Information processing activities is not just a recordkeeping aspect of an organization. Resources gathered via the automated information processing system is the most valuable asset a healthcare institution may have.
Every data center is subject to certain interruptions of service. They may involve an equipment failure that results in a few hours of downtime, a fire that destroys the data center itself while your operations is still conducting business as usual, or a major disaster that affects the entire community. A Disaster Recovery Plan is designed to reduce the consequences to an acceptable level, should you lose your data processing capabilities. It is important to realize that your plan must respond to the full range of potential disasters, up to major regional catastrophies. In addition, the Disaster Recovery Plan, as a protective measure, must be comprehensive and yet flexible enough to cover the entire data processing operation or any part of it.
The development of a Disaster Recovery Plan must be treated as one of your most important organizational projects. It requires the commitment and direct involvement of senior management. The project leader, or Disaster Recovery Consultant, is usually someone who is familiar with security or operations. The individual designated should develop a project plan, complete with estimates of cost and time involvement in the total effort to produce a workable Disaster Recovery Plan. A project of this nature involves the efforts of many people and a considerable amount of time. However, because it is critical to the survival of your organization after a single catastrophic event, it deserves the full support of top management.
YOUR POTENTIAL LOSS
How much could a disaster cost your healthcare institution if you did not have aviable recovery plan? In addition to the immediate costs that result from personal injury or death and destruction of your facility, hardware and software, a data processing interruption would at a minimum affect:
- Ancillary departments
- Patient billings
- Patient information
- Laboratory tests
- Cash receipts
- Accounts receivables
- Inventory records
- Collection records
- Payroll/Personnel files
- Financial statements
Business Interruption and Extra Expense Insurance can offset some of these losses initially. Mutual assistance may mitigate some of the effects at the outset. However, you would surely reach the limits of your insurance policies and far outstrip emergency backup capabilities in very short order. The immediate financial losses could very well be exacerbated by legal ramifications and consequential effects of your business interruption. In fact, an article in the June 7, 1982, issue of Computer World points out: 'fewer than 7% of all companies that experience computer damage to their DP operations are in business five years after the loss, according to a widely circulated insurance industry report'.
Records have shown that it can happen to us, today, tomorrow or five years from now. As we stand back and truly assess what we stand to lose if one or more contingencies occur, we have embarked on identifying and recognizing the inevitable risk.
Loss due to computer frauds were estimated to be 30 billion for 1985. This figure does not even include losses due to:
- Hardware failure
- Fire and water damage
- Power outage
The key to preventing loss is a well organized structure. It has been estalished, that an organization with the least amount of structure will sustain the highest amount of loss.
The attitude 'It won't happen to us' is just not good enough in today's world. Perhaps you are located in an area that is not subject to floods, earthquakes, winter storms or hurricanes. But every Hospital can be seriously damaged by fire, explosion, plane crash or sabotage by a disenchanted employee. Certain situations may deny access to your facility. These may include a hostage situation or a toxic spill that requires evacuation of the single area for days or weeks. Of course, the probability of any single one of these events is small, but the impact on your business would be catastrophic. Therefore, a workable plan to deal with them and a reliable recovery plan represent prudent management.
An extended service outage may cause your hospital to:
- Turn away patients because the EDP dependent functions cannot be adequately supported.
- Operate at a considerably slowed pace.
- Have a cash flow problem.
- Provide inaccurate as well as longer than usual billing.
News media reports may erode public confidence to the point that future growth would be impossible. Service bureau agreements and other contracts probably have clauses that absolve you of all blame for the disaster. However, you may encounter serious reluctance when you try to sign a new contract with the firm that suffered a major loss because of your disaster.
The examples given in Table 1 are but a few of the potential exposures. It is important to identify the specific risks that apply to the facility and assess the potential dollar losses that are associated with each one. Such risk assessment is very helpful in evaluating possible strategies, because the total cost of the recovery plan for any given year should not exceed the total potential losses for that same period. Risk assessment also leads to the selection of specific strategies that could be applied following different types of emergencies.
To understand that scope of the problem, a project leader must classify the types of emergencies that could affect the data center according to the following table:
Class 1 Few hours (power failure, illness or injury)
Class 2 More serious but less than 72 hours (hardware failure or minor fire)
Class 3 More than 72 hours and affects only data center (explosion, major fire or sabotage)
Class 4 More than 72 hours and affects data center and client operations facilities (toxic spills, strikes or severe power outage)
Class 5 Major disaster affecting entire community or region (flood, earthquake or winter storm)
PREVENTIVE MEASURES AND STRATEGIES
For a Disaster Recovery Plan to be successful it must be tailored to your local conditions. The process of establishing realistic objectives based on an assessment of the risks involved, selecting appropriate strategies, and assigning qualified persons to each planning task is fundamental to your success. A control center must be identified which can be quickly activated and which will be equipped with enough telephones for local and long distance communications to the Disaster Recovery facility. In any kind of an emergency operation, it is logical to address the most critical problem first. Thus, it is important to decide in advance the priorities of the various applications. The plan must address who is to perform specific duties during the recovery period. These people must be selected very carefully, alternates identified, and plans should be documented to train and test those individuals in the performance of their duties.
In the healthcare industry, significant financial losses and critical patient billing information could accumulate very rapidly if the computer goes down. Emergency or mutual assistance agreements are designed to take advantage of other facilities excess capacity for relatively short periods of time. These agreements depend upon the other facility being compatible and having extra capacity at a time when it is useful to you. Even when they could be utilized, these agreements provide only a stop gap means to process your most critical application for a short period of time. Just think of the thousands of dollars that would be a direct loss if you could not process daily cash receipts or patient billings for two weeks.
Some of the strategies that may be addressed could be applied to events in more than one of the classes listed above. Some of them would be employed in concert with others. The strategies include reverting to manual or degraded service, procuring off-the-shelf or warehouse replacements, employing mutual support agreements, moving to a company-owned backup facility and activating the plan to use the selected recovery facility. It is important to calculate the uninsured costs associated with each of these strategies and compare them to the potential losses associated with each of the potential disasters.
MAINTENANCE OF THE RECOVERY PLAN
Once the Disaster Recovery Plan has been organized, it is essential to the recovery effort to review and update the information on a regular basis. Information that is out-of-date with present operations will be of little or no use in an emergency situation. The plan must be updated on a scheduled basis so that names and telephone numbers for notification of key staff members are current. The plan must also be updated on a scheduled basis so that new functions and or organizational changes are included and the plan can direct the recreation of operations to support the DP department's objectives and use needs.
A practical analysis utilizing the information covered should clearly indicate to you the need for a Disaster Recovery Plan. While we all hope never to have to utilize a disaster recovery plan, we must recognize that foresight and preparedness may be the key to your organization's survival in the future.
M.J. (Doc) Trujillo-Fernandez is Manager of Contingency Planning Services, CBA Inc.
This article adapted from Vol. 2 No. 3, p. 13.