Fillable SAFER Contingency Planning General Instructions Safety Assurance Factors (Office of the National Coordinator)

Fill Online, Printable, Fillable, Blank SAFER Contingency Planning General Instructions Safety Assurance Factors (Office of the National Coordinator) Form

Use Fill to complete blank online OFFICE OF THE NATIONAL COORDINATOR (DC) pdf forms for free. Once completed you can sign your fillable form or send for signing. All forms are printable and downloadable.

SAFER Contingency Planning General Instructions Safety Assurance Factors (Office of the National Coordinator)

On average this form takes 26 minutes to complete

The SAFER Contingency Planning General Instructions Safety Assurance Factors (Office of the National Coordinator) form is 33 pages long and contains:

  • 0 signatures
  • 0 check-boxes
  • 103 other fields

Country of origin: US
File type: PDF

U.S.A. forms for Office of the National Coordinator

BROWSE OFFICE OF THE NATIONAL COORDINATOR (DC) FORMS

Related forms
Fill has a huge library of thousands of forms all set up to be filled in easily and signed.
Fill in your chosen form
Sign the form using our drawing tool
Send to someone else to fill in and sign.
find another form
 
SAFER
Safety Assurance Factors
for EHR Resilience
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Self-Assessment
Contingency Planning
General Instructions
for the SAFER Self-Assessment Guides
The SAFER Guides are designed to help healthcare
organizations conduct self-assessments to optimize the
safety and safe use of electronic health records (EHRs) in
the following areas.
High Priority Practices
Organizational Responsibilities
Contingency Planning
System Configuration
System Interfaces
Patient Identification
Computerized Provider Order Entry
with Decision Support
Test Results Reporting and Follow-up
Clinician Communication
Each of the nine SAFER Guides begins with a Checklist
of “recommended practices.” The downloadable SAFER
Guides provide fillable circles that can be used to indicate the
extent to which each recommended practice has been
implemented. Following the Checklist, a Practice Worksheet
gives a rationale for and examples of how to implement each
recommended practice, as well as likely sources of input into
assessment of each practice, and fillable fields to record team
members and follow-up action. In addition to the downloadable
version, the content of each SAFER Guide, with interactive
references and supporting materials, can also be viewed on
ONC’s website at www.healthit.gov/SAFERGuide.
The SAFER Guides are based on the best evidence available
at this time (2016), including a literature review, expert opinion,
and field testing at a wide range of healthcare organizations,
from small ambulatory practices to large health systems.
The recommended practices in the SAFER Guides are
intended to be useful for all EHR users. However, every
organization faces unique circumstances and will implement a
particular practice differently. As a result, some of the specific
examples in the SAFER Guides for recommended practices
may not be applicable to every organization.
The SAFER Guides are designed in part to help deal with
safety concerns created by the continuously changing
landscape that healthcare organizations face. Therefore,
changes in technology, practice standards, regulations and
policy should be taken into account when using the SAFER
Guides. Periodic self-assessments using the SAFER Guides
may also help organizations identify areas in which it is
particularly important to address the implications of change for
the safety and safe use of EHRs. Ultimately, the goal is to
improve the overall safety of our health care system.
The SAFER Guides are not intended to be used for legal
compliance purposes, and implementation of a recommended
practice does not guarantee compliance with HIPAA, the
HIPAA Security Rule, Medicare or Medicaid Conditions of
Participation, or any other laws or regulations. The SAFER
Guides are for informational purposes only and are not
intended to be an exhaustive or definitive source. They do not
constitute legal advice. Users of the SAFER Guides are
encouraged to consult with their own legal counsel regarding
compliance with Medicare or Medicaid program requirements,
HIPAA, and any other laws.
For additional, general information on Medicare and Medicaid
program requirements, please visit the Centers for Medicare &
Medicaid Services website at www.cms.gov. For more
information on HIPAA, please visit the HHS Office for Civil
Rights website at www.hhs.gov/ocr.
July 2016
SAFER Self-Assessment | Contingency Planning
1 of 23
SAFER
Safety Assurance Factors
for EHR Resilience
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Self-Assessment
Contingency Planning
Introduction
The Contingency Planning SAFER Guide identifies
recommended safety practices associated with planned or
unplanned EHR unavailability instances in which clinicians
or other end users cannot access all or part of the EHR.
Occasional temporary unavailability of EHRs is inevitable,
due to failures of software and hardware infrastructure, as
well as power outages and natural and man-made disasters.
Such unavailability can introduce substantial safety risks to
organizations that have not adequately prepared. Effective
contingency planning addresses the causes and
consequences of EHR unavailability, and involves processes
and preparations that can minimize the frequency and
impact of such events, ensuring continuity of care.
EHR unavailability, which will occur in every EHR-enabled
healthcare environment,
1
represents a significant potential
patient safety hazard that directly affects patient care.
Documented potential hazards include an increased risk of
medication errors,
2
unavailability of images,
3
and canceled
procedures. The potential impact of EHR unavailability
increases as such systems are deployed across multiple,
geographically dispersed facilities within a healthcare
system.
4
The contingency planning team should include
practicing clinicians to ensure that the technical components
align with and support the clinical processes and workflows
impacted by their decisions. The substitute workflows that
must be designed and then employed during downtimes are
particularly sensitive to clinician input and cooperation. In
addition to the substantial initial contingency planning effort,
a continuous, reliable review and maintenance process must
be developed and followed. EHR safety and effectiveness can
be improved by establishing proper downtime procedures,
policies, and practices. The collaboration between clinicians
and staff members in completing the self-assessment in this
guide will enable an accurate snapshot of the organizations
EHR contingency planning status (in terms of safety) and,
even more importantly, should lead to a consensus about the
organizations future path to optimize EHR-related safety and
quality.
Interaction with HIPAA
While this guide focuses on patient safety, many of its
recommendations overlap with standards and implementation
specifications of the HIPAA Security Rule, which focuses on
ensuring the confidentiality, integrity, and availability of
electronic protected health information. Because the focus of
the guide differs from that of the Security Rule, completing the
checklist here will not equate with compliance with HIPAA.
However, creating a contingency plan as required by the
HIPAA Security Rule will address many, but not all, of the
recommended safety-oriented practices in this guide. We
encourage coordination of completion of the self-assessment
in this SAFER Guide with contingency planning for purposes
of HIPAA compliance to provide a uniform approach to patient
safety and data protection.
July 2016
SAFER Self-Assessment | Contingency Planning
2 of 23
SAFER
Safety Assurance Factors
for EHR Resilience
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Self-Assessment
Contingency Planning
Table of Contents
General Instructions
Introduction
About the Checklist
Checklist
Team Worksheet
About the Recommended
Practice Worksheets
1
2
4
5
7
8
The SAFER Self-Assessment Guides were developed by health IT safety researchers and informatics experts:
Joan Ash, PhD, MLS, MS, MBA, Professor and Vice Chair, Department of Medical Informatics and Clinical Epidemiology, School of Medicine,
Oregon Health & Science University;
Hardeep Singh, MD, MPH, Associate Professor of Medicine at the Michael E. DeBakey Veterans Affairs Medical Center and Baylor College of
Medicine and Chief of the Health Policy, Quality and Informatics Program at the Houston VA HSR&D Center of Excellence, and Director of the Houston
VA Patient Safety Center of Inquiry; and
Dean Sittig, PhD, University of Texas School of Biomedical Informatics at Houston, UT–Memorial Hermann Center for Healthcare Quality & Safety.
This guide was developed under the contract Unintended Consequences of Health IT and Health Information Exchange, Task Order HHSP23337003T/HHSP23320095655WC.
The ONC composite mark is a mark of the U.S. Department of Health and Human Services. The contents of the publication or project are solely the responsibility of the authors and do not necessarily represent the
official views of the U.S. Department of Health and Human Services, Office of the National Coordinator for Health Information Technology.
July 2016
SAFER Self-Assessment | Contingency Planning
3 of 23
> Practice Worksheets
SAFER
Self-Assessment
Contingency Planning
About the Checklist
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
The Checklist is structured as a quick way to enter and print your self-assessment.
Your selections on the checklist will automatically update the related section
of the corresponding Recommended Practice Worksheet.
The Domain associated with the Recommended Practice(s) appears at
the top of the column.
The Recommended
Practice(s)
for the
topic appear below
the associated
Domain.
Select the level
of Implementation
achieved by your
organization for each
Recommended
Practice.
Your Implementation
Status will be
reflected on the
Recommended
Practice Worksheet
in this PDF.
To the right of each Recommended Practice is a link
to the Recommended Practice Worksheet in this PDF.
The Worksheet provides guidance on implementing
the Practice.
July 2016
SAFER Self-Assessment | Contingency Planning
4 of 23
Self Assessment
SAFER
5 of 17
Contingency Planning
SAFER Self Assessment | Contingency Planning
December xx, 2013
Checklist
>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets
>Practice Worksheets
SAFER
Self-Assessment
Contingency Planning
Checklist
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practices for Domain 1 — Safe Health IT
Hardware that runs applications critical to the
1.1
organization’s operation is duplicated.
Worksheet 1.1
Implementation Status
Fully
in all areas
Partially
in some areas
Not
implemented
reset
An electric generator and sufficient fuel are available
1.2
to support the EHR during an extended power outage.
Worksheet 1.2
Paper forms are available to replace key EHR functions
1.3
during downtimes.
Worksheet 1.3
Patient data and software application configurations
1.4
critical to the organization’s operations are backed up.
Worksheet 1.4
Policies and procedures are in place to ensure accurate
1.5
patient identification when preparing for, during, and
after downtimes.
Worksheet 1.5
Recommended Practices for Domain 2 — Using Health IT Safely
Implementation Status
Fully
in all areas
Partially
in some areas
Not
implemented
reset
Staff are trained and tested on downtime and recovery
2.1
procedures.
Worksheet 2.1
A communication strategy that does not rely on the
2.2
computing infrastructure exists for downtime and
recovery periods.
Worksheet 2.2
Written policies and procedures on EHR downtimes
2.3
and recovery processes ensure continuity of operations
with regard to safe patient care and critical business
operations.
Worksheet 2.3
The user interface of the locally maintained backup,
2.4
read-only EHR system is clearly differentiated from the
live/production EHR system.
Worksheet 2.4
reset
reset
reset
reset
reset
reset
reset
2.5
Users are trained on ransomware prevention
strategies including how to identify malicious emails.
Worksheet 2.5
reset
July 2016
SAFER Self-Assessment | Contingency Planning
5 of 23
SAFER
Self-Assessment
Contingency Planning
Checklist
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practices for Domain 3 Monitoring Safety
Implementation Status
Fully
in all areas
Partially
in some areas
Not
implemented
There is a comprehensive testing and monitoring
3.1
strategy in place to prevent and manage EHR
downtime events.
Worksheet 3.1
Functional system downtimes (i.e., unacceptably
3.2
slow response time) are identified and addressed
proactively.
Worksheet 3.2
reset
reset
reset
Review unexpected extended system downtimes
3.3
greater than 24 hours using root-cause analysis
or similar approaches.
Worksheet 3.3
July 2016
SAFER Self-Assessment | Contingency Planning
6 of 23
SAFER
SAFER
Self-Assessment
Contingency Planning
Team Worksheet
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
A multidisciplinary team should complete this self-assessment and evaluate potential health IT-related patient safety risks
addressed by this specific SAFER Guide within the context of your particular healthcare organization.
This Team Worksheet is intended to help organizations
document the names and roles of the self-assessment team, as
well as individual team members’ activities. Typically team
members will be drawn from a number of different areas within
your organization, and in some instances, from external
sources. The suggested Sources of Input section in each
Recommended Practice Worksheet identifies the types of
expertise or services to consider engaging. It may be
particularly useful to engage specific clinician and other leaders
with accountability for safety practices identified in this guide.
The Worksheet includes fillable boxes that allow you to
document relevant information. The Assessment Team Leader
box allows documentation of the person or persons responsible
for ensuring that the self-assessment is completed.
The section labeled Assessment Team Members enables you
to record the names of individuals, departments, or other
organizations that contributed to the self-assessment. The
date that the self-assessment is completed can be recorded in
the Assessment Completion Date section and can also serve
as a reminder for periodic reassessments. The section labeled
Assessment Team Notes is intended to be used, as needed, to
record important considerations or conclusions arrived at
through the assessment process. This section can also be
used to track important factors such as pending software
updates, vacant key leadership positions, resource needs, and
challenges and barriers to completing the self-assessment or
implementing the Recommended Practices in this SAFER
Guide.
Assessment Team Leader
Assessment Completion Date
Assessment Team Members
Assessment Team Notes
reset page
July 2016
SAFER Self-Assessment | Contingency Planning
7 of 23
tion
p
.
Th
S
se
ca
pe
w
inf
ev
im
T
se
p
pr
sc
yo
im
sp
R
Pr
SAFER
> Practice Worksheets
SAFER
Self-Assessment
Contingency Planning
About the Recommended
Practice Worksheets
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
Each Worksheet provides guidance on implementing a specific Recommended Practice,
and allows you to enter and print information about your self-assessment.
Self Assessment
Contingency Planning
SAFER
Recommended Practice 4
Worksheet
Phase 1 —
Safe Health IT
>Table of Contents >About the Checklist >Team Worksheet >About the Practice Worksheets
>Practice Worksheets
The Rationale sec
provides guidance
about “why” the
safety activities
are needed.
Enter any notes
about your self-
assessment.
Enter any follow-u
activities required.
Enter the name
of the person
responsible for the
follow-up activities
e Suggested
ources of Input
ction indicates
tegories of
rsonnel
ho can provide
ormation to help
aluate your level of
plementation.
he Examples
ction lists
otentially useful
actices or
enarios to inform
ur assessment and
plementation of the
ecific
ecommended
actice.
July 2016
SAFER Self-Assessment | Contingency Planning
8 of 23
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 1.1
Worksheet
Domain 1 —
Safe Health IT
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
Hardware that runs applications critical to the organization’s
1.1
operation is duplicated.
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Organizations should take steps to prevent and
minimize the impact of technology failures. A single
point of failure greatly increases risks both for the
availability and integrity of data.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Health IT support staff
Examples of Potentially Useful Practices/Scenarios
A large healthcare organization that provides care 24 hours
per day has a remotely located (i.e., > 50 miles away and >
20 miles from the coastline) “warm-site” (i.e., a site with
current patient data that can be activated in less than 8
hours) backup facility that can run the entire EHR.
5
The warm-site is tested at least quarterly.
The organization maintains a redundant path to the Internet
consisting of two different cables, in different trenches
(a microwave or other form of wireless connection is also
acceptable), provided by two different Internet providers.
6, 7
Smaller ambulatory clinics have at least a cellphone-based,
wireless Internet access point as a backup to their main
cable-based Internet connection.
If using a remotely hosted EHR (e.g., cloud-based solution),
insist that your EHR provider back up data with tape,
Internet, redundant drives, or any means necessary to allow
full recovery from incidents.
8
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
9 of 23
reset page
Off
reset page
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 1.2
Worksheet
Domain 1 —
Safe Health IT
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
An electric generator and sufficient fuel are available to
support the EHR during an extended power outage.
9
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Most healthcare organizations must be able to
continue running their health IT infrastructure and
preserve data and communication capabilities in
cases of sustained power outages.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
Health IT support staff
Examples of Potentially Useful Practices/Scenarios
Organizations evaluate the consequences to patient safety
and to business operations due to loss of power that shuts
down the EHR, and implement concrete plans to keep the
EHR running to the extent needed to avoid unacceptable
consequences.
In the event of a power failure, there is an uninterruptible
power supply (UPS), either batteries or a “flywheel,”
capable of providing instantaneous power to maintain the
EHR for at least 10 minutes.
The UPS is tested regularly (optimally on at least a monthly
basis).
The on-site, backup electrical generator is able to maintain
EHR functions critical to the organization’s operation (e.g.,
results review, order entry, clinical documentation).
10
The organization maintains 2 days of fuel for the generator
on-site.
The generator is tested regularly (optimally at least on a
monthly basis).
The UPS and the generator are kept in secure locations
that are not likely to flood.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
10 of 23
1.2
Off
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 1.3
Worksheet
Domain 1 —
Safe Health IT
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
Paper forms are available to replace key EHR functions during
1.3
downtimes.
11
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Clinical and administrative operations need to
continue in the event of a downtime.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
Examples of Potentially Useful Practices/Scenarios
The organization maintains enough paper forms to care for
patients on an in-patient unit for at least 8 hours. Paper
forms could include those required to enter orders and
document the administration of medications, labs, and
radiology on each unit.
12
There is a process in place to ensure that the information
recorded on paper during the downtime gets entered and
reconciled into the EHR following its reactivation (e.g.,
entering information as coded data, scanning of paper
documents).
12
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
11 of 23
reset page
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 1.4
Worksheet
Domain 1 —
Safe Health IT
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
1.4
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Backup of mission-critical patient data and EHR system
configuration allows system restoration to a “pre-failure”
state with minimal data loss. In the event of failure, you
are able to rely upon reliable back-up data.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Health IT support staff
Examples of Potentially Useful Practices/Scenarios
The organization has a daily, off-site, complete, encrypted
backup of patient data.
14
The off-site backup is tested regularly (i.e., complete
restore) (optimally on at least a monthly basis).
15
The content required to configure the system is backed up
on a regular basis (optimally on a monthly basis and before
every system upgrade).
The organization maintains multiple backups, created at
different times.
Backup media are physically secured.
Backup media are rendered unreadable (i.e., use software
to scramble media contents or physically destroy/shred
media) before disposal.
The organization has a “read-only” backup EHR system
that is updated frequently (optimally at least hourly).
The read-only EHR system is tested regularly
(optimally at least weekly).
Users can print from the read-only EHR system.
If there is a “unit-level” read-only backup EHR
system, it is connected to a local UPS or “red plug” (i.e., an
outlet connected to the organization's backup electrical
generator).
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
12 of 23
Patient data and software application configurations critical to
the organization’s operations are backed up.
13
reset page
Off
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 1.5
Worksheet
Domain 1 —
Safe Health IT
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
1.5
Policies and procedures are in place to ensure accurate patient
identification when preparing for, during, and after downtimes.
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Without policies, procedures, and processes in place
to manage patient identification during downtimes,
mismatches and lost records could compromise patient
confidentiality, data integrity, and patient safety.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Examples of Potentially Useful Practices/Scenarios
The read-only EHR system should have user-specific
passwords (i.e., should not employ a shared password for
all users).
There is a mechanism in place to register new patients
during downtime, including assignment of unique
temporary patient record numbers along with a process for
reconciling these new patient IDs once the EHR comes
back online.
Ensure that paper documents created during downtime are
protected using standard HIPAA safeguards and policies.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
13 of 23
reset page
Off
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 2.1
Worksheet
Domain 2 —
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
Staff are trained and tested on downtime and recovery
2.1
procedures.
16
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
In organizations that have not had a significant
downtime in more than a year, there is an increased
risk of having employees who do not know how to
function in a paper environment.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
Examples of Potentially Useful Practices/Scenarios
Organizations establish and follow training requirements
so that each employee knows what to do to keep the
organization operating safely during EHR downtimes.
17
Clinicians are trained in use of the paper-based ordering
and charting tools.
The organization conducts unannounced EHR “downtime
drills” at least once a year.
18
Clinicians have been trained on how and when to activate
and use the “read-only” backup EHR system.
19
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
14 of 23
reset page
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 2.2
Worksheet
Domain 2 —
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
2.2
A communication strategy that does not rely on the computing
infrastructure exists for downtime and recovery periods.
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
The organization needs to be prepared to
communicate with key personnel without use of
the computer.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
Health IT support staff
Examples of Potentially Useful Practices/Scenarios
The organization has methods other than electronic
(i.e., not email, Twitter, voice-over-IP) to notify key
organizational administrators and clinicians about times
when the EHR is down (either planned or
unplanned).
18, 20
The organization has a mechanism in place to activate
the read-only backup EHR system and notify clinicians
how to access it.
The organization has a mechanism in place to notify
clinicians when the EHR is back on-line (either planned
or unplanned).
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
15 of 23
reset page
Off
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 2.3
Worksheet
Domain 2 —
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
2.3
Written policies and procedures on EHR downtimes and
recovery processes ensure continuity of operations with regard
to safe patient care and critical business operations.
21
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Policies and procedures on EHR downtime and recovery
keep everyone “on the same page” so they are able to
care for patients and maintain critical business operations
during inevitable downtimes, whether planned or
unplanned.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
Health IT support staff
Examples of Potentially Useful Practices/Scenarios
The organization has a written EHR downtime and
recovery policy that describes key elements such as
when a downtime should be called; how often further
communication will be delivered; who will be in charge
during the downtime (both on the clinical and technical
side); how everyone will be notified; and how information
collected during the downtime is entered into the EHR.
22
The EHR downtime policy is reviewed at least every
2 years.
23
The EHR downtime policy describes when the warm-site
backup process should be activated (ideally, before the
system has been down for 2 hours).
A paper copy of the current EHR downtime and recovery
policy is available on clinical units.
A paper copy of the current EHR downtime and recovery
policy is stored in a safe, off-site location.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
16 of 23
reset page
Off
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 2.4
Worksheet
Domain 2 —
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
The user interface of the locally maintained backup, read-only
2.4
EHR system is clearly differentiated from the live/production
EHR system.
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
When the usual system is unavailable, a read-only copy
can enable access to patient records, though it can’t
support adding or editing patient data. If it looks the same to
users it could easily result in attempts to enter data that will
not be recorded.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Examples of Potentially Useful Practices/Scenarios
Access to the “read-only” backup EHR is disabled (e.g.,
icons on the computer screens are “greyed out” or not
available) during periods of normal EHR operations.
The user interface of the read-only backup EHR system is
visibly different than the fully operational system (e.g., there
is a different background color for screens, a watermark
across screens, data entry fields are greyed out).
Clinicians are trained on appropriate use of the read-only
backup EHR.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
17 of 23
reset page
> Practice Worksheets
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 2.5
Worksheet
Domain 2
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
Implementation Status
Recommended Practice
Users are trained on ransomware prevention strategies
2.5
including how to identify malicious emails.
Checklist
Rationale for Practice or Risk Assessment
Malicious email attachments are often the first
point of entry for ransomware attacks.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Examples of Potentially Useful Practices/Scenarios
The organization trains users to identify spam, phishing, and
spear-phishing messages, and users avoid clicking on
potentially weaponized attachments (such as *.exe,
*.zip, *.rar, *.7z, *.js, *.wsf, *.docm, *.xlsm, *.pptm, *.rtf,
*.msi, *.bat, *.com, *.cmd, *.hta, *.scr, *.pif, *.reg, *.vbs,
*.cpl, *.jar files). Safe file attachment formats include (*.jpg,
*.png, *.pdf, *.docx, *.xlsx, and *.pptx).
24
Training should reinforce that legitimate organizational mail
messages (e.g., your employer’s IT department, your bank,
your credit card company, companies you work with) should
always meet the following requirements: 1) never ask you to
download and run file attachments; 2) never ask for you to
enter account or password information; 3) always have a
telephone number someone can call (i.e., out-of-band
check); 4) always be associated with an email address and
name that people can check in their local directory; and 5)
contain website links that display the complete internet
address (URL) to build trust.
The organization restricts users’ ability to install and run
software applications using the principle of “Least Privilege,”
or minimizes users’ access to only those systems and
services required by their job.
The organization considers disabling the USB ports on the
organization’s computers.
25
The organization conducts simulated phishing attacks (i.e.,
sends fraudulent (but safe) email messages or websites that
appear to be from legitimate sources) to raise user’s
awareness of the problem.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
18 of 23
reset page
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 3.1
Worksheet
Domain 3 —
Monitoring Safety
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
> Practice Worksheets
Recommended Practice
3.1
There is a comprehensive testing and monitoring strategy in
place to prevent and manage EHR downtime events.
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Comprehensive testing and monitoring strategies can
prevent and minimize the impact of technology failures.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Health IT support staff
Examples of Potentially Useful Practices/Scenarios
The organization regularly monitors and reports on
system downtime events.
26
The organization regularly monitors and reports on
system response time (optimally under 2 seconds) for
important clinical tasks (e.g., results review, order entry,
patient look-up).
27
The organization has a written policy describing the
different hardware, software, process, and people-related
testing procedures.
The organization maintains a log of all testing activities.
Unplanned downtimes and the effectiveness of follow-up
to prevent them from recurring are monitored by
the top leadership.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
19 of 23
reset page
> Practice Worksheets
reset page
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 3.2
Worksheet
Domain 3
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
Implementation Status
July 2016
SAFER Self-Assessment | Contingency Planning
20 of 23
Recommended Practice
Functional system downtimes (i.e., unacceptably slow
3.2
response time) are identified and addressed proactively.
Checklist
Rationale for Practice or Risk Assessment
Slow computer response times significantly impede user
efficiency and can result in “type ahead” errors in which
the computer saves commands (e.g., repeated enter key
presses) and enters them (unbeknownst to the user) in
the default data entry field once the form loads, resulting
in unexpected behavior.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Examples of Potentially Useful Practices/Scenarios
Create strategies to calculate system response times. One
such strategy is to create an application to submit a simple
medication order for a “test patient” every day of the year
at midnight and run a simple automated query to request
this order’s details be displayed on a workstation in a
clinical setting every minute for the next 24 hours
(i.e., 1440 times). Mean system response time is the time
from order being requested until the time the details are
available. Functional system downtime can be defined by
any hourly mean response time greater than 5 seconds or
3 standard deviations above the mean.
27
The organization creates easy mechanisms for users to
report slow system response time to the IT Helpdesk.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
> Practice Worksheets
reset page
SAFER
Self-Assessment
Contingency Planning
Recommended Practice 3.3
Worksheet
Domain 3
Using Health IT Safely
> Table of Contents
> About the Checklist
> Team Worksheet
> About the Practice Worksheets
Recommended Practice
3.3
Review unexpected extended system downtimes greater than
24 hours using root-cause analysis or similar approaches.
28
Checklist
Implementation Status
Rationale for Practice or Risk Assessment
Experiences with an unexpected downtime over 24
hours are likely to provide learning opportunities for
future management and prevention of similar events.
Suggested Sources of Input
Clinicians, support staff, and/or
clinical administration
EHR developer
Examples of Potentially Useful Practices/Scenarios
The organization convenes a multi-disciplinary group of
clinicians and IT professionals to review the event and its
management, identify potential root causes, and discuss
future prevention or mitigating procedures.
The organization considers consulting with additional
experts in IT system reliability to review and report on
recommendations for improvements in key system
components, configurations, and policies and procedures.
Assessment Notes
Follow-up Actions
Person Responsible for Follow-up Action
July 2016
SAFER Self-Assessment | Contingency Planning
21 of 23
SAFER
Safety Assurance Factors
for EHR Resilience
References
1. Kilbridge, P. (2003). Computer crash-lessons from a system failure. New England Journal of Medicine, 348(10), 881-882.
2. Hanuscak, T. L., Szeinbach, S. L., Seoane-Vazquez, E., Reichert, B. J., & McCluskey, C. F. (2009). Evaluation of causes and
frequency of medication errors during information technology downtime. American Journal of Health-System Pharmacy, 66(12).
3. McBiles, M., & Chacko, A. K. (2000). Coping with PACS downtime in digital radiology. Journal of Digital Imaging, 13(3), 136-142.
4. Sittig, D. F., & Singh, H. (2012). Electronic health records and national patient-safety goals. New England Journal of Medicine,
367(19), 1854-1860.
5. Lee, O. F., & Guster, D. (2012). Virtualized disaster recovery model for large scale hospital and healthcare systems. Advancing
Technologies and Intelligence in Healthcare and Clinical Environments Breakthroughs, 307.
6. Sittig, D. F., & Singh, H. (2011). Defining health information technology-related errors: New developments since To Err Is Human.
Archives of Internal Medicine, 171(14), 1281-1284.
7. Dooling, J. A. (2013). Meaningful Use and Disaster Infrastructure Q&A: HIM Professionals Share Lessons Learned. Journal of
AHIMA, 84(10), 64-65.
8. Schweitzer, E. J. (2012). Reconciliation of the cloud computing model with US federal electronic health record regulations. Journal of
the American Medical Informatics Association, 19(2), 161-165.
9. Jacques, C. C., Boston, M., & Mitrani-Reiser, J. (2014). Quantifying the performance of healthcare facilities in disasters: a multi-
hazard approach. Tenth U.S. National Conference on Earthquake Engineering Frontiers of Earthquake Engineering July 21-25, 2014;
Anchorage, Alaska.
10. Hiller, M., Bone, E. A., & Timmins, M. L. (2015). Healthcare system resiliency: The case for taking disaster plans further-Part 2.
Journal of Business Continuity & Emergency Planning, 8(4), 356-375.
11. Lei, J., Guan, P., Gao, K., Lu, X., Chen, Y., Li, Y., ... & Zheng, K. (2014). Characteristics of health IT outage and suggested risk
management strategies: An analysis of historical incident reports in China. International Journal of Medical Informatics, 83(2), 122-130.
12. McKinney, M. (2007). Technology. What happens when the IT system goes down? Hospitals & Health Networks/AHA, 81(12), 14.
13. Sittig, D. F., Gonzalez, D., & Singh, H. (2014). Contingency planning for electronic health record-based care continuity: a survey of
recommended practices. International Journal of Medical Informatics, 83(11), 797-804.
14. Piliouras, T. C., Suss, R. J., & Yu, P. L. (2015, May). Digital imaging & electronic health record systems: Implementation and
regulatory challenges faced by healthcare providers. In Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long
Island (pp. 1-6). IEEE.
15. Schackow, T. E., Palmer, T., & Epperly, T. (2008). EHR meltdown: how to protect your patient data. Family Practice Management,
15(6), A3.
16. Brazelton, N. C., & Lyons, A. (2014). Health Information Systems: Downtime and Disaster Recovery. PROP-Healthcare Information
Systems Custom, 256.
17. Oral, B., Cullen, R. M., Diaz, D. L., Hod, E. A., & Kratz, A. (2015). Downtime Procedures for the 21st Century. American Journal of
Clinical Pathology,143(1), 100-104.
18. Genes, N., Chary, M., & Chason, K. W. (2013). An academic medical center’s response to widespread computer failure. American
Journal of Disaster Medicine, 8(1), 2.
19. Poterack, K. A., & Gottlieb, O. (2016). Are you ready for EHR downtime? Questions to ask. ASA Newsletter, 80(2), 30-31.
July 2016
SAFER Self-Assessment | Contingency Planning
22 of 23
SAFER
Safety Assurance Factors
for EHR Resilience
References
20. Nelson, N. C. (2007). Downtime procedures for a clinical information system: a critical issue. Journal of Critical Care, 22(1), 45-50.
21. Menon, S., Singh, H., Meyer, A. N., Belmont, E., & Sittig, D. F. (2014). Electronic health record-related safety concerns: A cross-
sectional survey. Journal of Healthcare Risk Management, 34(1), 14-26.
22. Scholl, M., Stine, K., Hash, J., Bowen, P., Johnson, A., Smith, C., & Steinberg, D. (2008). An introductory resource guide for
implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. NIST Special Publications 800-66 Revision
1; October 2008.
23. Fernández, M. T., Gómez, A. R., Santojanni, A. M., Cancio, A. H., Luna, D. R., & Benítez, S. E. (2014). Electronic Health Record
System Contingency Plan Coordination: A Strategy for Continuity of Care Considering Users’ Needs. Studies in Health Technology and
Informatics, 216, 472-476.
24. Hoffman, C. (2014). How To Spot A Dangerous Email Attachment. Make Use Of (a website).
25. Wright, A., & Sittig, D. F. (2007). Security threat posed by USB-based personal health records. Annals of Internal Medicine, 146(4),
314-315.
26. Blecker, S., Austrian, J. S., Shine, D., Braithwaite, R. S., Radford, M. J., & Gourevitch, M. N. (2013). Monitoring the pulse of hospital
activity: electronic health record utilization as a measure of care intensity. Journal of Hospital Medicine, 8(9), 513-518.
27. Sittig, D. F., Campbell, E. M., Guappone, K. P., Dykstra, R. H., & Ash, J. S. (2007, October). Recommendations for Monitoring and
Evaluation of In-Patient Computer-based Provider Order Entry Systems: Results of a Delphi Survey. In AMIA.
28. Sittig DF, Singh H. (2010, May). (author reply) Monitoring and evaluating the use of electronic health records. JAMA. 303(19):
1918-9.
July 2016
SAFER Self-Assessment | Contingency Planning
23 of 23
Download
Save PDF to desktop
Email
Email completed PDF
Send for Signing
Email for others to sign
Print
Print document
Choose a Field
Click on a field and
select the person that should complete it
Want to add a signature?
You can add a signature field
and assign it to someone else
to sign
Choose a Field
Click on a field and
select the person that should complete it

SAFER Contingency Planning General Instructions Safety Assurance Factors (Office of the National Coordinator)

This document is locked as it has been sent for signing.

You have successfully completed this document.

Other parties need to complete fields in the document. You will recieve an email notification when the document has been completed by all parties.

This document has been signed by all parties.

Completed 26 January 2021

Message

View Audit Log
Print With Audit Log
Duplicate Document