Healthcare News & Insights

5 steps to prep health IT systems for disaster recovery

The effects of Hurricane Sandy may have organizations taking another look at their disaster recovery plans. What can healthcare providers do to make sure they’re prepared for the next disaster? 

Disaster recovery is important for all organizations, but it’s especially so in healthcare due to the large amounts of mission-critical data that must be held.

Especially as more providers make the switch to electronic health records (EHRs), it will be critical that hospitals and practices can keep operations running in the event of a natural or man-made disaster. Otherwise, patient safety can be threatened, as well as the organization’s finances.

In addition to those dangers, HIPAA requires providers in the U.S. to have a disaster recovery plan in place. The law requires HIPAA-covered organizations to:

  1. Conduct an assessment to determine the organization’s risk of downtime and disruptions
  2. Come up with a plan to assess those risks
  3. Have the technology, procedures and personnel assignments in place to implement the plan, and
  4. Test the plan periodically and treat disaster recovery as an evolving process.
Despite the mandate from the law, healthcare organizations still struggle with creating effective disaster recovery plans. Here are some keys providers should consider:

1. Prioritize disaster recovery

Keeping all parts of the organization’s operations running normally during disaster can be difficult or impossible. Instead, providers should take stock of all their systems, determine the impact of each going down, and focus on the most important — such as the systems that impact patient safety.

2. Explain new workflows

It’s easy for health IT to only worry about technical aspects, such as where and how data is backed up, but an effective disaster recovery plan also explains the changes in workflow for staff members during a disaster. For example, some processes that are normally done electronically may need to be done on paper, so everyone should know those procedures.

3. Make sure everyone is trained

Having a top-notch disaster recovery plan in place won’t do any good unless doctors, nurses and other employees know what to do before an outage hits. It’s important to make sure that training is conducted and regular refreshers are provided, and that new people are trained when they come to the organization.

4. Consider cloud computing

Across all industries, more organizations are turning to cloud-based disaster recovery services. Those services allow organizations to store duplicate copies of data and applications that can be used when there are problems with internal networks and systems. That keeps the organizations from having to pay for all the infrastructure required to keep duplicates of critical systems and data.

5. Have a back-up plan for cloud services, too

Many providers, especially smaller organizations, now rely on cloud computing vendors for EHR systems and other services. And providers must make sure they have a back-up plan in place for when a disaster hits a vendor and those services aren’t available, as recently happened during an outage at a major cloud-based EHR vendor.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.