When connections are severed, focusing on disaster recovery, business continuity, and preserving the integrity of clinical and business operations can help teams minimize risk and loss while maximizing patient safety.
As more and more aspects of health care operations become digitized and cloud-based, asking one simple question can help CIOs and their teams ensure business continuity and minimize impact during a system outage: Do our team members across the organization know what to do when mission critical systems go down?
“Manual records and work are a thing of the past,” said Zahid Rathore, Senior Vice President at Healthlink Advisors. “But during an outage, teams need to know how to conduct business-as-usual without digital records — and how to maintain the integrity of records when the system comes back online.”
From a safety and revenue perspective, preparing for inevitable downtime is something that is — or should be — on every hospital leader’s mind.
“Malicious threats are out there in the form of ransomware or hackers — or a construction worker could accidentally cut a nearby fiber cable,” said Rathore. “But either way, leadership needs to be concerned about how they are going to continue to safely deliver care during downtimes, and how they are going to account for that care when system access is restored.”
Chris Jenkins, Senior Vice President at Healthlink Advisors, recalls a time when health care organizations were hesitant to adopt digital records. However, with the rapid expansion of the digital environment in recent years, it has become imperative to understand the impact of a downtime on interconnected systems.
Jenkins emphasizes the need for teams to comprehend how different systems work together and how an outage in one system can affect another. With the shift towards cloud computing, it is critical to consider the consequences of severed connections as vast amounts of information are being exchanged between systems at a rapid pace.
Best Practices for Downtime Preparedness
Jenkins and Rathore encourage organizations to focus on three areas when developing a downtime preparedness plan:
- Disaster recovery – How do we get the system back up?
- Business continuity – What do we do while the system is down?
- Maintaining integrity of records – How do we get information into the system after access is restored?
Although unplanned downtime is something no one wants to experience, having a robust plan in place that addresses each of these areas is crucial. Here are a few steps that can help teams start the conversation:
1: Engage in board-level discussion.
Executive and board leadership need to agree on the organization’s posture on managing downtime, including how to invest in efforts that mitigate risk.
“In mature organizations, the team will complete a business impact analysis to understand what systems exist, how they are used, how they work together, and how critical they are to the operation — and this can be complicated,” said Jenkins. “From there, teams can prioritize disaster recovery for each system based on what workflows can be temporarily suspended, as well as determine who will ‘own’ the downtime solution and maintain the knowledge of downtime procedures going forward.”
2: Incorporate best practices.
A successful preparedness plan should incorporate several best practices, including:
- Setting time triggers. Long downtimes don’t happen very often, so it can be helpful to establish time triggers — such as being down for 1-2 hours — before shifting to downtime procedures.
- Establish a process to securely distribute and store patient data on local devices. That may include utilizing downtime viewers and periodically validating that patient data is interfacing to the local devices.
- Take a team approach. Establishing an internal team to run the event “command center” and communicate with vendors.
- Focus on communications. “Keeping the organization informed on the progress of the service restoration is extremely important,” said Jenkins. Establishing an effective line of communication may include the use of cell phones, restoring applications like Microsoft 365, or leveraging secure chat solutions. The communication method should be a defined process that addresses multiple downtime scenarios.
- Consider limitations. “Many physicians don’t know how to hand write a legal medical record, and some team members might not know how to read cursive,” said Rathore. “Make sure your downtime procedures factor in challenges associated with manual processes.”
3: Train team members.
Although training has a role in business continuity access (BCA) planning and downtime preparedness, a carefully considered approach can ensure team members are ready when an event occurs. “We have come to a point where many co-workers across the organization have very little experience dealing with manual procedures and associated documentation. Without regular training, manual processes can sometimes be forgotten, especially during the stress of an unexpected and elongated downtime.”
“People are trained ad nauseum, so it’s important to introduce downtime preparedness as a priority for the organization,” said Rathore. “Consider using short, digestible refresher videos, including downtime preparedness as part of required annual training, and conducting tabletop exercises — even for the executive team.”
4: Manage risk.
Throughout the process, managing risk should be a part of the downtime discussion. When implementing a new solution, health care organizations should ask vendors about their track record regarding downtime — including planned and unplanned events. Service-level agreements [SLAs] can also be written to include provisions for downtime.
And organizations shouldn’t neglect the technology component of downtime preparedness — especially in the context of IT environment and security architecture.
“Teams should have procedures and technology solutions in place to identify malware, ransomware or indicators of a significant security event so they can lock down the system,” said Rathore. “Preventive maintenance can minimize risk.”
5: Reconcile data.
After the event is resolved and access is restored, teams must have a well-developed plan for how to capture and backload missing information.
“During an event, the focus should always be on documenting patient interactions and maintaining continuity of back-end application systems ,” said Jenkins. “However, what the organization does after the event can have a long-term impact on ongoing patient care and revenue cycles. A clear understanding of the capabilities of your system architecture is extremely important, especially when using tools to sync information.”
“Anticipating the volume of the backlog, lost productivity, and the people and processes required to get it ingested into the system is crucial — whether teams use manual data entry, batch scanning of pre-printed forms, integration with the EHR or cached data,” said Rathore.
How to Make Business Continuity Access an Organizational Priority
For many organizations, an actual outage or an unfavorable audit finding (with financial penalties attached) serves as the catalyst that stimulates investment in downtime preparedness. But teams shouldn’t wait until these events occur to act.
In fact, no matter how lean the IT team or budget may be, it is possible to make strides to improve business continuity access — and it all starts with identifying and understanding gaps.
“Healthlink Advisors can assist organizations in reviewing their current business continuity plan, identifying where the biggest gaps are, and prioritizing which ones to address first,” said Jenkins.
“Business continuity and disaster recovery planning isn’t just about technology,” said Rathore. “It’s an organizational plan that addresses how a team can care for patients and keep billing. This should be top-of-mind for all organizations, and Healthlink Advisors can help at any stage of the journey.”
Chris Jenkins and Zahid Rathore are senior vice presidents at Healthlink Advisors, a healthcare consulting firm committed to improving clinical innovation, business systems, and healthcare IT strategy, delivery, and operations. Our team has extensive experience in assisting healthcare organizations with short- and long-term IT planning, including disaster recovery and business continuity. To learn about how we can assist your organization, contact us at (888) 412-8686 or info@healthlinkadvisors.com.