to determine the best method for the practice.
Some EMR vendors offer their products as an ASP (Application Service Provider). The practice purchases license us of the software which resides at the ASP. The software is maintained and updated at the ASP. The ASP provides secure data storage and complete back up services.
All applicable record retention requirements and guidelines should be reviewed during the EMR selection process to assure compliance. The practice should consider Federal and State requirements, applicable accrediting entities requirements, malpractice insurance carrier guidelines, and any local or facility retention guidelines.
Several factors should be considered when recovery time objectives and recovery point objectives are being decided as part of the business recovery plan.
1. Physician input should be obtained to determine acceptable down time.
2. Data security cost should be planned for in your budget process.
3. Develop a recovery plan, educate users, and test the plan at least annually
Processing your request, Please wait....
