Key points
- Liaise with IT support services to check your systems are optimally protected and implement any recommendations
- Ensure all staff have an appropriate understanding of cyber security
- Include a protocol for handling IT failures in the practice business continuity plan, which should be produced in hard copy
- Prepare information for patients in advance as it is likely to have
a better tone than anything written in
a crisis - Have a pre-considered process to manage appointments – it may be a simple triage to distinguish between patients who are unwell on the day, and those who are attending for
a non-urgent review - Assume that no IT systems will function, and devise paper templates for all activities that are undertaken digitally – such as appointments, reception messages, prescription handling and updating records
Dr Jonathan Inglesfield is a GP in Cranleigh, Surrey and clinical director for primary care transformation for Surrey Heartlands ICS
System failures can seriously affect GPs’ day-to-day working lives. We may lose access to the whole medical record, our appointment book, prescribing support, the ability to make referrals and even basic information such as patients’ names and addresses.
IT failures of some degree are a common occurrence, and practices need to be prepared for them.
High-profile failures earlier this year have seen large numbers of practices suffer total system loss, sometimes for days at a time.
There are implications for the efficiency of the practice and patients’ experience. Patient safety and associated medicolegal issues are paramount.
If the medical record cannot be accessed, the detail of presenting events cannot be contemporaneously and robustly recorded, and neither can assessment and care. If we do not know why and how the patient presented, our ‘longitudinal view’ of care is broken, and we are unable to prove appropriate care was given at each stage of the patient journey.
If the practice prescribing system fails, there may be delays in the processing of prescriptions. We also lose drug interaction and safe prescribing alerts. More worryingly, true clinical risk may occur if a patient runs out of medication because of a delay getting a repeat, or if prescribing errors occur later when the practice is under pressure and attempts to catch up with the backlog.
The loss of the appointment system creates a special kind of disruption. Not only are we challenged to provide care for attending patients, we may not even know who is about to visit us.
There may also be implications for telephone systems with the move to cloud-based telephony, as phone access may be affected.
So it is vital that practices are well prepared for IT outages.
1: Liaise with IT support services and pre-empt issues
Liaise with your IT support services to proactively check your systems are optimally protected. Take careful account of any recommendations and ensure they are fully implemented. The IT department should take care of obvious hardware precautions, such as the provision of uninterruptible power supplies.
However, there may be issues that require practical action from the practice, such as security precautions. You should document these with staff, such as phishing, poor password management, and the use of portable USB memory sticks, all of which put the practice systems at risk. These policies should then be documented in the practice’s data security and protection toolkit, a self-assessment toolkit hosted by NHS Digital. This requires organisations to ensure all staff have ‘an appropriate understanding of cyber security’.
Click here to read the full article and download your certificate logging 1.5 CPD hour towards revalidation
Not a Pulse365 member? Click here to join and gain access to over 400 CPD modules
