Prescriptions for a Healthcare IT Disaster Recovery Plan

When organizations experience events that cause devastating compromises to their operations, proactive planning and advance preparation are crucial elements of an effective response. While disaster recovery planning is essential for all industries, it’s critical in the healthcare field.

Why Invest in a Disaster Recovery Plan

Healthcare organizations want their dollars to ensure the best and most timely treatment of patients, which makes investment in projects like disaster recovery planning or continuity of operations plans (COOPs) seem less important than facilities expansion or acquisition of the latest diagnostic instruments. Nearly everyone can agree that adding improved diagnosis and treatment capabilities improves patient health, but it may be harder to get everyone to agree that preserving and protecting those tools and technologies is equally important. Keep this in mind: any tool you can’t use due to an incapacitating event is of no value to anyone, and a healthcare operation out of service even temporarily, regardless of the cause, can put many lives at risk.

An effective COOP can ensure that vital tools are kept in service or restored to service rapidly, under even adverse conditions. But the question becomes: where do I begin?

How and Where to Begin Developing Your COOP

The Health Insurance Portability and Accountability Act (HIPAA) requires that all healthcare provider organizations plan for contingencies and outages. HIPAA also requires that these organizations use a “risk management” approach for their plans, which means that risks and events that may cause outages must be identified, analyzed, and mitigated or compensated for. This in-depth process can be complex. Laying the proper foundation through a project management methodology is the best way to ensure you don’t miss a step. Clearly, the final outcome should be a complete, tested, and proven plan.

The project manager must first define scope and resources. The plan must consider many factors like the work done by the operation, the information used, staffing, geography, weather, and timing. Resources include things available to build and test the plan and things available when the plan is activated. Plus, the project manager needs to define the following categories:

  • Assets: human, physical, informational, technological
  • Potential threats and their sources: human, natural, technological
  • Vulnerabilities: flaws or other shortcoming (including absence) in a control or asset

After identifying the above, you’ll know the primary elements that can suffer from or cause a disaster and what assets are available to build your plan.

This post is excerpted and used with permission from Your Prescription for a Robust Healthcare IT Disaster Recovery Plan by Ross A. Leo

Related Courses
It Risk Management
Data Center Infrastructure Management
Cybersecurity Foundations

In this article

Join the Conversation