Over the past several years, physicians and other ancillary healthcare workers have shifted away from paper documentation to the use of electronic medical records (EMRs). The establishment of the Medicare and Medicaid Incentive Programs (now called the Promoting Interoperability Programs) by the Centers for Medicare and Medicaid Services in 2011 has further served to hasten this transition. Under this program, providers and eligible health facilities receive federal payments for their adoption and utilization of electronic health systems.
With this increase in medical data being stored electronically, it is essential to have a disaster recovery plan in place to ensure that your healthcare facility can still function if its data is lost or corrupted. An effective disaster recovery plan lets you restore your medical data and resume normal processes with minimal downtime following any type of data loss. Without a disaster recovery plan, your business may have a delayed recovery or even fail following any type of significant data loss.
There are several factors to be taken into consideration when setting up an effective disaster recovery plan for your healthcare organization; addressed below are some of these considerations.
All data are not equal in a healthcare organization; some data, known as mission-critical data, are more relevant and essential to the functioning of the organization. The inability to successfully restore mission-critical data following its loss or corruption can severely hinder a healthcare organization’s ability to rapidly recover and resume normal processes. As part of a disaster recovery plan, a business impact analysis should be performed to identify all mission-critical data and applications; during the data backup process, these mission-critical data should receive the highest priority. Furthermore, during data recovery after a data loss event, the mission-critical data and applications should be among the first to be restored.
Having a data backup plan is another key consideration of an effective disaster recovery solution. A data backup plan dictates which medical data to back up, how frequently the data should be backed up, as well as how long the data can be stored; these, in turn, are dictated by the type of medical data as well as the storage capacity of the secondary data storage sites. Ideally, mission-critical data should be backed up the most frequently as its loss has the most negative impact on a healthcare organization.
Title II of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandates that all medical information should be managed in such a manner that ensures that patient privacy is adhered to; failing to abide by this law can lead to financial as well as other penalties from the government. As such, the data backup solution used as part of a disaster recovery plan should offer adequate protection and ideally, encryption, of patient medical data so as to remain HIPAA compliant.
One of the most important considerations of an effective disaster recovery plan is the site and type of secondary storage to be used to back up medical data. There are two primary types of storage sites that can be used for this purpose:
At Otava, we know how important is to have a disaster recovery solution for your health care business, and we’ve working with several health care providers to put solutions in place. With our Disaster Recovery as a Service (DRaaS) offering, you can rest assured that your medical data is securely stored and can be readily retrieved as needed. Contact us today to get started with a disaster recovery plan for your business.