Your Practice"s Disaster Recovery Plan
If a natural disaster strikes, your practice needs to be able to retrieve critical information through a disaster recovery plan. You will also need to start operating again to maintain business continuity.
Quite a few medical practices got a test of disaster recovery preparation during hurricane Katrina and the damage it wrought. Most of those practices that used paper record-keeping only are still trying to come back from that event. The few practices that had been using electronic medical records, or EMR, had the ability to recover records and are further along the road to recovery.
What is a disaster recovery plan? A good plan clearly defines what needs to be done, who does what tasks, where these tasks are performed, why they are important, and how the tasks should be completed.
Our practice performs backup to tape on a daily basis, for both the practice and the ASC. This occurs at the end of each workday. Backup copies are then transported to an alternate location by courier, and secured in a fire-proof container. When practices use this kind of system, they cannot lose more than a day's worth of information. Other more expensive and sophisticated solutions add security layers; these solutions include remote backup services online. Still, these pricey solutions are often out of range for the small and medium-size practice.
The backup system must be tested on a periodic basis. We test the previous day's backup, restoring it on to another server which is used for training purposes. If faults are discovered in the training database, we know we have an issue with the backup system.
Additionally, backup media such as tapes have a finite life span, and need to be periodically replaced. You shouldn't just throw out the old ones, however - these must be properly erased and discarded in order to keep your practice's private information protected.
Remember that your plan should comply with regulations set forth by the HIPAA. Consider the risk of laptops which are stolen and the possibilities for sensitive info to fall into the wrong hands. Our couriers work for our practice directly, and the tape container and the locker where they are kept have different keys.
An event more likely than a hurricane or flood is a lightning strike or server failure. Are redundant backup servers in use? Do they operate on a redundant power source? What's the plan for ensuring business continuity after an event? Will the practice be forced to cancel appointments and go into reduced operations? If so, for how long?
If there are multiple offices at your practice, one of the satellites can become a hot site which takes on the functions of another if the main headquarters are inoperable. You still may need to set up a cold site, using whatever office space you can to respond to changing needs. There's also the possibility of setting up a sister office situation, an agreement in which friendly competitors or colleagues agree to help each other out in the case of a disaster to one of the parties.
Critical paper documents should be stored in a fire and water-proof container. This isn't a feasible option for storing patient records, unfortunately - documents that are irreplaceable should be kept in a separate, secure location. Lastly, consider business continuity insurance. This will help keep cash flow moving in order to pay expenses until the revenue stream is restored. This sort of insurance could spell the difference between total ruin and the eventual financial recovery of a practice after disaster strikes.
Quite a few medical practices got a test of disaster recovery preparation during hurricane Katrina and the damage it wrought. Most of those practices that used paper record-keeping only are still trying to come back from that event. The few practices that had been using electronic medical records, or EMR, had the ability to recover records and are further along the road to recovery.
What is a disaster recovery plan? A good plan clearly defines what needs to be done, who does what tasks, where these tasks are performed, why they are important, and how the tasks should be completed.
Our practice performs backup to tape on a daily basis, for both the practice and the ASC. This occurs at the end of each workday. Backup copies are then transported to an alternate location by courier, and secured in a fire-proof container. When practices use this kind of system, they cannot lose more than a day's worth of information. Other more expensive and sophisticated solutions add security layers; these solutions include remote backup services online. Still, these pricey solutions are often out of range for the small and medium-size practice.
The backup system must be tested on a periodic basis. We test the previous day's backup, restoring it on to another server which is used for training purposes. If faults are discovered in the training database, we know we have an issue with the backup system.
Additionally, backup media such as tapes have a finite life span, and need to be periodically replaced. You shouldn't just throw out the old ones, however - these must be properly erased and discarded in order to keep your practice's private information protected.
Remember that your plan should comply with regulations set forth by the HIPAA. Consider the risk of laptops which are stolen and the possibilities for sensitive info to fall into the wrong hands. Our couriers work for our practice directly, and the tape container and the locker where they are kept have different keys.
An event more likely than a hurricane or flood is a lightning strike or server failure. Are redundant backup servers in use? Do they operate on a redundant power source? What's the plan for ensuring business continuity after an event? Will the practice be forced to cancel appointments and go into reduced operations? If so, for how long?
If there are multiple offices at your practice, one of the satellites can become a hot site which takes on the functions of another if the main headquarters are inoperable. You still may need to set up a cold site, using whatever office space you can to respond to changing needs. There's also the possibility of setting up a sister office situation, an agreement in which friendly competitors or colleagues agree to help each other out in the case of a disaster to one of the parties.
Critical paper documents should be stored in a fire and water-proof container. This isn't a feasible option for storing patient records, unfortunately - documents that are irreplaceable should be kept in a separate, secure location. Lastly, consider business continuity insurance. This will help keep cash flow moving in order to pay expenses until the revenue stream is restored. This sort of insurance could spell the difference between total ruin and the eventual financial recovery of a practice after disaster strikes.
Source...