Impact of Hospital Downtime on Patient Safety: Are you Engaging Your Risk Management Department?

By Mari Tietze, PhD, RN, NI-BC, FHIMSS, FAAN and the TNA/TONL HIT Committee Members 

Background 

In an era where hospitals heavily depend on electronic documentation and service management systems, the concept of downtime can be daunting. A "downtime" occurs when these critical digital infrastructures go offline, whether due to cyber-attacks, system failures, or other unforeseen incidents. Such events, though rare, can significantly impact patient safety, placing additional responsibilities on the hospital's risk management department. 

Challenges of Downtime 

When a hospital experiences downtime, healthcare providers face immediate challenges. Electronic Health Records (EHRs), which contain essential patient information, become inaccessible. This forces a shift to paper-based documentation, which can be prone to errors and inefficiencies. Without electronic alerts and reminders, the risk of missed medications, delayed treatments, and overlooked allergies increases, directly compromising patient care. 

Ransomware attacks, in particular, have become a growing threat. According to recent reports, U.S. healthcare organizations have faced hundreds of ransomware attacks, leading to extensive downtime and significant financial losses. According to a popular cybersecurity firm, the number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, exposing nearly 52 million patient records. On average, these incidents result in 17 days of downtime, costing healthcare organizations millions of dollars. These statistics highlight the urgency of robust downtime preparedness. 

Responsibility of the Risk Management Department 

The hospital's risk management department is at the forefront of ensuring patient safety during downtime events. This department plays a pivotal role in developing, implementing, and regularly updating the hospital's downtime procedures. They are responsible for conducting risk assessments, identifying potential threats, and creating contingency plans that enable seamless transitions to manual systems. 

Risk managers work collaboratively with multidisciplinary teams, including IT experts, clinical staff, and administrative leaders, to ensure that all staff members are trained and well-prepared for downtime situations. Regular drills and training sessions are essential to ensure that everyone knows their role and can act swiftly to maintain patient safety. 

In addition to planning and training, the risk management department is responsible for monitoring and evaluating downtime incidents. They conduct thorough reviews to identify areas for improvement and update procedures accordingly. This continuous evaluation process is crucial for enhancing the hospital's resilience and ensuring that patient care remains uninterrupted, even during digital disruptions. 

Conclusion 

The impact of hospital downtime on patient safety is profound, and the responsibility for managing these events falls squarely on the shoulders of the risk management department. By proactively addressing potential risks, developing robust contingency plans, and fostering a culture of safety, risk managers play a vital role in safeguarding patients during unplanned downtime events. As hospitals continue to navigate the complexities of the digital age, the importance of effective risk management cannot be overstated. 

 
This article was written with support from the TNA/TONL HIT Committee to bring broad awareness and education to nurses. The HIT committee is currently developing topics for detailed, actionable downtime preparedness as part of disaster preparedness. If your organization has developed best practices for downtime and want to share, please email tna@texasnurses.org.  

Bibliography List 

American Society for Healthcare Risk Management. (2020). Developing and implementing hospital downtime procedures. Retrieved from https://www.ashrm.org/resources/developing-and-implementing-hospital-downtime-procedures. 

Healthcare Information and Management Systems Society. (2021). Impact of ransomware attacks on healthcare organizations. Retrieved from https://www.himss.org/resources/impact-ransomware-attacks-healthcare-organizations. 

Massachusetts General Hospital. (2018). Hospital preparedness for unplanned information technology downtime events. Retrieved from https://www.massgeneral.org/assets/mgh/pdf/emergency-medicine/downtime-toolkit.pdf 

Eddy, N. (2024, December 31). Ransomware downtime costs U.S. healthcare organizations $1.9M daily. Healthcare IT News. Retrieved from https://www.healthcareitnews.com/news/ransomware-downtime-costs-us-healthcare-organizations-19m-daily 

Taylor & Francis. (2022). Overcoming unplanned downtime in healthcare. Retrieved from https://www.taylor.com/blog/mitigating-unplanned-downtime-events-in-hospitals.