[ Tuesday, November 16, 2004 ]
Here's an interesting snipped I just received in an email from Medical Newswire's Hospital Compliance Wire, discussing emergency and disaster planning (this is copyrighted material, and I'm assuming this is fair use since I got it in an email for free):
DURHAM, NC (Hospital Compliance Wire) Are you having a hard time helping your staff get their heads around your disaster recovery procedure? With a little guided practice, your team will be sniffing out disasters in no time.
Plan of action: Make a list of the emergency and disaster situations your organization might face, suggests Stephen Priest, a consultant with Professor Steve & Associates in Bedford, VT. Decide how your facility will handle each scenario and then see how your employees respond, he says.
Remember: In an emergency, you must continue to operate. With a disaster, operation is impossible and you've got to find a way to get recover, Priest says. Here are some sample scenarios:
INSTRUCTIONS: For each scenario below, note whether the situation is an emergency, a disaster or both. On a separate sheet of paper, write how you'd respond.
1. A patient in one of your waiting rooms goes into cardiac arrest. The only doctor in the department is a visiting physician who does not have authorization to see the patient's medical record.
2. A doctor shows up for work Saturday morning, but cannot find her badge. Without that token, she cannot access any e-PHI.
3. You are entering patient information in your electronic records management system when a three-block power outage occurs. Your entire facility is without power.4. A patient presents for a hernia removal. You see that he is scheduled for today, but you cannot find his medical record.
5. An e-mail virus hits your network. Your computers are down indefinitely and all data from the last 24 hours is destroyed.
6. A glitch in your system wipes out a month's worth of the financial information your facility needs to send out bills.
7. A pipe bursts in your medical records room.
8. A physician who often refers his patients to your facility calls for backup support after a hurricane destroys his office.
9. A patient presents for surgery on her brain tumor, but can remember neither the time of her appointment nor her doctor's name.
10. You get a call in the middle of the night that a fire just destroyed an entire lab, including its equipment and supplies.
It's a pretty neat little exercise for Privacy and Security officers to see how well your staff might respond to disasters and emergencies. I'm sure you can think of some other scenarios, too. This might be a useful exercise to go through several times a year, as part of your regular HIPAA training, to make sure your people are thinking of what might happen and how to anticipate, plan, and respond when the unexpected occurs.
Jeff [10:57 AM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template
