This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
all times and take note of conversations with law enforcement and pertinent individuals. Provide clear and frequent updates to your data-breach response team, C-level executives, regula- tors, employees, shareholders, patients and/or customers. Set realistic time expectations about an investigation, as it can often take several weeks.


Laurie Elliott, North America director of premier accounts, SunGard Availability Services


DR: Critical for healthcare Large-scale disasters, such as Hurricane Sandy, can strike any-


where. T is explains why healthcare IT managers are increasing their focus on DR planning. T e risk is too great to ignore. Patients’ lives can depend on systems being up and running.


Refl ecting this, federal HIPAA regulations require healthcare orga- nizations to maintain up-to-date DR plans for most situations. T e plans must detail how the provider will protect and restore access to electronic data during and after unforeseen circumstances. It’s also vital that such plans include how to recover from disruption of a provider’s health information system. Much DR planning comes before an adversity. A healthcare or-


ganization’s information should be at a remote and secure location. T e organization should determine the best method to transport data to the remote site. It should consider security factors such as data encryption as well as recovery time factors including data transport technology (e.g., tape, disk-based backup and replication). People, processes and programs also must be refl ected. IT staff with the expertise to develop and execute recovery procedures and plans must have the resources to scale with the healthcare provider. It also must have remote locations available to recover systems outside the danger zone. DR is an ongoing process in IT. Because of the staff and expertise


required for such a program, most healthcare providers rely on third- party-managed hosting providers to facilitate and execute the need. T eir goal isn’t just to develop a recovery plan and procedure. It’s to employ a change program that, through regular testing, delivers process improvement to make DR more cost eff ective. Make sure the right DR solution is in place. T en, when the next unexpected outage occurs – and it will – patients won’t be put at risk.


DR as a service (DRaaS) allows healthcare organizations of all sizes – from a large hospital network to a small private practice – to fi nd viable and aff ordable recovery options. DRaaS is a scalable solu- tion that grows with the needs of an organization, and it is easily customized to meet the highly regulated compliance requirements that come with sensitive EHR data and HIPAA privacy laws. Storing data in the cloud relieves IT or other personnel of the


burden of physically transporting backups, which begins the DR process by manually rebuilding servers and loading back-up fi les. Instead, the data and applications are stored and mirrored off site, and server recovery is managed by the DRaaS service provider. Because of the cloud’s effi ciency, a hospital or other healthcare facility is able to recover data in a matter of a few hours, not days. DRaaS allows healthcare providers to focus on more immediate issues aff ecting day-to-day operations, leaving the safety of their data in the hands of qualifi ed and certifi ed professionals.


Kevin Crowe, IT infrastructure manager, University of Louisville Physicians


Virtualized replication cures DR ills T e University of Louisville (UoL) Physicians group is the largest multi-specialty physician practice in Louisville, Ky., with 78 sub-specialties, 1,500 staff professionals and more than 600 primary care and specialty physicians. UoL Physi- cians treats patients throughout Kentucky, southern Indiana and across the region. We rely on a mix of crucial applications, including AllScripts EHRs, GE Healthcare Centricity Business and Impact document imaging. Our data center houses more than 36 TB of data. Keeping these applications running in our heavily virtual-


ized environment is critical. An application or system outage means that our doctors, nurses and other healthcare profession- als may not be able to provide care for patients. With patient care and core business functions on the line, our DR technology must be robust and reliable. We tried two well-known, top-tier replication solutions, but neither provided the performance or ease of manageability we require for our environment. Instead of looking for DR software that replicated storage,


Jaclyn Mispagel, Windstream


DRaaS: A viable option for organizations of all sizes As the healthcare industry continues to adopt EHRs, the


importance of having a proper DR plan in place has increased dramatically. A DR plan is essential in protecting critical data and ensuring business continuity for any business, but especially for healthcare organizations. In the past, hosted redundancy and recovery services were often reserved strictly for enterprise organizations, but fully managed


www.healthmgttech.com


we implemented hypervisor-based Zerto Virtual Replication. By replicating our 100+ virtual machines rather than storage volumes, we are protecting our mission-critical applications, instead of just pure data. We now experience an RPO (recovery point objective) of four to six seconds and an RTO (recovery time objective) of less than fi ve minutes, which minimizes the impact to our operations in case of an outage or data loss. Implementing replication at the hypervisor level was defi - nitely a new approach for us. Traditional replication occurs in the storage infrastructure, but now our DR is part of our virtualization strategy.


HMT


HEALTH MANAGEMENT TECHNOLOGY


May 2013


11


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28