Planning for disaster recovery in a health care setting

Transcription

1 E-Guide Planning for disaster recovery in a health care setting For hospitals, timely access to patient data is critical for maintaining normal operations during a natural or man- made disaster. This Eguide will help health care providers create and implement an effective disaster recovery plan. Sponsored By:

2 E-Guide Planning for disaster recovery in a health care setting Table of Contents HIPAA disaster recovery plan Disaster Recovery Planning for Health care organizations Resources from Dell Compellent Sponsored By: Page 2 of 7

3 HIPAA disaster recovery plan A HIPAA disaster recovery plan is a document that specifies the resources, actions, personnel and data that are required to protect and reinstate healthcare information in the event of a fire, vandalism, natural disaster or system failure. The disaster recovery plan is a required implementation, defined within the HIPAA Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule. The Rule calls for HIPAA-compliant organizations to anticipate how natural disasters could damage systems that contain electronic health information and develop policies and procedures for responding to such situations. A HIPAA-compliant disaster recovery plan must state how operations will be conducted in an emergency and which workforce members are responsible for carrying out those operations. The plan must also explain how data will be moved without violating HIPAA standards for privacy and security. It must also explain how confidential data and safeguards for that data will be restored. Although HIPAA doesn't specify exactly how to do this, it does note that failure to adequately recover from a disaster could lead to noncompliance. Failure to comply exposes officers of the organization to repercussions, such as fines or jail t ime. Sponsored By: Page 3 of 7

4 Fluid Data storage helps you save time and slash costs. Manage data efficiently Scale on a single platform Automate with a single tool See a Webinar on Dell Compellent Storage Solutions featuring EfficientVirtualStorage.com Fluid Data Technology storage. with Dell Compellent of customer success Scan to see a snapshot

5 Disaster Recovery Planning for Health care organizations It seems like many health care providers have been so busy architecting their state HIEs, regional health organizations and enterprise community platforms that they haven t thought through the architectural demands of resiliency. So they don t have a good answer for the question, What happens if I lose all or part of my network in a disaster? In order to answer that question, you need to let your imagination run wild, factor in your organization s specific circumstances and explore a range of disaster recovery scenarios to develop an effective set of responses. Start by asking yourself the basics: What data do we have? What data can we store? What data can we transport easily? What data can we get to another location in the event of an emergency? What critical types of data are likely to be needed (i.e. medication lists, immunization records for population subsets like children and medical records for those with chronic conditions)? Beyond the data itself, there s the issue of access to the data. If you need to change security rules in your data center, how do you do that? Which personnel need access to the system (for instance, volunteers as well as trained professionals)? What type of IT people would be most critical? Would the right business administrators be available to make rule changes? Granting security access is really important. To be able to grant new people access to a large number of records, you re going to have to make a massive change, perhaps even relax security completely. Sponsored By: Page 5 of 7

6 And what about information flow under disaster conditions? Would you have a way to throttle information in-flow to the rate of speed your system can consume? In emergency situations, health care providers must often queue data so that the system can process it as fast as possible without being overwhelmed by sheer volume. This is particularly important if you ve designed a real-time synchronous system. Other potentially important questions to ask when exploring disaster recovery scenarios include: 1. Would you have to move hundreds, or even thousands, of records in minutes or hours, or would you have days to respond? 2. Does your network have the necessary bandwidth to handle big data moves? 3. Would people be able to access computer terminals remotely if your data center is not in your building? 4. Is it possible that network lines feeding into your building could go down, so that even if your data center is up and running, no one could acc ess the data? Thinking through disaster recovery scenarios may seem daunting, but the process can be invaluable. It can build team spirit and cross-depart mental cooperation where it doesn t currently exist. It can give you insight into the limits of your capabilities. It can expose a process or procedure gap. It can give you the tools to illustrate for management how your modern health information exchange is going to respond in an emergency. Perhaps most importantly, it can throw into stark relief the importance of granting secure access to the first responder facing the most vital challenge of all: effectively ensuring the well-being of the patient. Sponsored By: Page 6 of 7

7 Resources from Dell Compellent 7 Ways to Manage Rapid Patient Data Growth Webcast: Better Care Through Better Storage Graves-Gilbert Clinic: Accomodating and Protecting PACS files with Fluid Data Technology About Dell Compellent Dell Compellent has created a revolutionary enterprise storage solution that automates the movement and management of data at a more granular level. Dell Fluid Data technology and built-in storage intelligence delivers significant efficiency, scalability and flexibility. Only a Fluid Data architecture can actively, intelligently manage your data to cut cost, time, and risk for your business. Sponsored By: Page 7 of 7