Isn’t that what we tell ourselves on a daily basis…”it will never happen to me.” As we all know, in some cases, it is not a matter of “if” it will happen, but “when” it will happen. In a HealthIT.gov CyberSecurity article detailing the “10 Best Practices for the Small Health Care Environment“, an important point is made:
“Sooner or later, the unexpected will happen. Fire, flood, hurricane, earthquake and other natural or man-made disasters can strike at any time. Important health care records and other vital assets must be protected against loss from these events.”
You need not look too hard to find stories of these exact situations crippling families, communities, and businesses. Ask anyone who has endured a hurricane, wildfire, or tornado, whether they still believe they are not vulnerable to a disaster. You can also point to power grid failures or destructive computer viruses that leave individuals and businesses scrambling to resuscitate their access to electronic records and applications. Check out this link for details about a case study on such a system failure that caused a “meltdown” and the wisdom gained from the experience.
As they say, hindsight is 20/20 so do you think anyone who has experienced these sorts of events now questions the value of planning for the worst? Unfortunately, both personally and professionally we tend to devote little time and energy to preparing for the worst. In the case of delivering health care services to patients and securing their medical records, however, preparing for the worst needs to be a top priority. Disaster recovery planning is the first step in preparing. The planning needs to focus on assessing internal resources including intellectual assets and vital equipment.
Planning your strategy for handling a crisis should start with identifying internal human resources that have the talent and expertise to hammer out the details of a plan. Keep in mind, this team should not simply be a coalition of IT experts. While they are invaluable to this process, you need to also consider internal staff familiar with the administrative and clinical sides to your operations. Clinical staff can lend their know-how to target vulnerable patients and determine what records are most critical in an emergency. Meanwhile, administrative team members can tell you exactly what patient data is most sensitive and also what information is most important to ensuring services to patients are not compromised.
Once a team is in place, the next steps will obviously need to be developing a strategy for when the worst happens. This strategy can be simple or elaborate, but it needs to start somewhere and start soon. Next time, learn more about some resources on what should be included in this plan and more because shouldn’t your motto in life be…
“Hoping for the best, prepared for the worst, and unsurprised by anything in between.”
(quoted from “I Know Why the Caged Bird Sings” by Maya Angelo)