<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

Disaster Planning and Recovery in Healthcare Organizations

Posted by Steve Unger on Jun 22, 2018 5:00:00 PM

When creating a data protection, backup and recovery strategy, healthcare organizations have an additional layer of complexity to consider – critical system availability. During emergencies, critical system availability prioritizes system availability in order of importance; articulating which ones need to be re-established first, second, etc. to ensure the least downtime for patient safety and uninterrupted quality of care.

Healthcare Organizations Are Mandated to Have Application and Data Availability Solutions

Disaster recovery (DR) planning is a mandate by HIPAA and the Joint Commission on Accreditation, Healthcare and Certification (JCAHO), a not-for-profit organization responsible for accrediting healthcare providers. JCAHO conducts annual reviews of clinical processes, including critical infrastructure disaster recovery.

System failures can occur from intentional acts such as cyberattacks or unintended—but no less disruptive—acts of nature (floods, hurricanes, etc.). In the event of a system failure, the organization must prioritize its recovery activities to ensure the essential services become available first, followed by less critical services, until full system restoration is complete.

‘High-Stakes Healthcare’: Managing Risk and Leaving Nothing to Chance

We’ve all experienced untimely computer freezes or kids upset that their computer’s battery died in the middle of a project or game. Losing data is frustrating and impacts productivity, which costs time and money. For healthcare organizations, this can result in the loss of life due to the unavailability of up-to-date patient information.

Traditionally, healthcare organizations recover applications by loading tapes – a legacy approach, which can take up to three days. Such backup protocols are acceptable for non-essential applications not involving patient or clinical care. However, high-priority data and patient-critical applications require swift recovery to ensure provider locations conducting real-time patient care can continue to function and maintain the continuum of care necessary.

Identifying Application and Data Availability Needs

As mentioned earlier, the consequences of disaster planning and data recovery within healthcare can range from life to death. ‘Life’ refers not only to patient survivability, but also to the ‘health’ of the organization as a business. The more preparation, the fewer the consequences. Conversely, ‘death’ can pertain to patient mortality, as well as organizational success, leaving the business in a state of decline. Tech Data has a team of experts skilled in assisting healthcare organizations to identify, plan and prioritize critical data recovery in the event of natural disasters or cyberattacks. Healthcare organizations with universally applied, non-prioritized data recovery plans could find themselves in the dark during an emergency.

Thresholds: How Much Data and For How Long?

Nothing in life is foolproof. While the adage, ‘what goes up must come down’ is based on the principles of gravity, it can be used metaphorically here with the same level of absolute certainty. Everything in life is finite, which includes product reliability. Therefore, while rates of failure have declined steeply due to quality improvement measures, there still lies a measurable level of probability in rates of failure. The question becomes, how much loss is acceptable? What’s the cost to the organization, should it occur?

Stating the infallibility of a system (i.e., ‘it can’t go down’) is much like saying that because you are healthy, exercise regularly and eat right, your lifespan is up to you. Your lifestyle can help, but ‘when’ isn’t your call. Another example might be that because you’re a fantastic driver, you don’t need auto insurance. Not only illegal in most states, but a major error in judgment, as your premise fails to consider other drivers “less gifted” than you. The premise of these arguments fails to consider unforeseen and uncontrolled events, therefore the logic is flawed and a fallacy of judgment. It’s good to expect the best, as long as you plan for the worst – thus the basis for having a priority-defined disaster recovery plan. How would staff react if required information, critical to patient health or survival, was unavailable for three days? 72 hours can be a long time.

It’s 10 O’Clock, Do You Know Where Your Recovery Plan Is?

For those old enough to remember, immediately preceding the local 10 p.m. news a voice would come on the air with, “It’s 10 o’clock, do you know where your children are?” Awareness as a parent cannot be understated. You must be aware of where your kids are at all times. In business, it’s no different. A good hospital or healthcare organization leader knows the strengths and weaknesses of the operation for which he or she has oversight. The Federal Occupational Safety and Health Administration (OSHA) requires most companies to provide fire prevention plans, emergency routes and action plans to protect employees. However, fire drills aren’t required. Disaster recovery is the same. Many think that having a plan in place is enough to protect them from an incident. How sure can they be if they don’t test it?

There are tools available that allow healthcare organizations and IT service providers to inspect IT environments and perform mock failovers without actually failing the database. Testing a disaster recovery plan can help identify areas of improvement so companies can move forward with confidence.

Do You Have the Required Resources or Technical Capabilities to Recover Quickly in the Wake of a Disaster?

Healthcare customers might not have IT in their wheelhouse – in fact, approximately 23 percent of hospitals don’t have disaster recovery plans at all. This is where you can emerge as a trusted IT services provider. Healthcare organizations need a partner to help them establish effective policies, select the appropriate solution set, implement and test a disaster recovery plan, and more. Become their trusted advisor– the one capable of ensuring the safety of their business and potentially the lives of their patients. Tech Data has the knowledge, personnel and technology capabilities to help.

To learn more about Tech Data solutions go to levelup.techdata.com

About the author

Steve Unger
SolutionsPath Healthcare Consultant for Tech Data

Tags: data recovery, data security, disaster recovery, Healthcare, healthcare records management

Subscribe to Email Updates