When home health agency administrators think about disaster recovery, they usually think about backups. Do we have one? Is it running? Good — we're covered.
They are not covered.
A backup is a copy of data. Disaster recovery is the documented, tested process of restoring operations — including care delivery — when the technology that runs your agency fails. For a home health agency, that process must address not just how to restore the EHR but how nurses continue visiting patients, how care coordinators manage assignments, how billing functions while systems are being restored, and how the agency communicates with families and referral partners during an outage.
The difference between a backup and a disaster recovery plan is the difference between having water in your basement and knowing how to pump it out, fix the leak, and keep the lights on while you do.
Why Home Healthcare Needs a Different Disaster Recovery Approach
A hospital that loses its EHR for 12 hours is serious. Staff are in the building, paper backup processes exist, and clinical leadership can manage the transition manually.
A home health agency that loses its EHR for 12 hours has nurses in the field — some in patient homes at that moment — who cannot access care plans, medication orders, or emergency contacts. They cannot document their visits. Supervisors cannot track completion. Scheduling staff cannot manage assignments. The care disruption is immediate and distributed.
Disaster recovery for home healthcare must be designed for distributed operations. That means:
- Field staff can function safely without EHR access for a defined period
- Supervisors have a communication pathway to reach every nurse in the field
- Paper-based backup processes are defined and documented before they are needed
- Priority patients — those requiring time-sensitive medication administration or complex care — are identified and managed first
The Five Components of a Complete Disaster Recovery Plan
Component 1: Backup Infrastructure (The Foundation)
Your backup is the raw material of recovery. But the backup must be:
Immutable: Stored in a way that cannot be encrypted by ransomware. Cloud-based immutable storage, isolated from your production network, is the current standard. An external hard drive connected to your server is not immutable — ransomware encrypts connected drives.
Complete: Covering all ePHI and operational data — EHR exports (if cloud-hosted by your vendor, understand what you are responsible for backing up), scheduling data, email, billing records, and any locally stored documents.
Automated: Running on a defined schedule (at minimum daily) without requiring manual intervention. A backup that requires someone to remember to run it will eventually fail.
Tested: Proven to restore successfully. A backup that has never been tested is an untested assumption. Test restoration at minimum annually, and document the test results.
Retention: Maintaining historical backups for at least six years, per HIPAA's documentation retention requirement.
Component 2: Recovery Time Objectives (RTO)
How long can your agency operate without each critical system before patient care is significantly compromised? Document a realistic Recovery Time Objective for each:
- EHR system: How long can nurses function without access before patient safety is at risk? For most home health agencies, the answer is 4–8 hours — enough time to complete morning visits with paper documentation, but not a full day.
- Scheduling system: How long can assignment management function manually? Typically 4–8 hours with phone-based coordination.
- Email: How long can clinical coordination function without email? Phone-based coordination can substitute for 24–48 hours with effort.
- Billing system: Billing disruption is financially costly but not an immediate patient safety concern. RTO of 24–72 hours is typically acceptable.
Your disaster recovery infrastructure should be designed to meet these RTO targets. If restoring from backup takes 48 hours but your EHR RTO is 8 hours, your infrastructure is inadequate regardless of how good the backup is.
Component 3: Downtime Procedures
The period between a system failure and full restoration is the downtime period. Your agency must be able to continue safe patient care during this time. Downtime procedures specify exactly how.
For field nurses:
- Pre-printed patient information cards for priority patients (updated at the start of each week) — including name, address, emergency contact, primary diagnosis, medication list, and care plan summary
- Paper visit documentation forms, pre-stocked in nursing bags
- A designated communication tree: who nurses call if they cannot reach the EHR, and who coordinates urgent clinical changes manually
For scheduling and coordination staff:
- A current paper or offline-accessible schedule for each nurse and patient
- A phone tree for reaching all field staff without electronic systems
- Prioritization criteria: which patients cannot have visits delayed under any circumstances
For clinical supervisors:
- A mechanism for confirming visit completion without the EHR (nurse check-in calls)
- Clinical decision authority during downtime — who makes the call if a care plan needs to change and the EHR cannot be updated
Component 4: Communication Plan
During a disaster recovery event, three audiences need communication:
Staff: What happened, what they should do, who they should contact. A pre-written communication template for each downtime scenario (EHR outage, ransomware, internet outage) saves critical time at the moment you need it.
Patients and families: If care will be delayed or disrupted, patients and families need to know. A pre-written script for the call center or supervisors making proactive calls reduces improvisation and confusion.
Referral partners and hospitals: Hospital discharge coordinators sending new referrals during a system outage need to know the agency can still accept patients and how to communicate during the period. A single designated point of contact for external communication during a disaster prevents conflicting messages.
Component 5: Testing and Annual Review
A disaster recovery plan that is never tested is a theoretical document. Test the plan — not just the backup restoration — at minimum annually:
Tabletop exercise: Gather leadership and walk through a realistic scenario (ransomware attack on a Tuesday morning). Identify gaps in the documented procedures, communication plans, and decision authorities.
Backup restoration test: Actually restore data from backup to a test environment. Confirm the restoration works, document the time required, and confirm the restored data is complete.
Downtime drill: Simulate a brief EHR outage during a low-census period. Have field staff use paper processes. Identify what doesn't work in practice that looked fine on paper.
ShieldForce builds disaster recovery into every home health managed security plan.
Immutable backups, RTO-aligned recovery infrastructure, and tested incident response — all included.
Explore Home Healthcare Cybersecurity →
Get a free assessment of your current disaster recovery posture.