|
||||||||||
 |
||||||||||
Week of April 16-22, 1999
Hospital health may depend on plan for disaster recovery
by Dee Halbrook
Hospitals are in the business of emergencies and deal daily with matters of life and death, yet many health care organizations are not practicing preventive medicine within their own infrastructures.
While disasters are, by nature, sudden and destructive, they should not be unexpected, and they don’t have to be “the end of the world.” Disaster recovery plans that specifically address data networks and information technologies are the prescription for business continuity and patient care through even the worst of times.
With fires striking businesses every five minutes, four major hurricanes predicted in the Gulf of Mexico this hurricane season and the Y2K date rollover less than nine months away, Houston hospitals are at risk for disasters that could wreak havoc on the information technology systems integral to medical care today.
Hospitals are certainly not alone in facing this threat, but their business is a unique one in which 24-hours-a-day, seven-days-a-week operations are imperative. Health care organizations simply cannot afford to be among the 45 percent of businesses that never reopen after being struck by a disaster. A solid disaster recovery plan can make the difference.
Technology has indeed become the backbone of hospitals, clinics and doctors’ offices. Business as usual in the world of health care means, for example, that electronic medical records are readily available, network configurations between a hospital and a remote clinic are transferring data and the computer help desk is assisting the many departments relying on software programs and web-enabled applications. If any of these technologies are inoperable, then patient services are threatened.
HUMAN COMPONENT
Technologies are, of course, only as effective as the people who design and use them, so the human component of any hospital data network disaster recovery plan is truly key.
One of the first steps in developing a plan, then, is to identify the team members who will be responsible for it. In a hospital setting, the chief information officer will probably take the lead in mobilizing and motivating both senior management and department heads, and the team should consist of computer-savvy leaders representing each department.
This multidisciplinary approach will ensure that the mission-critical technologies and processes in each specialty area are accounted for. Moreover, this divides the responsibilities in the event the plan is put into action. In the worst-case scenario, communication among team members and throughout the organization will be of the utmost importance.
Documenting information technology equipment, systems and processes already in place is a crucial starting point in the disaster recovery planning process. The best time to do this, of course, is the same day equipment or systems are implemented, but in many cases, hospitals and doctors’ offices may have to play catch-up by doing a manual inventory of every network configuration, communications closet layout, port and server connection, software package and technology-driven process.
This information should be recorded using a standard word processing program and added to the binder that will contain a complete disaster recovery plan and will serve as a guide to re-creating business as usual in the event of a disaster.
This binder, then, must be updated regularly and should be kept in several locations, both inside and outside the hospital or clinic that will be easily accessed by the people designated to declare a disaster and execute the plan. A “call tree” dictating who calls whom to report a disaster and assigning appropriate actions is another important entry in the plan binder.
NEVER FINISHED
To ensure smooth execution of the plan during a crisis, it is important for people to be familiar and feel comfortable with the plan. The recovery team should frequently create sample scenarios that simulate likely problems and develop detailed scripts to be followed in the case of a disaster. These scenarios and scripts, of course, should also be added to the binder.
While the best-case scenario is that a disaster plan is never put into action, the binder should not ever get dusty. The recovery team should, at a minimum, hold quarterly meetings to ensure any new technologies or processes have been added, to test existing scenarios and develop new scripts and to maintain, refine and grow the plan. Each binder, of course, should be updated appropriately, and the results should be communicated throughout the organization.
Disasters are, unfortunately, always potentially only a moment away. While the health care industry cannot immunize itself against this threat, it can protect itself from the devastating effects.
An honest evaluation of possible areas of risk, best accomplished by working with outside industry experts who bring a fresh eye on-site, and a living, breathing plan that clearly addresses each of those areas is a hospital’s best course of treatment.
Dee Halbrook is senior consultant for IRM International Inc., an information technology and telecommunications consulting firm specializing in facilities issues.
Recovery Plan
To develop a disaster recovery plan:
· Identify basic resources.
· Review the needs of the departments.
· Conduct an operational review.
· Document the existing configuration.
· Test and recommend required changes and enhancements.
· Test and expand monthly or quarterly.
· Implement satisfaction surveys
