10 key components to an incident response plan, ranked by hospital adoption

Jessica Kim Cohen -

Almost all provider organizations have outlined procedures for how to address an EHR outage in the wake of an information security incident, according to the 2018 HealthCare's Most Wired survey, which the College of Healthcare Information Management Executives released Oct. 31.

This marks the first year CHIME has administered the Most Wired survey, which it acquired from the American Hospital Association in July 2017. For the survey, CHIME polled leaders from more than 600 healthcare providers about IT infrastructure, including interoperability, information security, population health management and patient engagement capabilities.

Here are 10 components to a comprehensive incident response plan, all of which CHIME notes as important in the wake of an information security event. The components are ranked by providers' current adoption:

1. Documented EHR-outage procedures: 97 percent

2. Security and privacy breach notification procedures: 94 percent

3. Tabletop exercise at least annually: 76 percent

4. Disaster-recovery plan tied to business-continuity plan: 75 percent

5. Marketing and communications team included in planning and exercises: 72 percent

6. Human resources team included in planning and exercises: 67 percent

7. Other members of organization — outside of marketing, communications, human resources, resource management and legal teams — included in planning and exercises: 64 percent

8. Resource management team included in planning and exercises: 63 percent

9. Legal team included in planning and exercises: 60 percent

10. Enterprisewide exercise held at least annually: 51 percent

To download CHIME's survey, click here.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.