Magazine Article | January 29, 2013

HIT's Business Continuity Shortcomings Exposed

Source: Health IT Outcomes

By Ken Congdon, Editor In Chief, ken.congdon@jamesonpublishing.com
Twitter: @KenOnHIT

Ken Congdon, Editor In Chief, Health IT OutcomesJust as Hurricane Katrina alerted the healthcare industry to the need for EMRs when thousands of paper medical records were destroyed by floodwaters in 2005, 2012’s Hurricane Sandy exposed the glaring disaster recovery and business continuity shortcomings that still exist in healthcare today. Power outages and flooding from “Frankenstorm” affected health IT systems throughout New England, New York, New Jersey, and Pennsylvania. For example, Staten Island University Hospital was forced to revert to paper patient records after flooding disrupted power to the building where the hospital’s data servers were stored, thereby cutting access to EHRs. Similarly, West Penn Allegheny Health System in Pittsburgh lost EHR access when the IDN’s data center in Mountain Lakes, NJ, sustained damage during the storm surge.

These two examples, in particular, showed us that EHRs aren’t enough. While electronic patient records weren’t permanently lost due to Hurricane Sandy, many weren’t accessible at the height of the storm and, in some cases, for several days after. We, as an industry, need to do better. A natural disaster in one part of the country should not put a healthcare facility’s data in jeopardy. Healthcare needs to adopt (on a wider scale) the same disaster recovery and business continuity strategies already in play in other key vertical markets (e.g. banking, retail, etc.) to ensure crucial financial and consumer data is always accessible.

The first step in this process is to put the systems in place to ensure effective backup and redundancy. For example, all health IT systems should reside in separate, fully redundant data centers in geographically dispersed locations throughout the country. That way, if one data center is affected by a storm or crisis, operations can immediately be transferred to the other with little to no interruption or loss of data access.

The Statewide Health Information Network for New York (SHINNY) exemplified just how vital sound business continuity practices can be. Its redundant data centers (one in New York City and another in Texas) ensured its EHR exchange remained operational when surrounding hospitals were in the dark.

Hurricane Sandy showed healthcare providers how fragile even the greatest health IT systems can be in the wake of Mother Nature. More importantly, it gave us a good indication of what providers need to do to shore up their defenses. As our survey indicates, it seems like 2013 could be the year that providers make the necessary investments in disaster recovery and business continuity … and that’s a good thing for all of us.