Health Care

Business Continuity and IT Disaster Recovery for Health Care Organizations

Free Download: CMS Assessment Checklist
Curious how your program stacks up against CMS? Download our free CMS Assessment Checklist to find out.


Are you one of the many health care organizations that mainly focus on the Joint Commission mandated areas of emergency management and IT disaster recovery? If so, you man be missing the key element of business continuity.

Emergency management typically focuses on the role of a hospital as a first responder – mostly outward facing to ensure that clinical operations can continue no matter what happens to the physical hospital or community. IT disaster recovery, another area of focus, addresses protecting critical clinical systems that, if unavailable, would affect patient care and safety. While important, emergency management and IT disaster recovery miss key areas of “the business” that could determine if a health care organization is able to reopen following a business interruption.


Our team is fluent and comfortable with bringing together representatives from IT, emergency management and other areas to establish a unified group that addresses all aspects of business interruptions. We focus on empowering each respective area, but also creating a sense of shared responsibility for protecting patients and the business of delivering health care. A key tool we use in bridging the gap is a common planning framework that allows each group to establish a common vocabulary for discussing continuity planning and execution. The plan framework includes common terms, plan formats, information repositories, and team structures. The health care industry is lucky to already have such a platform in the hospital incident command system (HICS). HICS incorporates federal NIMS and ICS standards, so any employees already trained in those topics will be familiar with HICS. Are you ready to get started? Let's connect!


Every hospital in the US is required to regularly backup and test its critical systems to support its accreditation (most often through the Joint Commission). However, we have met many hospitals that do the bare minimum to meet these regulatory requirements. As a result, in a real disaster, these organizations have no idea how long they would be down (or if they could recover at all). In our experience, most hospitals doing the bare minimum for disaster recovery would likely be down for 2-3 weeks if a disaster occurred in their data center. That is totally unacceptable in a health care world that increasingly relies on electronic medical records. Unfortunately, it’s a challenging (and expensive) problem to solve, especially if it’s been ignored for years.


  • Hospital System and Health Department Performed an IT-specific business impact analysis aimed at understanding clinical and support process’ dependencies on IT systems and identifying existing downtime procedures/controls, in order to determine recovery objectives. Designed a complex IT operation strategy that resulted in alignment with recovery requirements, and ultimately protecting the delivery of patient care. Result – A robust IT disaster recovery strategy, enabling IT to meet the business’ recovery requirements.
  • Regional Hospital Chain Created a technology strategy designed to avoid situations where manual workarounds would be unable to sustain world-class patient healthcare delivery. A few months later, provided hands-on assistance with the response to a major business interruption – supporting in-house personnel assigned to the incident management team.
  • Not-For-Profit Managed Health Care Provider Performed table top exercises to gain executive management’s support, necessary to expand the business continuity and disaster recovery program. Enhanced the existing program to align to management’s recovery expectations and tolerances, including redesigning the IT disaster recovery strategy to ensure IT assets were recoverable within management’s expectations. Result – An integrated business continuity and IT disaster recovery program, which met executive management’s expectations regarding downtime tolerances and recovery capabilities.


For additional information on this topic, we recommend checking out:

Free Download: CMS Assessment Checklist

Hospital Preparedness: The Intersection of HICS, Business Continuity and IT Disaster Recovery

Hospital Response and Recovery During Disasters: Extending Emergency Management’s Role in the Response and Recovery Effort

The Four Missing Keys to Business Continuity Management in Healthcare

Explore Business Continuity 101

Business Continuity 101 answers the most common questions we receive about business continuity and explores the key planning activities and outcomes that drive success.

Avalution Recognized as a Leader by Gartner

Avalution has again been positioned as a Leader for Catalyst in Gartner's July 2017 Magic Quadrant for Business Continuity Management Program Solutions, Worldwide. View the Release.

We design business continuity and IT disaster recovery solutions that are tightly aligned to the strategic priorities of the organization.
If you’re looking for assistance with building or improving your program, contact us today!


or View Our Services Page