Posts

Disaster Recovery Planning Essential in a Connected Healthcare Environment

Disaster Recovery Planning Essential in a Connected Healthcare Environment

While we are successfully recovering from Hurricane Irma here in Tampa (with no major damage and no service outage, thankfully), the numbers have started to roll in from Harvey a few weeks ago. Despite Hurricane and Tropical Storm Harvey’s devastating impact in terms of lives lost/displaced and estimated $23 billion property damage in Texas’ Harris and Galveston counties, things could have been much worse if not for the region’s heads-up health IT disaster planning.

Four days after the storm’s landfall, all the electronic health record systems at all the hospitals in Houston appeared to be in “regular working order,” according to Nick Bonvino, CEO of Greater Houston Healthconnect (GHHC), the region’s health information exchange (HIE). GHHC had previously partnered with Health Access San Antonio, the HIE serving a large expanse of central Texas, to establish a statewide hub for Texas HIEs with remote siting and data storage in Salt Lake City.

“If a hospital backs up all of its information to a data center down the block, which is also flooded, that’s not a sufficient solution,” Andrew Gettinger, MD, chief medical information officer at the Office of the National Coordinator for Health IT, recently told Health Data Management. “You have to think about the geography that’s likely to be at risk and make sure that your backup solution takes care of that so you can recover.”

Indeed, when Hurricane Sandy hit New York and New Jersey in 2012, healthcare data centers situated in low-lying areas — many in hospital basements — suffered catastrophic flood damage, Gettinger emphasized. Those losses underscored the need for backup systems located out of harm’s way.

Disaster recovery planning

Aside from natural disasters, health care organizations also need to prepare for cyber-threats, such as denial-of-service and ransomware attacks, which can render IT systems inoperable or data inaccessible.

According to Jeremy Molnar, vice president of services for information security firm Cynergistek, proper disaster recovery (DR) planning starts with the assignment of a project manager responsible for implementing a cohesive strategy. Other organizational experts develop needed processes and documentation to support the project manager.

Additional key aspects include:

  • identification of critical data, applications, systems, and personnel;
  • requirements for data backup and emergency-mode operations planning;
  • ongoing testing of and revisions to each component of the DR plan; and
  • assurance of contingency planning in compliance with HIPAA rules, which mandate security risk assessments. Such assessments evaluate the likelihood and impact of exposing protected health information and document the security measures adopted to address identified risks.

State of the industry

Peak 10, an IT infrastructure solutions company, found in its “IT Trends in Healthcare” study that most healthcare organizations execute DR testing less than once annually. Only 25 percent test quarterly.

What’s more eye-opening, the Disaster Recovery Preparedness Council estimates that more than 65 percent of organizations who test their DR plan actually fail their own test. Since so many organizations don’t pass their own tests, Peak 10 points out that those who neglect — or elect not to — test “simply won’t recover IT operations sufficiently if disaster [occurs], which in a hospital setting, is a risk not worth taking.”

NetDirector helps mitigate DR concerns by partnering with best-in-class technology companies to provide an “industrial-strength” data exchange platform hosted at a Peak 10 data center. Peak 10 is current with all applicable data security certifications and regulations, including HIPAA.

Additionally, NetDirector connects to multiple data centers in different geographic locations that are continuously updated and available to seamlessly go live as needed. This fault-tolerant set-up provides clients with built-in DR and hot-site swapping capabilities, ensuring minimal to zero disruption. NetDirector’s HealthData Exchange also reduces the need for scheduled maintenance and its accompanying temporary downtime.

For more information, please contact us or request a free demo.

NetDirector’s Roadmap to 2020 Part 1

We recently held our annual Strategic Planning meeting. This year, instead of doing the same old SWOT analysis (Strengths, Weaknesses, Opportunities, and Threats) we tried a new approach called SOAR (Strengths, Opportunities, Aspirations, and Results).

Drawing - Dare to DreamThe SWOT method has worked for many years, and is still a valid way to make a business plan and set goals. However, we were looking for a way to get more employees involved and to take a more positive approach to the overall process.

One of NetDirector’s owners and their daughter have been utilizing the SOAR method with other companies with much success and suggested that we try it too.

Drawing - Design Part 1 & 2The strategic planning meeting was open to the entire company, which over half were able to attend. It was a full day event and held off-site so that there were no major work distractions.

The main goal of this meeting was to get as many new ideas as possible with the underlying theme that no idea is bad, which kept the meeting on a positive note throughout the entire day.

Read more