Disaster relief preparedness
Answers in Practice
By Swapna Pachauri, MPH, manager, Health Technology & Informatics, June 1, 2021
Each month DermWorld tackles issues “in practice” for dermatologists. This month Swapna Pachauri, MPH, the Academy’s Health Technology & Informatics manager, offers a summary of disaster relief preparedness.
Disasters and emergencies can happen at any time and without warning. Do you know if your dermatology practice is prepared? Are you aware if your practice has set up certain steps for a disaster recovery and emergency response plan? Most importantly, if you own an electronic health record (EHR) system in your practice, is your information protected? It is necessary to know the protocols in place at your practice and prepare for any type of disaster or emergency.
Office disaster recovery and emergency response
There are several steps to take in order to prepare your office. First, verify that your practice complies with the Health Insurance Portability and Accountability Act (HIPAA), and ensure that your response plan is updated annually. All those working in your practice should be aware of the preparedness plan.
Tip: Present the preparedness plan to new staff during their orientation and encourage current staff to join so they are aware of any annual updates.
Think about the following protocols when creating or updating your emergency plan:
See more in-depth information on these workplace safety protocols.
Even after the disaster, create specific actions in order to confirm that your practice is running smoothly, your staff is in a good mindset to work again if operations changed or ceased for a period of time, and that your patients are aware of any internal and external changes going on at the practice. Also, review your current disaster preparedness plan again and think about how and if the current plan was effective. What adjustments and improvements can be made? Follow-up with practice staff and physicians to see how the plan could be enhanced.
Although your practice must always comply with HIPAA policies, sometimes during a disaster or other emergency, the secretary of HHS may waive certain provisions of the Privacy Rule, and the Office for Civil Rights may offer temporary enforcement discretion, guidance, and announcements (e.g., public health emergency information for COVID-19).
If you participate in the Merit-based Incentive Payment Program (MIPS) and your practice is impacted by a disaster in the area, the Extreme and Uncontrollable Circumstances Hardship Exemption can help you avoid penalties through the Quality Payment Program.
Academy workplace safety resources
The Academy offers in-depth information on workplace safety protocols.
Protecting electronic health information during disasters
According to the Academy’s Practice Profile Survey, the majority of Academy members are using EHR systems in their dermatology practice. Even if you are not living in a disaster or emergency-prone area, it is important that you protect all patient health records, information, and data.
Regardless of whether you are using cloud storage or remote servers, back up and test your backup data on a regular basis. Maintain at least three copies of all your data on some type of cloud backup or recovery system; this is an extra precaution so that physicians will always have access to information regardless of what their situation may be. Check with your EHR vendor as they usually have protocols for back up and storage. Remember, these systems must be HIPAA compliant.
Consider following these three steps when protecting electronic health information during disasters:
Back up data and test your EHR backups frequently.
Develop policies and procedures (designate a point of contact who understands what to do with your data and who can update this policy).
Set up a provision (operations in an alternate facility).
The Academy offers in-depth information on each of these steps to protect information.
Do you have a secure communication strategy or plan of notifying patients or physicians should a disaster or emergency occur? Check with your legal or malpractice advisor and find out if there is specific language that should be included in this notice. While developing and updating your plans, invest in reliable cyber liability insurance and find out if the insurance will cover legal claims. Cyber liability insurance will assist with covering a practice’s cost to recover from data loss, a data breach, viruses, cyberattacks, and more. This is a safeguard for data that are stored in the cloud or any electronic device.
Academy workplace violence resources
Learn how to prevent, recognize, and properly respond to workplace violence.
The most important piece to consider, if a disaster or emergency occurs, is that your physicians, staff, and patients are safe and prepared, and that all personal health records and information are secured and backed up properly. Continue to train staff members on any new and revised plans so everyone is on board with what to do.
Lastly, check out the Academy’s Compliance tool* to determine if your dermatology practice is prepared for disasters and emergencies, and identify any gaps in your plans.
* Note: This tool is for educational/informational purposes only. It is not intended to convey legal advice, nor does it in any way guarantee that an individual or organization will satisfy workplace safety regulatory requirements.
