Monday, March 31, 2008

Disaster Recovery and Business Continuity Plan

There was a time in my youth I was told to be proactive in order to maintain my cars to get the most out of them. I believe that was one piece of advise my father gave which I should have listened to. Especially after going through two cars with blown engines during my college years. Today, in technology i have seen similar situations that do not get the proper attention, and assumptions are being made until the day you are faced with a true disaster then realize that you are all alone and no one to blame but yourself. The moral of this little part of my life is: "You should always monitor and perform checks on items that are important enough in your work or life".

In today's Healthcare information technology, many components go unchecked, and when disaster strikes, several organitations suffer from many directions.

So, now looking at all the complex systems that are implemented in today's health care, from a small medical office, to a large IDN the reliance on technology one must wonder, how can we better prepare for any disasters.

Working with small to mid size practices one of the key mistakes that I have seen repeatedly is the lack of awareness of what their backup consists of. There is actually a small list of things they must know but no one tells them about:

Current challenges:

  • No one knows where the IT service support stops and when the PMS vendors begin.

  • Are all the practices important documents stored on the server with all the other major data, or is it still lingering under the "My Documents" on the office managers desktop.

  • Is the data restorable?

  • Is the data being backup daily (are the backup logs monitored.) PS: "in some applications, if one file is missing the data may be unusable."

  • If the practice is not using Microsoft Exchange or Lotus Notes, are their POP3 emails being backed up?

  • Design or request a network and application layout.

  • Request documentation or weekly reports on backup logs

  • Implement restore drills even on a testing server. (You can actually lease servers to perform tests on.)

  • Discuss disaster recovery with your staff, providers, IT support, and all your software vendors. Remember each software can have specifics when it comes to recovering from a technical disaster.

  • Identify what applications are business critical and which ones are not.

  • Make sure the backup rotation is appropriate. (Weekly is not acceptable, and can cause you financial and legal penalties).

  • Discuss your disaster recovery process with your insurance (it can lower your premiums if you have implemented and documented best practices.)

  • Invest in the right solutions up front. In many cases it might seem that you should settle for the low cost backup solution with limited storage without accounting for the growth of your storage over the next few years. Think of where your EMR plan might come in the picture, and when you might decide to scan all your paper chart. Your backup storage should be an investment that will have to be done wisely. You should not have to replace your backup solution in a year or so. So, ask if the backup you have in place is upgradable, and scalable.

  • Implement server monitoring to allow for your servers to be reviewed for errors that can help in preventing disasters.
Disaster recovery for Hospitals and large be continued..Once we move to a hospital /IDN environment, it is a different challenge. It becomes clear that it is not just a question of putting in the storage infrastructure alone, but more of having to manage the following:
  • What will be covered (if there are other organizations that might not be in the same geographic area)
  • Awareness and preparedness (understanding the risks to the business as well as the challenges that will need to be overcome.)
  • Procedures that would need to be implemented in order to guarantee that everyone is on the same page. From an IT prospective all the way to the Disaster Management Team and staff.
  • Technology infrastructure. This would include plans to either have a hot site ready with data that is replicated real time, all the way to stand by servers and solid backup or virtual platforms.
From a technology standpoint, there are many challenges that the IS department is faced with is the vast infrastructure that is in place. To point out few of them that we see in Figure 1.1.

Figure 1.1
There few more items tat might be missing from the Figure 1.1, such as the integration engine that keep all the hospital system all integrated and patient information centralized. Ranging from SUN JAVA CAPS all the way to MS BizTalk servers. In addition, there is the task to coordinate with all the different vendors. Any thing from the RAD system to the EMR servers that might be under maintenance contracts through a third party.

Reda Chouffani.. To be continued.....

1 comment:

belllis said...

This post is great! I wonder where we can find a company of talented IT staff just like yours in the NC area?