About a week ago Rideout Health went through every hospital’s nightmare – the HVAC system died in the middle of the day. The medical records system went down, and oncology could not provide radiation treatments to patients.
It took Rideout a full week to recover.
There was some media coverage, particularly in HealthCareITNews. It’s a good story after all.
The opinions expressed in the comments wound around the issue of whether the EHR was to blame for the outage. The article certainly intimated that there was a connection and the EHR vendor was a particularly easy target.
Unfortunately, the reality is that disaster recovery is a requirement for the hospital and not the vendor. HIPAA doesn’t require that your vendors have disaster recovery in place unless they are covered entities or business associates themselves. In this case, the hospital purchased software, installed it in their facility and (clearly) didn’t do enough disaster recovery planning.
It’s important to remember that HVAC failure is a relatively common event. We’re talking about big messy lumps of machinery that move air filled with dirt around. In my career I can think of two major incidents involved HVAC that required us to go on our disaster recovery plan. Believe me, you don’t forget that kind of thing.
Rideout had two basic problems working against them. First, a fairly common burn out of an HVAC system. Second, a backup system that failed because it was not adequately spec’d to do the work required in the data center. This wasn’t bad luck. In fact, it’s typical of how failures occur in safety sensitive systems, and the type of thing that should be accounted for in risk assessment and planning.
Not everyone agrees with me. Here’s a quotable quote:
Actually I am very aware about data centers, EHRs etc. Let me get this straight, the EHR being down for a week is not the vendor’s fault? Its the fault of a HVAC or data center? The EHR vendor has NO responsibility in this matter? Really? So when the EHR is sold, they do not make sure that there are backup systems in place? They are definitely to blame. If you want to be a EHR vendor, then step up and take some responsibility. You have to be sure your customers have immediate access in times of failure of HVAC, servers, data centers, disasters, etc. That is the EHR vendors responsibility. To walk away from that is irresponsible. [meltoots]
Hmmm … As an industry professional this one got my attention. The idea here, I guess, is that an EHR vendor should reasonably expect to work with the customer to ensure the disaster recovery/business continuance plan is adequate. Well, yes, they probably should work with the customer. They should advise, assist, and generally help plan. They should not design HVAC.
Either way, an embarrassing week for Rideout Health, and a tough week for their patients, but perhaps a natural consequence of switching to an electronic system with no paper chart backup. Remember, these systems are still relatively new. Imagine what will happen years from now as they age …
The real tragedy for Rideout – this happened right in the middle of a JCAHO accreditation visit!