Develop a Contingency Plan

Develop a Plan for Downtime & Data Loss

It might seem early to consider what could go wrong with an EHR, but now is the time to start contingency planning. At this stage it is important to know the potential impact of different architectures and technologies on a contingency plan. In evaluating vendors, consider what capacity they have to help you do this planning. This type of planning is required under the HIPAA security rule.

Circumstances to consider:

  • Scheduled downtime
  • Short-term system outage
  • Long-term system outage
  • End of life
  • Back-up and data loss

Scheduled Downtime

The issue here is understanding the amount of downtime the vendor expects for maintenance, upgrades, etc. Once you have a short list of a couple of EHRs, insist that each vendor schedule downtime that has the least impact on the practice (i.e., nights or weekends).

Short-term System Outage

This may be from either scheduled or unscheduled downtime. The issue here is what process and/or resources need to be in place to keep the practice functioning during the downtime. In a short-term outage (less than one day), workarounds can be put in place, such as stop scheduling non-acute visits until the next day or entering visit information on paper forms and entering it into the EHR when the system is back. It is important is for people to know what to do during the downtime and how to handle emergencies.

Long-term System Outage

Not only are there the same issues as short-term outage, but they are compounded by the length of downtime. Many of the stopgap measures successful in a short-term outage are not sufficient for a long-term outage (more than one day). This is where the contingency planning can really pay off. The following should all be part of the contingency plan:

  1. Alternative patient scheduling options
  2. Alternative data access
  3. Alternative data entry


The ultimate in system outages is end-of-life of the EHR. This may come due to collapse of the vendor and product or need to switch vendors or EHRs. The issue here is data migration. The contingency plan should lay out the responsibilities of the vendor to provide access to the data in a usable form.

Back-up and Data Loss

Part of the contingency plan contains procedures to prevent data loss. The backing-up of data from an EHR is more complicated than copying the data to a disc. The type of EHR purchased will govern the amount of resources needed to maintain adequate back-ups of the data. For example, application service provider (ASP) based system require the vendor to maintain the back-ups. With the ASP model you must confirm that the EHR vendor has the resources and procedures needed to adequately back up the data. (To learn more about back-up methods, check out the NIST guide listed below under "Resources.") In contrast, with a client-server based EHR the server resides in your office and you are solely responsible for backing-up the data.


  • Understand the needs and benefits of having a contingency plan
  • Learn the structure of a good contingency plan
  • Develop and implement a contingency plan