Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

In Case Of Emergency, Is Your Healthcare Practice Prepared?

business continuity plan disaster recovery disaster response plan

When you collect, use, or disclose personal health information, healthcare providers have a duty to protect records, even during an emergency. A disaster response plan includes protecting personal information against threats and a plan to quickly resume access to patient’s health information.

We can expect disruption to our business and be prepared to

  • Preserve the safety of our employees, our patients, and our community, and
  • Ensure the continuity of health services to our patients, and
  • Mitigate the financial risks to the business.

Business continuity planning and disaster response planning are key steps in preparing for an emergency. These activities often overlap, but their focus is different.

Business continuity focuses on keeping the lights on and the business open in some capacity during an emergency, while disaster response planning focuses on getting operations back to normal. (See “Business Continuity vs Disaster Recovery: 5 Key Differences” from the University of Florida for more information.)

No matter how large or small your health care practice legislation, regulation, and business common sense tells us that we need a disasterresponse plan to protect the safety and well-being of your patients and your employees. You can re-purpose the emergency response plan to develop a business continuity plan. Just make sure you focus on the people, process, facilities, and technology assets your organization needs to function normally.

Prepare your business continuity plan before you open your health care practice. It would be bad luck to have an emergency right away but, if you are prepared, it doesn’t have to be a disaster.

Start Your Business Continuity Plan

Your owner and the management team of your healthcare practice should be the champions of developing a business continuity plan in your practice. You might also include information technology support, human resources, building maintenance, media spokesperson, and risk management advisor. It’s a good idea to set up a project plan, identify project objectives, and set target dates for completion of the assessment.

Risk Assessment – Assess Your Office’s Critical Functions and Assets

Conduct an initial assessment of your practices’ critical activities and systems. The assessment sets a baseline that will help identify what is needed to move your organization to a place where everyone on staff is prepared to respond quickly and efficiently to a potentially disruptive event.

Then, identify potential threats to your critical functions and assets. Determine which events are most likely to happen. Use these events as your starting point to create a detailed written plan. You will have greater success in preparing to lessen the harm of an event if your team can envision that it might happen to you in the next five years.

Disaster response plan Potential threats to business continuityYour list of critical activities helps you identify the mission-critical functions of your practice that must be protected and recovered and the employee positions that must be maintained. Knowing this helps you determine your priorities for your next steps.

Resources to Help You

There are many resources available to you to help you with your plan. Check with your local municipality for emergency preparedness response plans, checklists, and contact information. Print hard copies of the documents and keep in an easily accessible location in your office. Your professional associations and insurance companies are also great resources. For example, Alberta Netcare provides a ‘Clinic Business Continuity Plan Guidelines’ (January 2015).

What Can You Do Now To Prevent an Emergency

Build redundancy into your daily operations. Consider your key activities and ensure that you have an alternate plan. Name each key function and determine an alternate equipment or service provider.

For example, if your electronic medical record (EMR) or practice management software is ‘in the cloud’, you will need to use an internet connection to access your data. If your internet service provider (ISP) is down, do you have a fail-over solution so that you can smoothly switch to an alternate ISP? You might be able to use your cell phone and cell phone connection to your EMR for a little while, but could you run your busy practice from your cell phone for long?

Many of us have a list of phone numbers and contact information on our phones for people that we might need to call in case of emergency. But, if you lost your phone or your computer network, do you have a paper list of your contacts? These simple steps can help you to resume business operations as quickly as possible.

A good computer backup will help to prevent loss of data and help you to recover access to your data quickly. For more information, see Can You Restore Your Business Using Your Computer Backup?

Develop the Disaster Response Plan

The Disaster Response Plan is a step-by-step plan for responding to the emergency event. Include how you are going to make decisions and who has the authority to make decisions. For example, who will decide to open (or close) your practice? Who will authorize overtime and immediate expenses? Do you have an alternate person who can authorize decisions and expenses, too?

Make sure the plan is fully documented, both in hard copy and electronic formats.

Identify the strategies you’ll take to protect your patient/clients, employees, and mission-critical resources. This might include backing up or moving to another location followed by recovering the equipment and information and returning them to normal operations. Include a detailed evacuation plan that each of your employees can access both at work and from their home.

Include detailed phone and contact lists. Make sure the plan is fully documented, both in hard copy and electronic formats.

Locate and have on hand some ‘old school’ technology like land-line telephones, battery operated radios and flashlights.

Practice the Plan

Effective disaster response and business continuity plans requires practical training. Exercise the plans periodically to ensure they work as designed and you can recover critical systems and return operations to normal. Conduct a business continuity and technology disaster scenario at least quarterly. When you vary your scenarios, you will reinforce key core emergency recover plan principles with each scenario and test a variety of plans.

Include emergency communications, awareness and training and coordination with public authorities.

A business continuity plan in your practice is critical to protect your employees, patients, and your business to be prepared for a crisis. Your goal is to recover your health care practice to where it can provide patient care and support its clinical and administrative teams in a “business as usual” manner.

What Will You Do to Improve Your Disaster Response Plan?

Do you want more tips and resources like these – for FREE?

Join Anne Genge and I for the “Ask Me Anything” style webinar for healthcare professionals, practice managers, privacy officers, and owners on Friday, February 17, 2023 at 1pm EST.

Anne is the founder of Myla Training Co., and a multi-certified cybersecurity expert with global awards for her work in cyber risk management, ransomware prevention, as well as cybersecurity education for healthcare providers.

This month, we will be sharing disaster recovery tips for your practice.

It’s free to attend.

Once you register, you’ll have access to the Zoom link on the day of the event.

business continuity plan, disaster plan, emergency preparedness, incident response plan

Search the site

What is the elephant in the room?

The Elephant in the Room Find out here...

Privacy Policy

"I had the pleasure of working alongside Jean to develop a PIA for my Dental Office. I could not have completed this document without her. She was there to help me every step of the way. Her online course made it easy to communicate with her as well as having so many resources to use that were so helpful. Each Module had videos to watch that explained step by step what needed to be done. The PIA document is a lot of information to put together and if it's not enough information on its own, you also need to develop a policy and procedures manual. Jean has developed an amazing resource for this manual that was very user friendly and made a 300 page manual a lot more attainable than creating it on your own. I highly recommend taking Jean's PIA course and having her help throughout the process!"

- Lindsey Cave, Office Manager, Orion Dental Group

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2022 Information Managers Ltd.

0 shares
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}