Mar 29
2019
Creating The Modern Healthcare Disaster Recovery Plan
By Danny Allan, vice president of product strategy, Veeam.
The healthcare industry is in the midst of a transformation with the widespread use of electronic health records (EHR), the increasing reliance on connected devices, and the move to cloud infrastructures. Accessing health records for accurate communications, diagnosis and treatment has never been easier, but protecting them may require a different treatment plan.
Traditionally, healthcare IT teams are faced with a long list of time sensitive spending priorities, leaving administrative investments like data protection and disaster recovery languishing at the bottom of the pile. However, with HIPAA and HITECH, the growing volume and influx of data, and critical patient care systems relying more on IT, a disaster recovery plan is moving closer to the top of the priority lists. But one question still arises: How prepared are healthcare providers to keep this information protected and continuously available to ensure the delivery of the next-generation of patient care?
Disaster recovery is the beating heart of up time
The healthcare industry faces constant pressures today to have patient information available 24/7/365 for providers and individuals. Moreover, consumers rely on accessing their private data to track appointments and treatments plans, which means it is vital that it be kept safe and well-managed. While infrastructure costs can be reduced with the use of cloud, IT still must ensure that these service level agreements are met. And so, having a backup and disaster recovery plan becomes crucial whether planning for potential power outages, accidental file deletion or natural disasters.
These contingency plans are designed not only to maintain up time, protected health information (PHI) data availability and be responsive during emergencies, but to comply with the HIPAA regulations that require healthcare organizations to have a plan to handle natural disasters, crises and data security.
One hospital’s disaster recovery plan revitalized
Rochelle Community Hospital is a not-for-profit hospital serving more than 20,000 patients each year in northern Illinois. It is the only hospital within a 30-mile radius making it an essential part of the community, especially if a natural disaster were to strike.
Like most hospitals and healthcare organizations, Rochelle Community Hospital used to follow the traditional DR plan for backup up its data using the 3-2-1 rule: three copies of data, two different media, one copy offsite. However, after a very close-call with a powerful tornado in 2015, which missed the hospital by only two miles, it became very clear to the IT team that they couldn’t properly protect data and maintain operations with their current disaster recovery plan.
At that time, Rochelle Community Hospital stored its offsite copy in a data center near the hospital – a clearly recognized mistake because if the tornado would have hit them, it would have taken out that center leaving them stranded without data. Patient care would have suffered as doctors would not have the real-time access to EHRs.
Realizing this, the Rochelle Community Hospital IT team changed its disaster recovery goal to focus on maintaining the availability of its data during a natural disaster or emergency, specifically patient EHR records. Their big challenge was to find a reliable solution that would stay inside their budget.