After disaster strikes, any business can see its operations slowed or halted. But when lives are on the line, delays in service need to be avoided at all costs. In the HIT era, healthcare organizations have become data houses for vital personal information, and keeping data flowing safely in any circumstance is necessary to maintain a patient’s privacy and protect their health. Regardless of what kind of potential disaster comes their way, healthcare organizations need to be prepared to not miss a beat. In a recent interview, Health Management Technology connected with industry experts for their takes on the key elements of a successful disaster recovery plan.
Q: When we hear the word “disaster,” we immediately think of issues that arise as a result of storms, floods, and earthquakes. But this can certainly also include service attacks and computer viruses. When healthcare organizations talk disaster planning, how important is it for them to think of more than just natural disasters? Do they need to go so far as to have a different plan in place for every situation?
You hit the nail on the head. When most people think about events that can affect business operations, they tend to focus on natural disasters, such as hurricanes, tornadoes, fires, and floods. And while these are certainly possibilities, most outages are actually caused by much less extreme factors, such as hardware failure, file corruption, cyberattacks, and human error.
Most companies today have some sort of disaster recovery “plan” in place, but many lack specificity and fail to take into account these various types of disasters. True disaster preparedness means anticipating all different types of disasters and then developing customized plans for each that enable a business to maintain operations regardless of the situation around them.
Q: Smaller practices often use centralized hospitals for their data storage, connecting to their EMRs remotely. Is this conducive to successful disaster recovery?
This configuration can help in some scenarios, but it can be detrimental in others. Many small practices or businesses are unable to have a secondary site in order to set up a true disaster recovery center. By pulling resources together across smaller practices that back each other up, or by utilizing a larger central facility, small practices are able to have a secondary site in order to store their data onsite. This can be beneficial for some localized disasters. However, if all data is remote and nothing is stored locally, these practices are completely dependent on the larger facility and the ability to connect to it. Any disruption in that connectivity or disruption at the central facility will affect them.
Ideally, we would like to see multiple copies of data stored in multiple locations, with at least one copy of that data offsite. By storing data both locally and at a remote site, you maximize your ability to be resilient in the event of a disaster.
Q: Up until a few years ago, disaster planning at a hospital was about knowing what to do when the power went out. That’s still the case; however, with the adoption of EMR/EHRs, it’s become more important than ever to keep things running. What do practices need to do differently as patient records continue to move out of filing cabinets and into computers?
As system proliferation and adoption continue to increase, disaster recovery and high availability have become even more critical core competencies for healthcare providers. When considering investments in these tools, also consider investments to mature system delivery in the areas of performance, fault tolerance, redundancy, and failover capabilities. Providers must also invest in developing appropriate risk management and disaster recovery capabilities, documentation, [and] testing procedures.
The total cost of ownership for these types of critical healthcare delivery systems must take these capabilities into account and should be core elements of platform selection and comparison. This method also holds true when healthcare providers are evaluating whether to deliver these services themselves or partner with a service provider that includes these capabilities in their service delivery. Leveraging hosted EHR vendors that incorporate these controls and processes is becoming increasingly attractive to small and midsize facilities to help defer those costs.
Q: One day here in the HMT office, the Internet went out and our staff forgot how to function. We were helplessly frozen in place. Luckily, no lives were on the line. Is there a way to combat the overreliance on technology in a hospital setting to ensure staff can remain effective in its absence?
I recently had a similar experience on a business trip. I was using GPS directions from my smartphone to get to an unfamiliar destination in a rental car. Unfortunately, I did not have a charger, my battery promptly died in a very busy area of town, and I was momentarily panicked and unsure of how to proceed.
The impact of technology on healthcare, while not where we would like to see it, has, by and large, been extremely positive. Patient records that could take several hours to retrieve when they were paper now take seconds. Electronic medication administration records and barcode-scanned medication administration work together to help minimize mistakes. [But] utilizing these tools to provide better healthcare does not preclude the necessary capabilities of providing quality healthcare without them when necessary.
To remain proficient in providing healthcare without these systems, preparation for (their failure) is critical. Testing and practicing downtime procedures is every bit as critical as fire drills in a healthcare setting. The skills required to operate at a high level in this type of setting are fairly perishable; so practicing often, though painful, should be a requirement.
Q: While many businesses only have to worry about continuity and damage control when disaster strikes, hospitals will be met with an increase in the demand for care. How can practices best prepare for the new demand, should it arise?
To ensure a constant clinical workflow that supports patient care, hospitals need an underlying HDM (health data management) platform that can support all of their data, both structured and unstructured. Ideally, the platform will be based on a standard, such as XDS (cross-enterprise document sharing), which is defined by IHE as a consistent way of describing data across all data types to help power the patient-centric view.
A solid HDM solution helps hospitals overcome the challenges they face regarding data and storage management – particularly around the information explosion and the impact this data growth is having on healthcare IT departments in terms of their operations, efficiency, effectiveness, and cost.
Hospitals should look for an HDM platform that can store, protect, and share their data. Once it is in place, they can layer on both disaster recovery and archiving processes that will safeguard their data and their hospital’s ability to deliver clinical care.
Q: Some disaster plans have failed due to issues with interoperability and outdated planning. How can this be avoided?
Many healthcare experts are recommending that hospitals adopt an ICA (independent clinical archive) – a single, easily accessible, and standards-based software repository for all healthcare data. Also referred to as a next-generation vendor neutral archive, the ICA manages the information lifecyle of data across the entire healthcare enterprise – both clinical and non-clinical – from clinical departments such as radiology, cardiology, ophthalmology, oncology, and pathology.
An ICA delivers true data interoperability by supporting the standards widely used in healthcare to distribute clinical data, such as DICOM, HL7, and XDS. As a result, other clinical applications can send and receive clinical data to and from the ICA as a long-term archive for that clinical data. Further, by supporting all of these standards, it is not limited to a single type of clinical data, but can archive any type of clinical data in its native format.
The ICA should store all of a hospital’s data efficiently and cost effectively, and protect it from misuse, deletion, outages, loss, and disasters. It also needs to be able to make all of the data it holds available to those that need it, when they need it, at the point of care.
Q: What is the worst disaster situation you’ve heard about, and how effective were the planning and recovery measures?
A hospital did their best to recover when faced with a very severe weather event that left the campus uninhabitable. Despite having what people would think was an adequate disaster recovery strategy, they were left unable to handle the multiple issues they were presented with in a timely manner.
The hospital was closed immediately and patients were transferred to other care centers. The datacenter was in a section of the hospital not directly affected by the initial event. Aftereffects [of the storm] caused flooding, which filled the datacenter with water.
Hospital IT staff were initially unable to reach the hospital due to police lines, safety concerns, and general confusion. When they were finally able to reach the datacenter after a few days, they removed the wrong equipment due to outdated documentation. Tapes that were expected to be offsite were still in the datacenter, soaking wet.
While the IT staff was attempting to restore the data, key business functions of the hospital were unavailable, including payroll, accounting, and communications. At this point, patient data was a low priority compared to paying employees and ensuring that limited communications among staff, including phones and email, were possible.
Finally, everything was removed from the water, and a rented space was used for recovery. Hardware was shipped in by multiple vendors to accommodate the restore process. Data was backed up from the SAN after a lengthy drying process. It took weeks before the hospital could start to resume their systems. It was months before the hospital saw another patient, and full operations took years to recover.
