By Rob Drewniak
As healthcare’s reliance on technology increases, so does the need to ensure that critical systems and processes can be recovered quickly after operational interruption and/or disaster. As a result, Business Continuity Planning (BCP) is becoming a priority.
This is not just an IT issue; organizational executives, from CEOs and CIOs to risk management, compliance officers and security officers are becoming more aware of the need to take strategic and proactive actions to protect their organizations. By developing and implementing a comprehensive BCP, the organization can minimize its overall risk of outages, operational down time and loss, resulting in improved patient care reliability and operational stability.
There are various industry terms to describe the effort to mitigate the negative effect of interruptions on operations: Business Resumption Planning, Disaster Recovery Planning, Crisis Management and Business Continuity Planning. Although each is a bit different as outlined below, all require a plan, a process and ongoing training to be effective.
A Business Resumption Plan typically describes how to resume operations after a disruption or critical event. A Disaster Recovery Plan primarily deals with recovery of information technology and services assets after a disastrous interruption. Both plans imply an outage in critical operations or services and are essentially reactive in nature.
Crisis Management refers to how an organization will deal with the emergency, disaster or catastrophe during the event. The focus at this stage is to carry on through the crisis, and to mitigate its effects during it.
Recently, there has been a move from Business Resumption Planning to Business Continuity Planning, acknowledging that in the healthcare environment, it’s not sufficient to resume critical services; they must be provided continuously. While Disaster Recovery and Crisis Management focus on rebuilding or alleviating the effects of a disaster, emergency or catastrophe; Business Continuity Planning focuses on sustaining the delivery of services for ongoing operations. If your healthcare organization has a well structured BCP, it can continue to provide mission-critical services, regardless of the nature of the interruption.
The Business Continuity Plan
A Business Continuity Plan is a collection of policies, procedures, protocols and information that is developed and maintained for use in the event of a business interruption. The BCP outlines the steps the organization will be required to take to quickly carry on business and operations. The BCP should clearly describe the enabling processes required for operations, safety and workflow. The benefits of the BCP are far reaching; from patient safety, compliance, risk avoidance, to employee and patient confidence.
The basic elements of a well-planned BCP include a set of practical and realistic steps that begin with the identification of mission-critical systems and processes, and are followed by the actions needed to effectively continue the operations from an interruption or disaster to normal operations.
The BCP’s focus shouldn’t solely focus on steps to take if the whole organization is affected. Most interruptions are isolated to specific areas – geographies, departments, facilities, etc. Plans need to be developed and maintained for the huge variety of interruptions that may occur.
Lastly, the BCP involves more than restoring information technology. It is a plan for operational continuity and should ensure that all critical operations are maintained when faced by an interruption.
Download white paper: How to Develop a BCP/Disaster Plan