EHR access lost during Hurricane Sandy
Hurricane Sandy this week tested East Coast health care systems’ electronic infrastructure. Emergency preparedness plans were implemented fairly successfully for most health care facilities, allowing them to continue to operate adequately. Others, however, were negatively impacted, including some which lost access to their EHRs.
It is absolutely critical that health care providers, even in areas which are not prone to massive weather-related disruptions, consider and implement back up plans for their IT systems. The crisis at NYU Langone center in Manhattan demonstrated just how dependent we are on electronic systems and power supply. It is imperative that the IT staff at each healthcare provider organization knows that its important software systems including EHRs are backed up, and that the organization's data - including patient data - is readily available, and is never lost due to a storm or an earthquake.
Via Modern Healthcare:
Power outages across New Jersey, New York and Pennsylvania forced some hospitals to evacuate and others to rely on backup generators in the wake of superstorm Sandy.
The powerful and massive storm, which reached the coast in southern New Jersey around 8 p.m. on Monday, is responsible for at least 35 deaths, the Associated Press reported.
One Manhattan hospital was forced to evacuate 300 patients hours after Sandy's landfall when backup power failed. Evacuation of the New York University Langone Medical Center was complete by late Tuesday morning, a statement from the hospital said.
Meanwhile, plans to evacuate about 200 patients from Coney Island Hospital were underway early Tuesday afternoon, said Evelyn Hernandez, a spokeswoman for New York City Health and Hospitals Corp., which owns the hospital. Backup power was restored on Tuesday to Coney Island Hospital after it lost power during the storm. Most patients who depend on ventilators or other devices were evacuated ahead of the storm, but seven critically ill patients remained at Coney Island Hospital and relied on battery-supported ventilators during the power outage. Those patients were transferred elsewhere Tuesday morning.
In New Jersey, Palisades Medical Center, North Bergen, began evacuating 83 patients Tuesday morning, said Donna Leusner, a spokeswoman for the New Jersey Department of Health. Flood damage knocked out power to Palisades Medical Center, said a spokeswoman with Hackensack (N.J.) University Medical Center, where Palisades patients were transferred by National Guard troops after 9 a.m. on Tuesday. Hackensack University Medical Center was expected to accept 51 patients from Palisades Medical Center, Nancy Radwin, an HUMC spokeswoman said.
Approximately 30 New Jersey acute-care hospitals were operating on backup generators after the storm, said Kerry McKean Kelly, a spokeswoman for the New Jersey Hospital Association.
Eight Pennsylvania hospitals experienced power outages and were operating on backup generators on Tuesday, the state Health Department said.
North Shore-Long Island Jewish Health System reported that Glen Cove (N.Y.) Hospital, Huntington (N.Y.) Hospital, Plainview (N.Y.) Hospital, Syosset (N.Y.) Hospital and its Stern Family Center for Rehabilitation, Manhasset, were operating on backup power, as was one campus of the two-campus Staten Island University Hospital in New York City.
Also, Staten Island University Hospital could no longer access electronic health records after flooding on Monday disrupted power to the building where data is stored. Doctors continued to use paper records on Tuesday.
Other hospitals lost access to EHRs during the storm. Doctors at West Penn Allegheny Health System in Pittsburgh reverted to paper and written orders as the storm came ashore and damaged a data center in Mountain Lakes, N.J. Dan Laurent, a spokesman for the system, said Allegheny General and Western Pennsylvania hospitals, both in Pittsburgh, and the emergency room at Forbes Regional Hospital, Monroeville, could not access electronic medical records between 8:30 p.m. on Monday and 4 a.m. on Tuesday.
By Melanie Evans
“Superstorm Sandy knocks out power at East Coast hospitals, prompting evacuations,” Modern Healthcare (October 30, 2012)
The 
A spreadsheet containing personal data of 20,000 emergency room patients of Stanford Hospital appeared on Student of Fortune, a Web site which "crowdsources" homework to other students online. The lost data included names, admission dates, diagnoses and other sensitive information. According to the New York Times, the spreadsheet was uploaded to this site by a billings contractor of Stanford Hospital, when an employee tried to solicit help on how to create a graph from the data in the spreadsheet. As Gawker reasonably speculated, a contractor's employee probably did not know how to create a graph and "so uploaded it to the homework helper website and offered, probably, a buck or two if someone could do it for them."
Our own Steve Fox was interviewed by 
On July 7, 2010, HHS issued a notice of proposed rule making (NPRM) regarding the changes to the HIPAA Privacy, Security and Enforcement Rules, as provided in the HITECH Act, in order "to strengthen the privacy and security protections for health information and to improve the workability and effectiveness of the HIPAA Rules." 
The Wall Street Journal devoted the front page of its "Marketplace" section to a 