Upload
lamminh
View
214
Download
0
Embed Size (px)
Citation preview
E-Guide
Planning for disaster recovery in a
health care setting
For hospitals, timely access to patient data is critical for maintaining
normal operations during a natural or man-made disaster. This Eguide
will help health care providers create and implement an effective
disaster recovery plan.
Sponsored By:
SearchHealthIT.com E-Guide
Planning for disaster recovery in a health care setting
Sponsored By: Page 2 of 7
E-Guide
Planning for disaster recovery in a
health care setting
Table of Contents
HIPAA disaster recovery plan
Disaster Recovery Planning for Health care organizations
Resources from Dell Compellent
SearchHealthIT.com E-Guide
Planning for disaster recovery in a health care setting
Sponsored By: Page 3 of 7
HIPAA disaster recovery plan
A HIPAA disaster recovery plan is a document that specifies the resources, actions,
personnel and data that are required to protect and reinstate healthcare information in the
event of a fire, vandalism, natural disaster or system failure.
The disaster recovery plan is a required implementation, defined within the HIPAA
Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security
Rule. The Rule calls for HIPAA-compliant organizations to anticipate how natural disasters
could damage systems that contain electronic health information and develop policies and
procedures for responding to such situations.
A HIPAA-compliant disaster recovery plan must state how operations will be conducted in an
emergency and which workforce members are responsible for carrying out those operations.
The plan must also explain how data will be moved without violating HIPAA standards for
privacy and security. It must also explain how confidential data and safeguards for that
data will be restored. Although HIPAA doesn't specify exactly how to do this, it does note
that failure to adequately recover from a disaster could lead to noncompliance. Failure to
comply exposes officers of the organization to repercussions, such as fines or jail t ime.
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• • • • • • • • • • • • •
• •
• •
• •
• •
• • • • • • • • • •
See a Webinar on
Dell Compellent Storage
Solutions featuring
Fluid Data Technology E� cientVirtualStorage.com
Fluid Data storage helps you
save time and slash costs. data e� ciently
on a single platform
with a single tool
Manage Scale
Automate
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
•• •• •• •• •••••• •• •• •• •• •• •• •• •• •• •• •• •• •• •• ••
• • • • • • • •• • • • • • • • • • • • • •• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
• ••••••••• • • • • • • • • • • • • • • • • • • • • •••• • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
••••••••
••••• ••••••••
••••
•••• •• ••• •• •• •• •• •• ••
Dell Compellent Storage
Technology E� cientVirtualStorage.com
with a single toolAutomate
Scan to see a snapshot
of customer success
with Dell Compellent
storage.
SearchHealthIT.com E-Guide
Planning for disaster recovery in a health care setting
Sponsored By: Page 5 of 7
Disaster Recovery Planning for Health care organizations
It seems like many health care providers have been so busy architecting their state HIEs,
regional health organizations and enterprise community platforms that they haven’t thought
through the architectural demands of resiliency. So they don’t have a good answer for the
question, “What happens if I lose all or part of my network in a disaster?”
In order to answer that question, you need to let your imagination run wild, factor in your
organization’s specific circumstances and explore a range of disaster recovery scenarios to
develop an effective set of responses.
Start by asking yourself the basics:
• What data do we have?
• What data can we store?
• What data can we transport easily?
• What data can we get to another location in the event of an emergency?
• What critical types of data are likely to be needed (i.e. medication lists, immunization
records for population subsets like children and medical records for those with
chronic conditions)?
Beyond the data itself, there’s the issue of access to the data. If you need to change
security rules in your data center, how do you do that? Which personnel need access to the
system (for instance, volunteers as well as trained professionals)? What type of IT people
would be most critical? Would the right business administrators be available to make rule
changes?
Granting security access is really important. To be able to grant new people access to a
large number of records, you’re going to have to make a massive change, perhaps even
relax security completely.
SearchHealthIT.com E-Guide
Planning for disaster recovery in a health care setting
Sponsored By: Page 6 of 7
And what about information flow under disaster conditions? Would you have a way to
throttle information in-flow to the rate of speed your system can consume? In emergency
situations, health care providers must often queue data so that the system can process it as
fast as possible without being overwhelmed by sheer volume. This is particularly important
if you’ve designed a real-time synchronous system.
Other potentially important questions to ask when exploring disaster recovery scenarios
include:
• 1. Would you have to move hundreds, or even thousands, of records in minutes or
hours, or would you have days to respond?
• 2. Does your network have the necessary bandwidth to handle big data moves?
• 3. Would people be able to access computer terminals remotely if your data center is
not in your building?
• 4. Is it possible that network lines feeding into your building could go down, so that
even if your data center is up and running, no one could acc ess the data?
Thinking through disaster recovery scenarios may seem daunting, but the process can be
invaluable. It can build team spirit and cross-departmental cooperation where it doesn’t
currently exist. It can give you insight into the limits of your capabilities. It can expose a
process or procedure gap. It can give you the tools to illustrate for management how your
modern health information exchange is going to respond in an emergency. Perhaps most
importantly, it can throw into stark relief the importance of granting secure access to the
first responder facing the most vital challenge of all: effectively ensuring the well-being of
the patient.
SearchHealthIT.com E-Guide
Planning for disaster recovery in a health care setting
Sponsored By: Page 7 of 7
Resources from Dell Compellent
7 Ways to Manage Rapid Patient Data Growth
Webcast: Better Care Through Better Storage
Graves-Gilbert Clinic: Accomodating and Protecting PACS files with Fluid Data
Technology
About Dell Compellent
Dell Compellent has created a revolutionary enterprise storage solution that automates the
movement and management of data at a more granular level. Dell Fluid Data technology
and built-in storage intelligence delivers significant efficiency, scalability and flexibility. Only
a Fluid Data architecture can actively, intelligently manage your data to cut cost, time, and
risk for your business.