Keeping downtime to an absolute minimum is a high priority objective in healthcare, especially for IT related and electronic PHI assets and resources. The inability to restore a business as usual status seamlessly and instantaneously can have dire consequences, not just for the patients, but for the manner in which the healthcare organization is perceived in the market.
For instance, if employee personnel have to be shifted to an alternate location, the disaster recovery plan should take into consideration factors such as:
- What are the transport arrangements to be made?
- Are the transport facilities company owned or is the task outsourced to a third party contractor?
- In the event of a crisis situation, will the healthcare organization be given preference by the contractor over other institutions facing the same crisis?
- How quickly can the alternate facility be brought up and running?
- Are they in line with the RTO and RPO objectives identified during the healthcare organization’s risk analysis exercise?
- What is the impact of the resulting downtime on the medical institution’s operational deliverables?
- What arrangements need to be made in terms of utility services?
- What is the periodicity of maintenance activity at the alternate facility?
- How long can the alternate facility remain operable before operations have to be failed back to the primary site?
Responding to business disruptions must have a modular structure and be segregated into time bound phases and stages. In order to be effective, it is essential that the various tasks and activities within the Business continuity procedures of the crisis plan are simple to execute and can be triggered multiple times without consistency issues.
Official Agencies
Disaster recovery and response plans must factor in the intervention of official bodies such as fire departments, police and so on, especially in situations when the health and safety of staff and patients are under threat. Healthcare organizations must proactively gather information on the response time frames for such agencies.
Designing the DR Plan
There is always a tendency to overlook even minute details while designing a disaster recovery plan. For instance, deciding on where employee personnel are to assemble if evacuating the premises becomes necessary can prove a crucial factor when a crisis erupts and time is of the essence. Important contacts must also be readily available to synchronize activities across multiple departments and divisions.
Overview
Any disaster recovery plan is a combination of multiple plans that focus on specific segments of operations. The scope of the healthcare organization’s response capability must be clearly defined, both at the macro as well as the micro level. Alongside obtaining the necessary approvals from deciding authorities, the DR plan must also clearly identify key executives who are authorized to trigger the plans into action. Possible inter-dependencies between various plans must also be forecasted.
Roles and Responsibilities
The profiles of personnel must be described in detail in the disaster recovery plan. Controls must also be established that authorize employees to execute specific components of the disaster recovery plan based on the fulfillment of predefined parameters. There will be exception scenarios to these predefined parameters in which case employees should be allowed to override protocol and trigger specific responses. Healthcare organizations must also facilitate sufficient levels of bench strength for mission critical roles.
Incident Response
Warning systems notify emergency personnel through alerts of the outbreak of a disruptive incident that needs to be addressed. At this stage, DR teams must be in a position to quickly take stock of the situation in a nutshell and categorize the severity of impact to be anticipated. The accuracy of this preliminary assessment is crucial as DR teams need to be sure which plan needs to be triggered. Simultaneously, emergency personnel must respond to the incident through mitigation measures that bring the situation under control.
Plan Deployment
Based on the data gathered from the initial assessment, the appropriate plan must now be triggered. Incident responses that were activated must be phased out while simultaneously, the disaster recovery plan is deployed.
Other details that are included in this segment of the DR plan are:
- Predefined criteria for plan deployment
- Exceptional Scenarios when the plan can be deployed
- Required authorization for plan deployment in exceptional scenarios
- Data Requirements and data gathering methods
- Preliminary Criteria and Protocols for exit and evacuation from the location
- Preliminary Criteria and protocols for aborting the DR plan when deemed unnecessary
Documentation
Incidents and business disruptions must be archived in detail so that healthcare organizations can review their existing resiliency capabilities and identify areas that need improvement. The data collected can also be used to identify patterns and forecast the possibility of incidents occurring in the future under certain conditions. Extensive documentation is particularly of value if the medical institution decides to invite external agencies to audit their BCDR plans.
The healthcare organization’s archives must also extend to training material for staff that facilitates the necessary knowledge transfer. Training manuals must be regularly updated to incorporate new methodologies and modifications in plans.
Procedures
Employee personnel must strictly adhere to the procedural outlines of the tasks and activities assigned to them. Nevertheless, some buffer must be provided for improvisation when it becomes necessary for processes to deviate from the original plan. Healthcare organizations must also incorporate relevant information from external suppliers of systems and other equipment into their response and recovery plans.
Supplementary Information
Each plan must be supplemented with additional information such as:
- Stock of assets and equipment
- Information on error and warning experts
- License Keys for accessing software
- Coverage Details
- Third party vendor contact details
- Connectivity Requirements
Subsequent Tasks to Reinforce Disaster Recovery Plan
Disaster recovery plans go through numerous iterations in which faults and errors are rectified before a healthcare organization’s resiliency capability can officially go live. Features and functionalities need to be tested across various parameters. The skill sets of employee personnel need to be kept up to date through exercise drills and training programs. IT teams must also promptly run application and system updates as and when available.
See for yourself how the application works
Witness our cloud based platform’s security capabilities in action
Play around with the software and explore its features
Compare and choose a solution that’s relevant to your organization
Consult our experts and decide on a pricing mechanism
Disasters
[carousel id=’1780′ items=’4′ items_desktop=’3′ margin_right=’5′ navigation=’false’] [item img_link=”https://www.stayinbusiness.com/wp-content/uploads/2016/02/Chemical-Spills-Discharges.jpg” href=”https://www.stayinbusiness.com/resource/disaster-recovery/chemical-spills-and-discharges/”][item img_link=”https://www.stayinbusiness.com/wp-content/uploads/2016/02/Riots-Public-Disturbances.jpg” href=”https://www.stayinbusiness.com/resource/disaster-recovery/riots-and-public-disturbances/”][item img_link=”https://www.stayinbusiness.com/wp-content/uploads/2016/02/Terrorism.jpg” href=”https://www.stayinbusiness.com/resource/disaster-recovery/terrorism/”] [item img_link=”https://www.stayinbusiness.com/wp-content/uploads/2016/02/worst-product-recall.jpg” href=”https://www.stayinbusiness.com/resource/disaster-recovery/product-recall/”] [/carousel]
