Business Continuity and IT Disaster Recovery for Health Care Organizations
- Health Care
Free Download: CMS Assessment Checklist
Curious how your program stacks up against CMS? Download our free CMS Assessment Checklist to find out.
BUSINESS CONTINUITY IS OFTEN MISSING IN HEALTH CARE
Are you one of the many health care organizations that mainly focus on the Joint Commission mandated areas of emergency management and IT disaster recovery? If so, you man be missing the key element of business continuity.
Emergency management typically focuses on the role of a hospital as a first responder – mostly outward facing to ensure that clinical operations can continue no matter what happens to the physical hospital or community. IT disaster recovery, another area of focus, addresses protecting critical clinical systems that, if unavailable, would affect patient care and safety. While important, emergency management and IT disaster recovery miss key areas of “the business” that could determine if a health care organization is able to reopen following a business interruption.
WE BRIDGE THE GAP
Our team is fluent and comfortable with bringing together representatives from IT, emergency management and other areas to establish a unified group that addresses all aspects of business interruptions. We focus on empowering each respective area, but also creating a sense of shared responsibility for protecting patients and the business of delivering health care. A key tool we use in bridging the gap is a common planning framework that allows each group to establish a common vocabulary for discussing continuity planning and execution. The plan framework includes common terms, plan formats, information repositories, and team structures. The health care industry is lucky to already have such a platform in the hospital incident command system (HICS). HICS incorporates federal NIMS and ICS standards, so any employees already trained in those topics will be familiar with HICS. Are you ready to get started? Let's connect!
EFFECTIVE IT RECOVERY – DON’T TAKE IT FOR GRANTED
Every hospital in the US is required to regularly backup and test its critical systems to support its accreditation (most often through the Joint Commission). However, we have met many hospitals that do the bare minimum to meet these regulatory requirements. As a result, in a real disaster, these organizations have no idea how long they would be down (or if they could recover at all). In our experience, most hospitals doing the bare minimum for disaster recovery would likely be down for 2-3 weeks if a disaster occurred in their data center. That is totally unacceptable in a health care world that increasingly relies on electronic medical records. Unfortunately, it’s a challenging (and expensive) problem to solve, especially if it’s been ignored for years.
- Hospital System and Health Department Performed an IT-specific business impact analysis aimed at understanding clinical and support process’ dependencies on IT systems and identifying existing downtime procedures/controls, in order to determine recovery objectives. Designed a complex IT operation strategy that resulted in alignment with recovery requirements, and ultimately protecting the delivery of patient care. Result – A robust IT disaster recovery strategy, enabling IT to meet the business’ recovery requirements.
- Regional Hospital Chain Created a technology strategy designed to avoid situations where manual workarounds would be unable to sustain world-class patient healthcare delivery. A few months later, provided hands-on assistance with the response to a major business interruption – supporting in-house personnel assigned to the incident management team.
- Not-For-Profit Managed Health Care Provider Performed table top exercises to gain executive management’s support, necessary to expand the business continuity and disaster recovery program. Enhanced the existing program to align to management’s recovery expectations and tolerances, including redesigning the IT disaster recovery strategy to ensure IT assets were recoverable within management’s expectations. Result – An integrated business continuity and IT disaster recovery program, which met executive management’s expectations regarding downtime tolerances and recovery capabilities.
For additional information on this topic, we recommend checking out:
Free Download: CMS Assessment Checklist