In the last few decades healthcare organizations have deployed information technology (IT) to meet clinical and business needs across the enterprise—in hospitals, imaging centers and physician offices, large and small. A growing reliance on IT infrastructure has increased sharply in the last decade, as more facilities embrace PACS (picture archiving and communications systems), CPOE (computerized physician order entry) and EHR (electronic health record) systems.
And with the adoption of sophisticated IT applications, healthcare organizations have been enabled to improve patient care and safety, trim costs and share information among authorized caregivers. These benefits, however, are not without drawbacks. Increased utilization of IT solutions translates into increased dependence, and thus risk, in the event of an outage or data loss.
What are the risks to a healthcare enterprise when an outage occurs or a storm wipes out critical data in the data center? Many facilities are gradually eliminating paper, so simply returning to old processes during a system outage is not as easy as it sounds. In fact, returning to paper processes can be costly and may even be impossible. “We’ve been migrating to full automation and will reach the point where our staff won’t be as familiar with manual procedures,” explains Chris Panagiotopoulos, director of technology for LifeBridge Health in Baltimore.
|Establishing Best Practices for Data Management|
|Classify data to establish data management policies based on service level requirements. Classification includes disaster recovery requirements, point-in-time recovery objectives, retention periods, and so on. Data classification and assessment across the enterprise is a large project, and professional services organizations with assessment and tiered storage expertise can be invaluable.
Use disk technology for applications that have significant service level agreements (SLAs) around recovery point and time objectives.
Separate the concepts of backup and recovery from archive. Use backup and recovery for disaster recovery and operational recovery, and archiving for lifecycle management, retention periods, discovery and compliance.
Clearly understand what your compliance requirements are: government, industry, corporate governance or litigation. Most enterprises must be prepared for all of these types, and corporate IT should build storage management strategies around differing compliance requirements and discovery motions.
Other options can be equally distasteful. The enterprise can accept the risk of an outage, which may open the door to unpleasant and expensive economic and legal ramifications.
In today’s healthcare environment, critical clinical data must be recovered in a matter of minutes. Non-mission critical systems like patient registration or supply chain management may allow for a slightly longer recovery time, but recovery must be timely. That’s because an inventory outage could occur while a time-consuming manual data recovery process is being conducted.
A solid business continuity plan provides the healthcare organization with the redundancy and infrastructure necessary to recover data if a primary system or data center is compromised or destroyed. A disaster recovery contingency plan also is needed to comply with the Healthcare Insurance Portability and Accountability Act (HIPAA) requirements to respond to system emergencies.
When the physician owners of Austin Radiological Association in Austin, Texas, pondered the implications of operating a highly IT-dependent enterprise, they opted for the business continuity route, says CIO Todd Thomas. “We made a strategic decision to implement a business continuity plan,” continues Thomas. The CIO likens business continuity to an insurance plan; the buyer hopes he’ll never need it, but appreciates its value if it is used.
Furthermore, the benefits of business continuity transcend its insurance value. Many facilities that have turned to industry leaders like EMC to help deploy business continuity solutions are reporting benefits—including better utilization of IT assets, increased availability of systems and reduced costs.
Achieving business continuity is a complex, but increasingly necessary, undertaking. It is an ongoing strategy that includes education, assessment, planning, implementing and testing. Healthcare organizations need to consider server