all times and take note of conversations with law enforcement and pertinent individuals. Provide clear and frequent updates to your data-breach response team, C-level executives, regula- tors, employees, shareholders, patients and/or customers. Set realistic time expectations about an investigation, as it can often take several weeks.
Laurie Elliott, North America director of premier accounts, SunGard Availability Services
DR: Critical for healthcare Large-scale disasters, such as Hurricane Sandy, can strike any-
where. T is explains why healthcare IT managers are increasing their focus on DR planning. T e risk is too great to ignore. Patients’ lives can depend on systems being up and running.
Refl ecting this, federal HIPAA regulations require healthcare orga- nizations to maintain up-to-date DR plans for most situations. T e plans must detail how the provider will protect and restore access to electronic data during and after unforeseen circumstances. It’s also vital that such plans include how to recover from disruption of a provider’s health information system. Much DR planning comes before an adversity. A healthcare or-
ganization’s information should be at a remote and secure location. T e organization should determine the best method to transport data to the remote site. It should consider security factors such as data encryption as well as recovery time factors including data transport technology (e.g., tape, disk-based backup and replication). People, processes and programs also must be refl ected. IT staff with the expertise to develop and execute recovery procedures and plans must have the resources to scale with the healthcare provider. It also must have remote locations available to recover systems outside the danger zone. DR is an ongoing process in IT. Because of the staff and expertise
required for such a program, most healthcare providers rely on third- party-managed hosting providers to facilitate and execute the need. T eir goal isn’t just to develop a recovery plan and procedure. It’s to employ a change program that, through regular testing, delivers process improvement to make DR more cost eff ective. Make sure the right DR solution is in place. T en, when the next unexpected outage occurs – and it will – patients won’t be put at risk.
DR as a service (DRaaS) allows healthcare organizations of all sizes – from a large hospital network to a small private practice – to fi nd viable and aff ordable recovery options. DRaaS is a scalable solu- tion that grows with the needs of an organization, and it is easily customized to meet the highly regulated compliance requirements that come with sensitive EHR data and HIPAA privacy laws. Storing data in the cloud relieves IT or other personnel of the
burden of physically transporting backups, which begins the DR process by manually rebuilding servers and loading back-up fi les. Instead, the data and applications are stored and mirrored off site, and server recovery is managed by the DRaaS service provider. Because of the cloud’s effi ciency, a hospital or other healthcare facility is able to recover data in a matter of a few hours, not days. DRaaS allows healthcare providers to focus on more immediate issues aff ecting day-to-day operations, leaving the safety of their data in the hands of qualifi ed and certifi ed professionals.
Kevin Crowe, IT infrastructure manager, University of Louisville Physicians
Virtualized replication cures DR ills T e University of Louisville (UoL) Physicians group is the largest multi-specialty physician practice in Louisville, Ky., with 78 sub-specialties, 1,500 staff professionals and more than 600 primary care and specialty physicians. UoL Physi- cians treats patients throughout Kentucky, southern Indiana and across the region. We rely on a mix of crucial applications, including AllScripts EHRs, GE Healthcare Centricity Business and Impact document imaging. Our data center houses more than 36 TB of data. Keeping these applications running in our heavily virtual-
ized environment is critical. An application or system outage means that our doctors, nurses and other healthcare profession- als may not be able to provide care for patients. With patient care and core business functions on the line, our DR technology must be robust and reliable. We tried two well-known, top-tier replication solutions, but neither provided the performance or ease of manageability we require for our environment. Instead of looking for DR software that replicated storage,
Jaclyn Mispagel, Windstream
DRaaS: A viable option for organizations of all sizes As the healthcare industry continues to adopt EHRs, the
importance of having a proper DR plan in place has increased dramatically. A DR plan is essential in protecting critical data and ensuring business continuity for any business, but especially for healthcare organizations. In the past, hosted redundancy and recovery services were often reserved strictly for enterprise organizations, but fully managed
we implemented hypervisor-based Zerto Virtual Replication. By replicating our 100+ virtual machines rather than storage volumes, we are protecting our mission-critical applications, instead of just pure data. We now experience an RPO (recovery point objective) of four to six seconds and an RTO (recovery time objective) of less than fi ve minutes, which minimizes the impact to our operations in case of an outage or data loss. Implementing replication at the hypervisor level was defi - nitely a new approach for us. Traditional replication occurs in the storage infrastructure, but now our DR is part of our virtualization strategy.
HEALTH MANAGEMENT TECHNOLOGY