As digital medical images continue to gain favor, healthcare organizations face new challenges that didn't exist when images were solely analog. And due to increasing pressure from government and industry regulators and the shock of a attacks, blackouts and fires, two of these issues - disaster recovery and business continuity - have risen to the top of the list of healthcare IT managers' concerns.
DISASTER RECOVERY OR BUSINESS CONTINUITY: WHAT'S THE DIFFERENCE?
Disaster recovery (DR) and business continuity (BC) are often treated interchangeably, but in fact, the two terms have distinct meanings. Disaster recovery refers to an organization's ability to maintain the integrity of its technology infrastructure, applications and data in the event of a disaster. Disaster recovery involves data and system redundancy and their accessibility following hardware or software failure or destruction. In medical imaging, this includes issues such as accessibility of patient images; availability of a picture archiving and communications system (PACS), radiology information system (RIS), or image acquisition equipment; and reliability of the radiology or hospital network.
Disaster recovery is usually viewed as a single component of business continuity, which is the ability to withstand business interruptions that might occur as the result of a disaster or some other abnormal incident. Besides disaster recovery, business continuity also includes maintaining everyday functions that contribute to smooth business operations, such as workflow, scheduling, staffing, and communications. Business continuity concerns in medical imaging include availability of IT staff, maintenance of communication networks such as email and phones, and provision of consistent workflow.
DISASTER PLANNING: BE PREPARED
An organization's best ally in disaster planning is a robust disaster recovery/business continuity plan. And courtesy of a regulatory environment that demands their preparation and implementation, such a plan is no longer just an option for healthcare organizations.
As you probably know, the Joint Commission on Accountability in Healthcare Organizations (JCAHO) requires U.S. healthcare organizations to develop business continuity plans that include provisions for patient data security and loss protection; analysis of potential disasters; and establishment of emergency communications plans.
In addition, the Health Insurance Portability and Accountability Act (HIPAA) security rule, which will become effective in April 2005, mandates data backup and disaster recovery plans for all healthcare organizations.
"Because of HIPAA regulations, hospitals are very interested in [business continuity]," says Steve Higgins, director of business continuity for storage company EMC Corp. "The big challenge is [having] a comprehensive business continuity plan that addresses how the different technologies are connected and ensures highly backed up and available data."
BUSINESS CONTINUITY PLAN PRIMER
There are several steps in creating a viable business continuity plan.
Organize the planning team. A healthcare facility's executive management should endorse the project and be heavily involved in the planning team. Depending on the size of the organization, members could include the CIO, radiology administrator, radiology department head, IT project manager, PACS administrator, and director of radiology informatics. An experienced project manager should be chosen as team leader.
The project manager should make sure that team members understand HIPAA and JCAHO security rules. The team should create goals, objectives, and project milestones and be held accountable for achieving these goals.
Establish the most likely disaster scenarios facing your institution. Understanding the types of potential disasters that could be faced by an organization can help IT managers develop and test scenarios for business continuity and disaster recovery plans in their imaging departments.
At the Cleveland Clinic, business continuity scenarios were ranked in the order in which they were most likely to happen. "We dealt with the more common failures and then worked down the line to the less common failures," says David Piraino, M.D., section head of computers in radiology at the Cleveland Clinic.
According to Piraino, the Cleveland Clinic's business continuity team determined that the most common failure in imaging IT is workstation loss. "We try to deploy workstations so that there's