Increasingly, the data flowing through hospital systems to help clinicians and staff communicate, evaluate patients, make diagnoses, and provide care is nearly as important as the physical infrastructure and the people. Imagine what even a brief disruption would mean to your facility.
During a short-term power outage, back-up generators should provide the continuity to keep a hospital running, but what about a prolonged outage caused by a hurricane, tornado, flood, or other natural or man-made disaster? If you were forced to transfer patients to other facilities, how can you ensure their records go with them?
Nearly 90 percent of respondents to the 2015 HIMSS Cybersecurity Survey recognized the importance of such concerns as disaster recovery and information technology continuity, saying their organizations were increasing their focus on these and other data security and privacy issues.1
But preparing for a disaster and actually running a hospital’s information systems during or in the immediate aftermath of a disaster are totally different things. While having a plan is a critical first step, you must have a secondary data site and processes in place to back up the necessary data to the secondary site, which will become your de facto primary site. Here are six tips for a successful recovery plan involving data stored offsite.
1. Expect things to take longer
Very often, the infrastructure at the secondary site is not as robust as the primary site, with older servers and less processing capacity. A 400-bed hospital can have 600 to 1,000 applications that are controlled at the hospital or by vendors, so tough choices have to be made about what can be run from the secondary site.
A back-up process that needs six hours to complete at the primary site could stretch many more hours with older servers that have less memory and slower disk speeds. First, figure out what back-up processes can be pruned. Identify the “have to have” versus “nice to have” backups when running from the secondary site. Look to use combinations of protection methodologies, backup, and archiving to expedite daily operations.
2. Protect your secondary site
Data protection at the secondary site is crucial. Without it, you become vulnerable to making a bad situation much worse. You will want to set up appropriate protection infrastructure and processes that would allow you to recover from a disaster or outage at the secondary site.
Can that protection process also be used to restore the data back to the original site or a new permanent site? Ideally, the process you are doing now at the secondary site enables recovery back to either the primary site or a new primary site. Think this through carefully. If you maroon yourself to the secondary site long after the disaster has come and gone, you have created the next disaster for yourself and your team.
3. Backing up your back-up site
Think of your back-up site as your new primary site, which is also subject to a potential disaster. Your disaster recovery or business continuity plan should have identified a tertiary data site should the first one fail and force you to the secondary location. While a second disaster may seem unthinkable, what were the chances the initial incident would cause such upheaval in the first place? Lightning has been known to strike twice.
For a few budget-rich hospitals, the communication infrastructure at the secondary site matches the capabilities of their primary site. Unfortunately, that is not the case with a majority of hospitals. With less bandwidth it often makes sense to look at moving data in a near continuous stream as it changes. Again, archiving technologies can work well here. Further, a portable medium, such as tape, becomes cost and operationally effective in these situations when combined with backup.
4. Manage your staff
There’s a good chance that the secondary site isn’t big enough to accommodate the IT staff or is located too far away. You should consider what staff roles can be performed remotely and what tools (software) they need to do their jobs.
Remember, bandwidth might be reduced at the secondary site, which means that numerous remote users could slow down the system further. But since the work cannot get done without the staff, reducing large sources of outbound data flow can really make a difference.
5. How to best support patients
You may have to share your data with one or more entities that have taken your patients due to the severity of the disaster. We have all heard of hospitals printing out paper records and taping them to the patient for transport. There are electronic methods that can facilitate a more robust transfer of patient information. Look for solutions that utilize healthcare standards, such as XDS, that will enable data sharing of the clinical and business records running in the secondary data center.
6. Hope for the best; plan for the worst
The wrong time to determine your secondary site isn’t up to the challenge of handling your hospital’s data needs is right before you need it to serve as your primary site. But many hospitals either don’t test or don’t test thoroughly, which entails running processes from your secondary site.
You should have a tactical plan to back up data to the secondary site, then run it. Given the challenges listed above, your plan will include the must-have information, systems that are covered, and any tools IT staff need to run and manage the secondary site.
Archiving your data in a way that makes it shareable among unrelated systems will not only help your hospital function during an unforeseen event, it also will help your hospital exchange data with other hospitals and other providers.