As the dust settles on the dystopian event that was Crowdstrike taking out major global industries due to their upgrade failure; I can’t help but reflect on how impactful this was on the healthcare industry.

In case you’ve been living under a rock, Crowdstrike implemented an update on July 19, 2024 that was core to Microsoft operating systems - but it turns out there was a bug in the new code that caused the blue screen of death across a variety of technical industries, including healthcare.

If you’re part of the healthcare industry what’s particularly unsettling about this incident is that there are supposed to be safeguards in place to avoid such errors and minimize disruption should one occur.  HiTRUST certification, disaster recovery planning, tabletop exercises for a variety of technical issues and outages are all commonplace in the healthcare industry. And while the hospitals I work with train and prepare to revert to paper charts in these situations, the void of medical information on the patients they’re treating is a major liability since it’s locked inside the system they’re unable to access.

Health Information Exchange (HIE), a two-decade old approach to aggregating healthcare data for the purpose of community data access, reporting and analytics, is yet another tool to safeguard the healthcare industry from unexpected incidents.

Let’s review how this played out during the latest Crowdstrike incident; hospital technical and/or Electronic Medical Record (EMR) system goes down; staff revert to paper charts to be able to continue to deliver care.  Hospital staff have access to their Health Information Exchange, allowing them to login (they did need a working computer or phone for this); since the hospital contributes their own medical records data to the HIE, all information on their current patient rosters is available to them as they make medical decisions.   Rather than making decisions without medical history data available, they’ve got aggregated medical data available to support them.

Is this an ideal scenario? No, the hospital themselves should have redundancies in place to defend against their systems going down.  Is this a valuable backup plan? Yes!  All healthcare systems should include their Health Information Exchange into their disaster recovery plans, even if it’s plan D.