Continuity of Operations During Disasters: Electronic Systems and Medical Records

Similar documents
Security and Privacy Governance Program Guidelines

Introduction to Business Continuity Management

Cybersecurity and Hospitals: A Board Perspective

STRATEGIC PLAN. USF Emergency Management

Member of the County or municipal emergency management organization

Data Backup and Contingency Planning Procedure

Table of Contents. Sample

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

What Why Value Methods

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

NFPA 3000 (PS) Standard for an Active Shooter / Hostile Event Response (ASHER) Program IT S A BIG WORLD. LET S PROTECT IT TOGETHER.

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

2015 HFMA What Healthcare Can Learn from the Banking Industry

locuz.com SOC Services

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Business Continuity Management Standards A Side-by-Side Comparison

Data Recovery Policy

FTA Safety and Security Initiatives

MNsure Privacy Program Strategic Plan FY

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Kansas City s Metropolitan Emergency Information System (MEIS)

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Frontiers of Risk. Don t Be Afraid: Business Continuity Plan Development Only Hurts A Little!

Putting It All Together:

National Level Exercise 2018 After-Action Findings

INTELLIGENCE DRIVEN GRC FOR SECURITY

TEL2813/IS2820 Security Management

Emergency Management & Disaster Planning

NYDFS Cybersecurity Regulations

National Infrastructure Resilience

Avanade s Approach to Client Data Protection

Introduction to Business continuity Planning

Overview of the Federal Interagency Operational Plans

Developing a Holistic Strategy To Achieve Community Health Resilience

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

SOC for cybersecurity

FDA & Medical Device Cybersecurity

Applying Mitigation. to Build Resilient Communities

REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Florida State University

Data Compromise Notice Procedure Summary and Guide

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

DETAILED POLICY STATEMENT

Critical Infrastructure Resilience

Security Management Models And Practices Feb 5, 2008

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

National Cybersecurity Center of Excellence

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Appendix 3 Disaster Recovery Plan

EX0-101_ITIL V3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exin EX0-101

Number: USF System Emergency Management Responsible Office: Administrative Services

Office for Interoperability and Compatibility Emergency Interoperable Standards Efforts

Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

CCISO Blueprint v1. EC-Council

MultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

Earthquake Preparedness

National Policy and Guiding Principles

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Global Statement of Business Continuity

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

New York City Emergency Management Public/Private Collaboration and Support

Altius IT Policy Collection Compliance and Standards Matrix

Business Continuity: How to Keep City Departments in Business after a Disaster

HOW TO BE AN EFFECTIVE CYBERSECURITY LEADER IN HEALTHCARE

The Office of Infrastructure Protection

Information Technology General Control Review

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Business continuity management and cyber resiliency

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

How to Prepare a Response to Cyber Attack for a Multinational Company.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Emergency Operations Center Management Exercise Evaluation Guide

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Local Government Disaster Planning and what can be learned from it.

WHITE PAPER. Title. Managed Services for SAS Technology

Cybersecurity. Securely enabling transformation and change

Cyber Risks in the Boardroom Conference

Altius IT Policy Collection Compliance and Standards Matrix

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Why you should adopt the NIST Cybersecurity Framework

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Subject: University Information Technology Resource Security Policy: OUTDATED

UTAH VALLEY UNIVERSITY Policies and Procedures

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Risk Advisory Academy Training Brochure

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Transcription:

Idaho Health Care Association Continuity of Operations During Disasters: Electronic Systems and Medical Records Philip Niemer, MBA, MS, HEM Director Operational Continuity & Emergency Management Children s Hospital Colorado Date: July 14, 2016 1 1

Objectives 1. Understand COOP as it applies to healthcare operations 2. Value of utilizing past planning activities to assist in COOP implementation 3. Understand how COOP impacts electronic records and electronic systems 5 Disaster Scenario Your IT Director just called to inform you that the internal network and all phone lines are down. The root cause of the failure is unknown, however a virus or failed switch is suspected. The Incident Command Center has been activated and you have been requested to attend. 6 2

Now what? The Incident Commander needs your assistance in determining your department s and facility response. What s your plan? What are your immediate concerns? Where should the Incident Commander focus resources? Where do you get your information? 7 COOP Application What if we had started the conversion with 1. We need your help to review the essential functions, downtime procedures, and the communications plan. Is this information accurate? 2. We need you to implement your downtime and recovery plans. Please let us know where we can assist you. 8 Four Competing Programs Information Technology Disaster Recovery (IT DR) Continuity of Government (COG) Business Continuity Planning (BCP) Continuity of Operations (COOP) 9 3

Differences Continuity of Government (COG) Government sector focused Command and control, response and recovery Business Continuity Planning (BCP) Private sector focus Profit based Proactive Resume business operations quickly 10 Differences (CONTINUED) Information Technology Disaster Recovery (IT DR) Private sector focus Profit perspective Focused on IT DR recovery Reactive Feeds into COOP Continuity of Operations (COOP) Governmental sector focus Proactive Resolve inter-agency conflicts (Coalitions) All hazards approach 11 Similarities Focused on maintaining essential functions Focused on disaster recovery Assists in recovery operations Utilize planning elements applicable to agency specific objectives 12 4

Other Commonly Used Terms Business Continuity Disaster Recovery Business Resumption Contingency Planning IT Contingency Plan Operational Continuity 13 COOP Versus IT DR Continuity of Operations (COOP) Information Technology Disaster Recovery (IT DR) Continuity of Operations IT Disaster Recovery 14 Regulatory Impact CMS Proposed Standard Tied into some Preparedness Program (HPP) grant funding Health Insurance Portability and Accountability Act (HIPAA) Federal Information Security Management Act (FISMA) Federal Risk and Authorization Management Program (FedRamp) National Institute of Standards and Technology (NIST) SP 800-34, Revision 1- Contingency Planning Guide for Federal Information Systems Accreditation Requirements What other standards require data recovery? 15 5

HIPAA Big Three Privacy Confidential Security Failure in the big three results in Breach Notification There is no exemption from the privacy rule in in case of event Safeguards must be proactively built into the response plan 16 FEMA Definition Continuity of Operations,, is an effort within individual executive departments and agencies to ensure that Primary Mission Essential Functions (PMEFs) continue to be performed during a wide range of emergencies, including localized acts of nature, accidents and technological or attack-related emergencies.* *http://www.fema.gov/pdf/about/org/ncp/coop_brochure.pdf 17 Children s Definition Continuity of Operations (COOP) is the initiative that ensures that all departments, at the modality level, are able to continue operation of their essential functions under a broad range of circumstances. A modality driven approach to COOP provides the facility with a more comprehensive understanding of operations. All hazards 18 6

Other Key Definitions Downtime is the period of time when something, such as a building system failure, aspect, or process that contributes to the essential function is not in operation. Recovery are the actions taken to return to a normal or an even safer situation following downtime (emergency). Recovery includes getting financial assistance. Information Technology Disaster Recovery is the process Information Technology follows for responding to unplanned incidents that threaten IT infrastructure. 19 Activation Any event which disrupts or threatens to disrupt normal business operations for an extended period of time IT failure o Hardware, software, networks, processes, and people Utility failure o Building (mold, asbestos, structural) Communications failure Natural disaster Others 20 Benefits of COOP Competitive Advantage Ability to Assess Operational Impact of Downtime o Improved Response = Faster Recovery Operational Efficiency Sustainability Succession Planning Risk Identification and Reduction o Reduced Insurance Premiums Leadership Engagement Back up of Critical Documents Identification of Alternate Care Locations Standardized Downtime Procedures Quantitative Analytics 21 7

CHCO Lessons Learned COOP is the foundation of the Emergency Operations Plan (EOP) Develop your own interview tool Conduct operational profiles at the modality level Integrate existing processes Leadership support critical Limited COOP healthcare expertise Meet with line managers when possible Communicate effectively and showcase results Develop a sustainable COOP process Review with healthcare partners Operational overview, legal A tree with strong roots laughs at storms. - Malay Proverb 22 CHCO Opportunities Downtime Procedures Expanded definition Recovery Procedures Not just IT related Alternate Care Locations Integrate COOP with other internal systems 23 Vital Records Requiring IT DR Definition Documents that are critical to the essential operation of the facility Examples Staffing/HR Credentialing Contracts/Vendors Bylaws Accounting/Payroll Finance Policies/Procedures Vendor Legal/contracts Building Information Management HVA 24 8

Essential Functions Definitions FEMA defines as the critical activities that are performed by organization, especially after a disruption of normal activities*. essential functions are an agency's business functions that must continue with no or minimal disruption**. Children s Hospital defines as the fundamental role(s) that a department fulfills within the context of facility operations *https://www.fema.gov/pdf/about/offices/fcd2_b.pdf **https://www.training.fema.gov/hiedu/docs/cgo/week%204%20-%20lesson%202%20-%20elements%20of%20a%20viable%20coop.pdf 25 Interview Example It is useful to thinking of the department as the title of a book. The chapters are the functions of the department and the processes are the pages that fill the chapter(s). Example: The title (department) of our book will be the Emergency Department. The essential function(s) (chapters) of the Emergency Department are triage, assess, and stabilize; all of the numerous processes that take place within an emergency department in order to perform these essential function(s) fall under the chapters of triage, assess, and stabilize. 26 Sample Essential Functions To inform, create awareness, and educate internally to a variety of team member roles. Maintain a compensation and classification system Provide oversight and consultation in supporting the care of children with health needs in the community/schools 27 9

The Big Question How Do I Implement COOP/IT DR? 28 Options Develop program internally Internal resources State resources Healthcare Association resources Sample plans Partner facilities Contract with a experienced/competent healthcare consultant 29 Children s Model Operationalize where possible Driven by clinical support/leadership Utilize existing resources/data streams Partner with data/application owners Minimize leadership data entry Translate COOP/IT DR language into healthcare Leadership approach Feedback driven 30 10

COOP/IT DR Implementation Steps 1. Create a steering committee comprised of a diverse team of leaders who understand operations, business continuity, and risk Senior leadership support critical 2. Develop a plan and implementation strategy 3. Develop an operational profile (business impact analysis) interview tool and risk tools Standardization 31 COOP/IT DR Implementation Steps 4. Conduct manager interviews 5. Test/modify the COOP/IT DR plan 6. Reevaluate COOP/IT DR and integrate with other systems Note: Additional steps may be necessary to meet your facility needs 32 Steering Committee Create a steering committee comprised of a diverse team of leaders who understand operations, IT, business continuity, and risk. Senior leadership support critical Suggested Members Information Security IT DR Risk Operations Safety Nursing Charter, to include scope 33 11

Operational Profile Similar to the Business Impact Analysis (BIA) tool developed for Business Continuity Planning Most challenging part of COOP The Operational Profile provides a detailed assessment of operations Terminology differences Opportunity to conduct in-depth evaluations on the department level operations 34 34 Children s Hospital Colorado 2016 35 Downtime and Recovery Procedures 36 12

37 Manager Interview Critical questions to ask: How critical is the application to the department? Do you have an alternate application? Do you have written downtime and recovery procedures? What data is necessary for opening a new location? What is your process for using manual materials? Complex cases Pharmaceutical 38 Leadership Support How do I engage leadership? Speak their language Operationalize COOP/IT DR Demonstrate value Risk minimization Annual executive review How do I sell the program? One Manager at a time External experts 39 13

QUESTIONS? Electronic copy available on the Children's Hospital EM Website http://www.childrenscolorado.org/health-professionals/emergency-management 40 Available Resources Children s Hospital Colorado http://www.childrenscolorado.org/health-professionals/emergency-management Kansas Department of Health and Environment http://www.kdheks.gov/cphp/download/hospital_coop_guidance_document.doc Colorado Hospital Association http://cha.com/focus-areas/hospital-preparedness/toolbox/continuity-of-operations-(coop)- Planning.aspx California Hospital Association http://www.calhospitalprepare.org/continuity-planning Nebraska Medical Response http://nemedicalresponse.org/emergencyoperationsplanning.aspx 41 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback