4 Reasons to Update A Hospital Business Continuity Plan
When a computer virus infected the IT systems of a UK hospital group in November 2016, the group was forced to halt operations at three hospitals. For five excruciating days, the hospitals turned patients away while they shut down their systems to isolate and remove the virus. Even “major trauma cases” and “high risk women in labour” were directed to other facilities. According to a report in Computing.co.uk, some experts now speculate there may not have been a hospital business continuity plan in place that would have helped to keep the facilities running during the disaster.
What’s more likely: there probably was some form of hospital continuity of operations plan. However, the plan likely hadn’t been updated recently enough to include the risks of a critical IT systems failure.
Simply creating a plan is not enough
Today, most facilities offering urgent medical care do have a hospital business continuity plan. In the United States, having a healthcare business continuity plan is not just a moral or business decision. It’s the law. Under HIPAA, the Department of Health and Human Services requires that healthcare businesses have a “comprehensive testing and monitoring strategy … to prevent and manage [Electronic Health Record] downtime events.”
But a hospital business continuity plan is by no means a “once and done” project.
If you’re not constantly updating and reevaluating your plan, then you’re leaving your hospital at risk.
The importance of updating your hospital business continuity plan
1) Outdated information
Keep in mind that a good business continuity plan for hospitals is extremely specific. It outlines places, technologies, vendors, processes and other information that becomes quickly outdated.
Even information that’s only a month old may not be applicable anymore. So, it’s important to update your plan constantly.
- Tip: Your business continuity plan should include a schedule for reviewing and updating the plan, and by whom. You’ll likely need to identify several people or teams who are responsible for this critical task.
2) New threats
Hospitals must constantly plan for a wide range of disaster scenarios, both manmade and natural. These threats evolve and can increase over time.
Only a few years ago, very few organizations understood the threat of ransomware – or had even heard of it. Today, it’s one of the most costly forms of cyberattacks, which the FBI says are increasingly targeted toward hospitals and government agencies.
That’s just one example of a threat that probably wasn’t included in most disaster recovery plans for hospitals only a few years ago. But it absolutely must be today.
What about the changing risks of other disasters? Is the hospital located in an area where it might be more prone to harsh weather conditions caused by climate change in future years? What about the risks of a sudden virus outbreak, like Ebola, which forced healthcare organizations to rapidly restructure their emergency processes in 2014?
New threats are constantly emerging. Updating your plan is essential to staying prepared.
3) Changing personnel
A business continuity plan identifies numerous staff people, including key executives as well as department heads, who will play critical roles in a disaster. Who will be in charge? Who will implement the procedures listed in the plan? Who needs to be contacted, both internally and externally? Which vendors will supply backup resources if needed? Who has access to mission-critical IT systems?
Your plan may be filled with names or titles from across your organization. But if those personnel have moved onto other jobs, or the positions have changed, then their absence will leave gaping holes in the plan. This is why it’s critical to constantly review the plan to ensure that all personnel information is accurate and up to date.
4) Better technologies
Systems for backing up and restoring critical hospital data have improved significantly over the years. If you’re using technologies that are even just a few years old, you could run into serious issues during an IT disaster. It could take days to restore data, or the data could be corrupted beyond recovery.
IT administrators must reevaluate their disaster preparedness technology at least once a year to ensure that data is being properly backed up – locally, in the cloud, or both – and can be recovered almost instantly.
A work in progress
You must think of a business continuity plan like a work in progress, not a static document. There are many moving parts, in addition to those listed above. By reevaluating the plan according to a specific schedule, you can greatly minimize the risk and length of operational downtime when disaster strikes. Contact us for help.