Creating The Modern Healthcare Disaster Recovery Plan
By Danny Allan, vice president of product strategy, Veeam.
The healthcare industry is in the midst of a transformation with the widespread use of electronic health records (EHR), the increasing reliance on connected devices, and the move to cloud infrastructures. Accessing health records for accurate communications, diagnosis and treatment has never been easier, but protecting them may require a different treatment plan.
Traditionally, healthcare IT teams are faced with a long list of time sensitive spending priorities, leaving administrative investments like data protection and disaster recovery languishing at the bottom of the pile. However, with HIPAA and HITECH, the growing volume and influx of data, and critical patient care systems relying more on IT, a disaster recovery plan is moving closer to the top of the priority lists. But one question still arises: How prepared are healthcare providers to keep this information protected and continuously available to ensure the delivery of the next-generation of patient care?
Disaster recovery is the beating heart of up time
The healthcare industry faces constant pressures today to have patient information available 24/7/365 for providers and individuals. Moreover, consumers rely on accessing their private data to track appointments and treatments plans, which means it is vital that it be kept safe and well-managed. While infrastructure costs can be reduced with the use of cloud, IT still must ensure that these service level agreements are met. And so, having a backup and disaster recovery plan becomes crucial whether planning for potential power outages, accidental file deletion or natural disasters.
These contingency plans are designed not only to maintain up time, protected health information (PHI) data availability and be responsive during emergencies, but to comply with the HIPAA regulations that require healthcare organizations to have a plan to handle natural disasters, crises and data security.
One hospital’s disaster recovery plan revitalized
Rochelle Community Hospital is a not-for-profit hospital serving more than 20,000 patients each year in northern Illinois. It is the only hospital within a 30-mile radius making it an essential part of the community, especially if a natural disaster were to strike.
Like most hospitals and healthcare organizations, Rochelle Community Hospital used to follow the traditional DR plan for backup up its data using the 3-2-1 rule: three copies of data, two different media, one copy offsite. However, after a very close-call with a powerful tornado in 2015, which missed the hospital by only two miles, it became very clear to the IT team that they couldn’t properly protect data and maintain operations with their current disaster recovery plan.
At that time, Rochelle Community Hospital stored its offsite copy in a data center near the hospital – a clearly recognized mistake because if the tornado would have hit them, it would have taken out that center leaving them stranded without data. Patient care would have suffered as doctors would not have the real-time access to EHRs.
Realizing this, the Rochelle Community Hospital IT team changed its disaster recovery goal to focus on maintaining the availability of its data during a natural disaster or emergency, specifically patient EHR records. Their big challenge was to find a reliable solution that would stay inside their budget.
Cloud was seen as the best viable option as it provided cost-efficiency as well as the flexibility to have data stored offsite that could still be accessed even if local infrastructure was impacted. From its research, RCH opted to use Veeam Backup and Replication as the basis for its modernized disaster recovery strategy and worked with Comport to implement its secure backup-as-a-service, disaster-recovery-as-a-service and infrastructure-as-a-service solutions, allowing for proper data replication and access in the cloud.
Now, the IT team has a new 3-2-1 data protection protocol. Veeam makes three copies of the hospital’s data on Hewlett Packard Enterprise servers and stores copies on site on two different media. Veeam sends the third copy off site to Comport, enabling Comport technicians to provide backup and disaster recovery if necessary.
With this new approach, the hospital is addressing all of their goals. They modernized their plan to support patient care in the digital world while staying compliant. Rochelle Community Hospital is also ensuring their up time in case of a disaster and lowering costs as they are saving $250,000 annually which allows them to afford new equipment, such as an MRI machine for the hospital.
Disaster recovery makes a difference in healthcare
Having a disaster recovery plan makes all the difference in terms of being able to rely on technological advances to benefit patients. Hospital administrators know this, as according to Abbott and The Chertoff Group, 91 percent of them see cybersecurity as a priority in their facilities.
As data and application availability has become the new norm, especially when it comes to healthcare organizations and providers, it is vital to recover data fast, so providers have ability to access patients’ records.
There are many different issues that can be addressed by planning ahead, but ultimately the most important of all is offering the best service to patients. Rochelle Community Hospital is now ahead of the curve. With a modern DR plan in place, the Rochelle Community Hospital IT team can sleep soundlessly knowing that in the event of a disaster or a cyberattack their data and applications will be available and ready for doctors and patients at a moment’s notice.