Thousands of physicians lost access to patient records due to the Allscripts ransomware attack at the electronic health record (EHR) vendor’s Raleigh and Charlotte, N.C., data centers Jan. 18.
Although Allscripts continues to work to restore data while protecting patient information, some physicians still do not have access.
This is a good time to review and update contingency plans so your practice will be prepared if patient information is not available at the point of care. Your cyber risk management plan should include proactive compliance with federal and state medical privacy laws, and appropriate cyber insurance to pay any direct and indirect costs.
Some key things to remember:
- All patient encounters must be documented. Once the EHR is accessible, the paper can be scanned into the patient’s chart. Remember, what is scanned is not searchable. Be sure to enter any lab values received or any prescriptions sent so that the data is accessible for later reports.
- If you are participating in meaningful use, Merit-Based Incentive Payment System (MIPS), or other quality programs, be sure to enter any quality data that you are tracking for these programs.
- You may be able to get prescription history via the pharmacy or health plan.
- Be sure to contact your medical professional liability carrier. If you are insured by the Texas Medical Liability Trust (TMLT), $100,000 in cyber liability coverage is part of your medical professional liability policy (with the option to purchase, on a discounted basis, enhanced buy-up cyber insurance). In addition, there is optional coverage for dependent business interruption and extra expense coverage. More details on that coverage can be found on TMLT’s website. Also, see TMLT’s Blog regarding the Allscripts event and your business associate agreement.
More tips on how to prepare for natural and man-made disasters can be found in this article published in the December issue of Texas Medicine.
Last Updated On
February 08, 2018