When creating a data protection, backup and recovery strategy, there is a deeper level that must be addressed and that’s critical system availability. It’s extremely important that critical applications are appropriately prioritized during an emergency situation when multiple apps need to all be recovered quickly. This can help ensure real-time patient safety and quality of care goes uninterrupted in the event of a disaster.
Healthcare organizations are seeking application and data availability solutions – it’s required!
Disaster recovery (DR) planning is not only extremely beneficial to an organization but is actually mandated by both HIPAA regulations and the Joint Commission: Accreditation, Healthcare and Certification (JCAHO). JCAHO is an independent, not-for-profit organization that is responsible for the accreditation for providers within the healthcare industry. It performs yearly reviews of clinical processes including disaster recovery for all critical infrastructure.
Basically, in an emergency situation, healthcare organizations need to recover their most important services first, then the next wave of services based on priority and so on until everything is recovered and restored.
Needing to recover information could be the result of a complex event, such as a cyber attack , or even something as natural as a flood. Not long ago, my team and I worked with a hospital located in an area in Texas that happens to have a lengthy hurricane season. When storms like this hit, strong winds can knock over trees and power lines, causing outages. Installing a DR solution for that hospital meant that if and when the power goes out, critical data was quickly recovered and no information was lost.
There’s too much at risk for healthcare organizations to leave it to chance
Have you ever had your computer freeze right in the middle of a project? Or had your kids come to you upset that the battery died in their game before they could save? Losing data is frustrating and time-consuming to recover. Now imagine data loss on a larger scale with dozens or hundreds of employees simultaneously losing their progress. Imagine it happening at a healthcare organization where not having up-to-date patient information can have possibly fatal consequences.
Traditionally, healthcare organizations recover applications by loading tapes in a legacy approach that can take up to 72 hours. This backup process works well for certain applications that are non-essential or that don’t involve patient or clinical care, but high-priority data and patient-critical applications need swift recovery so that provider sites seeing patients can continue to function and maintain the continuum of care.
How can you help your healthcare customers with their application and data availability needs?
As you speak to new and existing healthcare customers, talk to them about their disaster recovery needs. Here are some questions that can help you identify opportunities with application and data availability and where you can steer the conversation from there:
Ask “Have you prioritized your application and data recovery requirements?”
As mentioned earlier, critical applications that contain legally-protected, high-priority information will need to be recovered much faster than other applications. If your healthcare customer has or wants to implement a disaster recovery plan that is universal across applications and data, they could find themselves in the dark during an emergency.
If you’re interested in learning more about information governance and how to identify and prioritize data, check out my earlier article on the Avnet Advantage blog.
Ask “How much data can you afford to lose if the system goes down?”
The answer to this will usually be, “the system could never go down.” That’s like saying “I will never get into a car accident so I don’t need insurance.” Sure you might be a fantastic driver, but that won’t stop branches from falling or ice from freezing on the road or other drivers who forget to use their indicators. It’s perfectly fine to expect the best, so long as you plan for the worst.
During your discussion, be sure to mention some of the situations that can lead to system issues and loss of data. Ask your client to think about how they and their staff would react if patient-critical information was unavailable for three days. If you really want to make a point, call them three days later and remind them of the conversation to show them just how long 72 hours can be.
Ask “When was the last time you tested your disaster recovery plan?”
The federal Occupational Safety and Health Administration (OSHA) requires most companies to provide fire prevention plans, emergency routes and action plans to protect employees, but fire drills are not required. Disaster recovery is exactly the same. Many think that having a plan in place is enough to protect them from any incident but how do you know it will work if you don’t run tests?
There are tools available that will allow healthcare organizations and/or IT service providers to inspect IT environments and perform mock failovers without actually failing the database. Testing a disaster recovery plan can help identify areas of improvement so that companies can move forward with confidence.
Ask “Do you currently have the necessary resources or technical abilities to recover quickly?”
Healthcare customers might not have IT in their wheelhouse – in fact, approximately 23% of hospitals do not have a disaster recovery plan at all. This is where you can emerge as a trusted IT services provider.
Whether they have never considered application and data availability, need to create or test their DR plan or prioritize applications and data, healthcare organizations will look for IT specialists with industry awareness as well as top technology products and services. Partnering with Avnet and Veritas can help you bring experience, IP and world-class technology to the table, all to create the ideal solution. Veritas backup and recovery appliances, for example, can provide some of the fastest recovery imaginable from backup using rapid disk-to-disk recovery.
When consulting with healthcare customers, remember that while disaster recovery is mandatory, some companies attempt to get by on having the bare minimum. By educating staff on application and data availability and the benefits of a well-tested DR plan, your customers can weather the storms (metaphorically and literally) and continue to deliver uninterrupted, quality patient care.
Click here to watch a short video and learn more about application and data availability in the healthcare industry.
Prior to joining VERITAS, Rick served as the Healthcare Practice Manager and National Healthcare Architect for Symantec Corporation. Past positions include Chief Information Security Officer at Texas Children’s Hospital and Executive Manager of Infrastructure for M.D. Anderson Cancer Center in Houston, TX. Rick developed and led the first Shared Services Organization for Hearst and Managed outsourced services for the global IT service provider, WiPro. In addition, he created and managed all client IT services for First Data Corporation.
Rick holds a degree from the University of Texas at Austin and is a certified in both Six Sigma Black Belt and ITIL.
Latest posts by Rick Bryant (see all)
- What hospitals must have and should have when it comes to disaster recovery requirements and solutions - February 8, 2017
- How to talk to healthcare organizations about their disaster recovery requirements and needs - February 2, 2017
- 10 steps to fight ransomware AFTER it’s infected healthcare systems - October 12, 2016