Important Steps include Setting Strategies, Protecting your IT Network and Relying on the Cloud
In the healthcare world, delivering the best patient care is an around-the-clock job, and in order to accomplish this task, it is imperative that hospital and healthcare CIOs, CTOs and technology staff do their best to ensure their businesses are protected against the loss of critical patient data, an interruption in patient care communications, or technology downtime due to an infrastructure failure. These unfortunate events—which can be caused by a security breach, a virus or a natural disaster—can happen quickly and unexpectedly. The result can be a massive disruption in the ability to deliver quality patient care. In addition, a disruption to a healthcare organization's infrastructure and mission-critical business applications can also put patient lives at risk and cause loss of revenue, productivity and important patient data.
All healthcare organizations today that are using electronic healthcare data in some form are required under the Health Insurance Portability and Accountability Act (HIPAA), passed by the US Congress in 1996, to comply with certain data security and business continuity standards. As a result, business continuity is more vital today than ever before in the healthcare world, but has your hospital or organization taken the necessary measures to ensure all business functions are resilient and can perform during an unexpected technology disruption?
Having the right plans in place can prevent unnecessary downtime during an unforeseen event. This article offers some guidance on developing a holistic approach to business continuity planning, along with important steps healthcare organizations should take to ensure they can protect sensitive patient data and business operations if there is an unexpected disruption. After all, if you don't have a well-thought-out and effective business continuity plan in place, your organization's reputation and profitability are ultimately at risk.
The healthcare industry is one of the fastest-growing segments of the digital universe, with the volume of healthcare data expected to grow 48 percent each year through 2020. This, coupled with the industry becoming more patient-centered and suffering a significant amount of security breaches, has more hospital CIOs and IT professionals working hard to determine how they can best protect their organizations from unnecessary downtime. In fact, according to the Health and Human Services Office of the Inspector General (OIG), nearly 60 percent of hospitals have experienced an electronic health records (EHR) outage. Add to this the ever-pressing healthcare regulations and growth of mobile health and telehealth applications, and business continuity planning becomes imperative. A great place for healthcare IT professionals to start is by asking the right questions about your organization's business continuity strategy and overall needs.
Questions to Consider to Establish an Effective Business Continuity Strategy
Whether your organization is a large hospital, a small hospital or part of a hospital network, ask yourself and your IT team what your current business needs are that require protection in the event of unexpected downtime. These needs will likely include protecting critical data, sustaining communications and operations and protecting loss of revenue. From here, you can ask the following important IT-related questions that will help you develop a holistic business continuity plan that will maintain your ability to provide care and preserve your IT services when faced with a disruption.
• Do you have a business continuity plan and what IT strategies do you have in place to implement this plan and protect your IT services in the event of a disruption of service?
• How is your IT infrastructure set up to handle a potential disaster and to protect your data?
• Is your network set up to create resiliency and additional layers of security?
• Are there any single points of failure in your network infrastructure (e.g. redundant fiber sharing the same route or shared homing arrangements to the same network router) which can cause an event like a fiber cut or network router failure to interrupt service?
• Are your business applications and critical healthcare data, such as EHRs, protected?
• Has your plan been tested? If so, how frequently do you test your business continuity plan?
• Do you have sufficient data storage and backup plans in place?
• Are you relying on the right technology partners who can help with your business continuity planning and ensure you have the right continuity strategies in place?
Forming a Holistic Approach to Business Continuity
Fully protecting your business from a disruption in service requires a holistic planning approach. By holistic, I mean you need to think about all of the areas that can be impacted by an outage. For example, it's not just the application workloads you need to consider but also the network that delivers the applications to your employees, services to your patients, and data to your remote locations. These are all critical elements that are important to protect to avoid an unexpected disruption. You need to consider protecting your data centers, routers, all mission-critical applications and data, as well as your network infrastructure.
Steps to Protect your Network – the Foundation of your IT World
Protecting the backbone of your IT operations is key to keeping your business running during unexpected downtime. With various infrastructure options available, it is important to consider the type of network you have in place and ask yourself whether it will create the ultimate level of security, diversity and back-up when faced with potential threats.
Hospitals and healthcare organizations have a plethora of network and data services to choose from that will provide end-to-end network solutions to keep the workforce securely connected, even when the infrastructure is threatened—but you need to make sure you have the right combination to address all your network needs.
When solving for highly available connectivity for hospitals and healthcare organizations, my team frequently uses a Hybrid SD-WAN overlay network solution or a Fixed Wireless solution. An SD-WAN architecture allows seamless management of applications, as well as direct management of your network traffic. Through a portal, you can manage and differentiate between mission-critical traffic, applications and network latency. In addition, if SD-WAN is implemented correctly, it provides a solution that is scalable, triggers optimal use of bandwidth and allows easy management of applications. Fixed Wireless is another way to provide diversity and protection for your network and therefore your business critical applications. Fixed Wireless is completely diverse from your fiber assets and can offer high-bandwidth speeds and significant protection in the event your fiber connectivity is disrupted.
The Importance of Cloud and Virtualization Technologies in Business Continuity Planning
While the majority of healthcare organizations are using the cloud, you should consider revisiting how your cloud usage can impact your business continuity planning. The benefits of relying on effective cloud solutions include increased productivity, decreased costs and improved patient satisfaction. The cloud can also help in your business continuity planning by making it much easier to restore data and applications if you are faced with a disruption.
A cloud-based business continuity and disaster recovery (BCDR) approach can help organizations navigate unexpected disruptions by providing multiple back-up options that allow them to continue to operate with minimal downtime. The cloud also helps healthcare organizations scale, access huge amounts of patient data, and get a bigger return on IT investments. Healthcare organizations can build an offsite backup plan by leveraging the cloud and implementing Disaster Recovery as a Service (DRaaS). This is a flexible and reliable BCDR solution that will provide less downtime and faster recovery in the event of a disruption.
While the cloud offers many benefits, it also has some challenges. The movement of applications to the cloud should be done in a way that doesn't risk non-compliance with healthcare regulations. It should also be done in a manner that ensures applications, data and networks are secure.
Relying on your IT Team and Partners
When your needs outweigh the ability of your in-house staff to provide guidance and implementation of a plan, you may need to rely on a partner or vendor. In this case, be diligent in investigating your potential partners' experience, ask questions about their own business continuity planning, and ask to talk to their existing customers. For example, when considering a cloud vendor, select a cloud partner that holds HIPAA certifications, is willing to sign a Business Associate Agreement (which is required under the HITECH Act), will ensure that data is being encrypted in place, and will develop standard criteria for prioritizing transition of applications to the cloud. These considerations will help ensure your risks are minimized and your business is protected as best as it can be. Working with the appropriate, carefully selected cloud partner can ensure cloud implementation is handled smoothly.
About the Author:
Molly True is a Healthcare Marketing Strategist at Windstream. Prior to Windstream, Molly was at Avaya as a Senior Healthcare Marketing Manager. She holds a Certified Associate in Health Information & Management Systems (CAHIMS) from the Healthcare Information and Management Systems Society (HIMSS) and is a national member of HIMSS. Molly has a MBA from Meredith College and a BS in Computer Science from Appalachian State University. To contact her, please email molly.true@windstream.com.
The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.