Risk: Lack of policies and procedures in place to provide appropriate access to ePHI in emergency situations.
Explanation: During an emergency situation, it is vital that doctors still have access to ePHI.
There must be documented instructions along with practices and policies that need to be in place so that they are readily available for access in an emergency. The authorized personnel must be aware of how to get to these emergency procedures and operations in the event of an emergency. Physician practices must also determine the various types of emergency situations that would require access to ePHI.
Major Mitigation: Emergency procedures, processes and policies should be easily and readily accessible in the event of an emergency. The severity of emergencies may vary, for example, an emergency may result from an electrical power outage due to a natural or manmade disaster. Workforce members must be trained on the procedures and processes so that they are equipped to handle critical situations. With well trained workforce members, there is little chance of confusions in these kind of situations. They must also be aware of ways to gain access to ePHI in these conditions.
Success Criteria: Emergency situations happen rarely and hence proof that the procedures and policies are in fact working can only be proved for sure when such an emergency occurs. However, every physician practice must be well equipped in all aspects to face such an emergency. Frequent audits and periodic emergency drills need to be carried out to mimic emergencies and test out the policies and procedures in place.