Posted by: AllinHIT
Disaster planning, Disaster recovery, Servers, Uptime
There is no doubt, and rightfully so, that the topic of cloud computing has been dominating technology infrastructure conversations as of late. We have EHR vendors, who only sold a client-server application, now reformatting their application for the “cloud”. We have physicians that two years ago screamed they would never use an EHR on the internet because of security who are now using an SaaS EHR vendor. Mobile health, ACOs, HIEs and CDS support can all be dependent on the development, availability and security associated with cloud computing. This is a good thing, since cloud computing can lower capital equipment costs and assist in implementing applications more rapidly. However, as health care depends more and more “to the cloud”, it also opens up organizations to additional vulnerabilities.
As a consultant for Navigant Consulting, I had the pleasure of writing disaster recovery plans for the utility industry. Like the utility industry, health care operations are critical in delivering very needed services. Actually, considering human life, I would say that a good disaster recovery plan for health care entities is absolutely vital! Having a transformer out, hence not having lights in a home, can’t compare to not having the ability to perform a surgery or electronically look up live saving patient information. That is why an updated disaster recovery plan is actually a necessity for saving lives.
One of the key terms in disaster recovery is redundancy. Most people believe redundancy refers to mirroring servers, however, there is more to redundancy than initially meets the eye. For example, one can have redundancy at the hardware level (servers, gateways, routers, etc), network level (local loops, VPN), and component/device level (iPhones, iPads, laptops). Having redundancy at all these levels insures more reliability than only having it at one level.
Another common term and task for disaster recovery is developing a “hot, warm, or cold site”. The hot site is having the ability to stay up and running despite a network or equipment failure (like having all servers mirrored). The cold site is a physical building or place where you have local circuits and a network, but you have to install the necessary hardware to be “up and running”. Depending on your needs, location, and budget, these sites will be crucial to your disaster recovery plan. Here in Florida, thanks to our history of hurricanes, its crucial that hospitals have a hot site, located outside the State of Florida, and a possible cold site in close proximity in case the hospital building is hit by the hurricane.
There are many other aspects of a disaster recovery planning that aren’t discussed here. For example, the “notification list” containing the list of people to contact, their contact information and their role in the disaster recovery plan is of key importance, and I mention this list for my last point. The disaster recovery plan is a fluid plan and must be updated continuously, and if the notification list has a person listed who is no longer employed at a facility, well, you can see why this plan has to be reviewed and updated constantly.
So, where is your updated plan?