Don’t be left under water and unprepared in case of a natural disaster. If we learn anything from Hurricanes’ Harvey, Irma, and Maria, it is that you need to have a plan in place to maintain operations or recover from a natural disaster. Your healthcare organization has a wide variety of systems, including your electronic health record, that must remain operational to ensure the wellness of your patients.
Having detailed business continuity and disaster recovery plans in place that allow you to deliver uninterrupted services and meet the needs of your patients, employees and community members is a necessity to bounce back quickly from a disaster. Effective business continuity and disaster recovery plans take into account disasters such as fires, earthquakes, hurricanes, or pandemic illnesses. These plans and strategies are ever-evolving and are adjusted for whichever disaster would require contingency operations and/or recovery. The ultimate goal is to recover an organization’s operational functions following a disaster as quickly as possible. Or better yet, prevent downtime or service interruption altogether.
If business continuity and disaster recovery planning is not a priority in your organization, here are some important realities to consider:
- You risk losing or preventing access to data required for patient care. This can have life-or-death consequences, particularly in a natural disaster scenario.
- Your credibility and reputation as a healthcare provider will be at risk.
- You could face HIPAA penalties. Business continuity and disaster recovery plans are required under HIPAA’s Security Rule.
- You will lose money! Lost revenue from patient care operations and inefficient use of your organization’s resources.
- You will incur litigation costs, especially if sentinel events occurred tied to inaccessibility of patient data.
That’s a lot of risks to take when you could protect your organization with a plan and resources in place.
So, what should you do to plan for a disaster properly? Here are four key points to take into consideration:
- Identify which systems, applications, and data are the most important for seamless operation, and prioritize them in order of importance for recovery. This is especially challenging within a healthcare system that can have hundreds of applications running, including legacy systems, with little documentation and newer systems coming in through acquisitions.
- Identify critical clinical and business processes – assess their operational impacts, ensure current downtime procedures are in place, single points of failure are mitigated, and resources (including third party) are allocated to maintain operations and/or recover efficiently. As newer technologies come into play, these critical processes evolve, so periodic review is necessary to retain currency.
- Test your business continuity and disaster recovery plans with business associates, vendors and any outsourcing partners you might have. Running through your plan during a hurricane is not the way to test if your plan works!
- Train staff, physicians, management and vendor resources on the plan. The more well-prepared employees feel in the event of a disaster, the better they can follow or execute your BC/DR plans.
If you are looking for some help with your disaster recovery planning, contact us today. We have the experts to help you make sure you are prepared.
Make sure to subscribe to our blog to get the latest in healthcare IT thought leadership, delivered right to your inbox.