Why is a Business Continuity Plan Important?

A Business Continuity Plan (BCP) defines the who, what, when, and where for how your medical practice personnel are to respond to a disruption of their normal operations.  More specifically, the BCP includes a predetermined set of procedures and documentation that defines the resources, actions, tasks, data, and processing priorities required to manage business continuity of your practice and restoration processes in the event of an incident.  An incident can come in many forms:  a simple power outage due to a storm that only last a several hours; a hurricane that knocks out all power in your region for a couple of days; a ransomware attack that takes hold of your entire computer system including EHRs that will take days if not weeks to resolve.  This article will discuss why a business continuity plan is important for your practice.

When most medical practices think about a business continuity plan (BCP), the initial thought is do I really need to spend the time and money to put together this document? 

The answer is YES!  And here’s why

It’s Required by Law

Business continuity in healthcare is now mandatory under the Health Insurance Portability and Accountability Act (HIPAA).  Business Continuity is reflected in the HIPAA Security Rules where it states an organization must “Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]”.  Furthermore, it requires technology and protocols to back up data, be able to rapidly restore data and continue operating in “emergency mode” after a critical event.

Impact on Patient Care

While physicians have many patients that they see only once or twice a year, some patients have critical conditions that require much more frequent visits so their condition can be closely managed, and the appropriate medications can be prescribed.  Imagine that your practice has to close for a day or maybe a week for a disaster – what will your critical patients do?  How will your patients get their prescriptions renewed?  Not being open can be life threating to some of your patients.

Practice Financials

Most medical practices operate in a kind of frantic, controlled chaos – everyone in the office working tirelessly from scheduling, check-in, physician appointments, billing ….. This process is repeated throughout the day non-stop.  If you and your staff are not in the office seeing patients because of an incident, then you’re not generating revenue and thereby impacting the bottom line of your practice.  

Reliance on Digital Records

As a part of the American Recovery and Reinvestment Act, all public and private healthcare providers and other eligible professionals (EP) were required to adopt and demonstrate “meaningful use” of electronic medical records (EMR) by January 1, 2014.  Since that time, almost all medical practices have some form of electronic health record (EHR) to manage patient records, prescriptions, and billing eliminating most, if not all, paper copies.  Computers are the lifeblood of a medical practice to keep operations flowing.  Without access to EHRs, a practice will come to a grinding halt.

Cyberthreats

Five years ago, most medical practices had never heard of the terms cyberthreat or ransomware.  It is estimated that 1 in 4 healthcare organizations will be hit by a ransomware attack.  Health organizations are an attractive target for cybercrime because of their valuable medical and billing information. The data can be sold for insurance-fraud purposes or it can be locked up and used to extort money from the affected medical practice.  Smaller health-care organizations are at greater risk because they generally don’t have the resources for robust security tools and do not have a dedicated cybersecurity specialist to monitor their computer systems and network.  If your practice is hit with a cyberattack, your practice will not have access to the EHR system, billing, email, and business/financial records.

A Business Continuity Plan is important for any smart business and it’s the law!

Follow us on Twitter, Facebook, and LinkedIn to join the conversation about building your practice.