Home » News » Currently Reading:

Practice Wise 6/15/11

June 14, 2011 News 3 Comments

What if …?

I don’t like the term disaster recovery. When I try to discuss this with customers or in presentations to practice management groups, nobody likes to think of a disaster striking where they live and work. So they don’t do the work they need to do to prepare a Disaster Recovery plan as part of a Business Continuity Plan.

In light of the past months of natural disasters both near and far, this topic is at the top of mind for many.

A disaster recovery plan is an instrument that documents the actions to be taken before, during, and after a disaster. A disaster is any event that interrupts your routine business operations. The primary objective of disaster recovery planning is to protect the organization in the event that all or parts of its operations and/or computer services are rendered unusable. Good planning should minimize the disruption of operations and ensure some level of organizational stability and an orderly recovery after a disaster.

A well-executed Disaster Recovery Plan should:

  • Provide a sense of security
  • Minimize risk of delays
  • Guarantee the reliability of standby systems
  • Provide a standard for testing the plan
  • Minimize decision-making during a disaster

Last month I was struck by an image on the news. A few medical practice staff (identified by their cheery scrubs) sifting through the wreckage of their clinic in Joplin, MO, pulling out paper charts and handing them off in an assembly line. I know of another clinic in Joplin who is on EHR that is hosted by an ASP. The doctors were able to fire up their laptops from home and contact all their patients letting them know that the clinic was out of commission and give them instructions for their immediate needs.

This is the most extreme form of disaster, and even the best disaster recovery plans can be thwarted in the face of an act of God. If you have one, it is a step towards restoring normalcy. I was struck that the medical staff were wearing their scrubs, their need to retain a sense of normalcy.

There are daily smaller events that interrupt business continuity. When these smaller events disrupt production, they frustrate staff and patients alike. I prefer to help practices write their “What if ___?” plans. It’s easier to imagine the small business disruptions and build on those for a more comprehensive disaster recovery plan as part of your business continuity plan.

For instance, a practice I was at this week had printer issues on a global level, as if the printer gods were conspiring against them. Nobody could print to any of the four printers in this one doc office, for all different reasons. They didn’t have a “what if” the printers don’t work plan.

Everyone was in a panic. Front desk couldn’t print patient forms that required signatures. Back office couldn’t print prescriptions, chart notes, or lab requisitions. They were taking their angst out on each other. Nobody could see through the “disaster” and find a working solution.

How do we help practices write these plans? It can seem a daunting task when you think about the global issues all at once. I recommend taking a less global, high tech approach and take it back to basics:

  1. Create a What If _______, how will I_____? document and distribute it to each person in the practice
  2. Have them fill in the blanks for each task that they do for a period of a few days or a week so that all their tasks are adequately captured. It’s important to capture as many tasks as possible, no matter how small, because when the process is broken, the smallest task can become a big issue.
  3. Have your internal and/or external IT support people do the same.
  4. Have your software vendors do the same.
  5. Have your other outside vendors and partners do the same (e.g., your bank — if you scan checks to deposit and the deposit scanner or Web site is down, will they send a courier to pick up your deposit?)
  6. The compliance officer (sure we know, all small practices have someone with this title!) or the person who is responsible (practice administrator/manager) for daily operations should compile these documents into a comprehensive business continuity plan. For some, this might be, filing them in a binder and calling it a plan. For others, it will be much more comprehensive. There are many excellent websites that offer free disaster recovery and business continuity plan models.
  7. DISTRIBUTE the plan! Make sure everyone in the practice has a copy and an electronic copy is stored somewhere off site that you can access if your practice is down. There’s no point in creating the plan if everyone in the practice does not have immediate access to it.
  8. TEST the plan. There’s no point in going to all this effort if you don’t know if the plan will work in the face of a disaster. There’s a reason we had all those fire drills when we were in school!

My husband was on the aircraft carrier Nimitz somewhere out in the vast ocean when there was a deck fire. Now when you are out in the ocean, too far away for anyone to come to your aid, and the planes on deck are on fire and blowing up, you have a life and death disaster at hand. He was asleep when the alarms sounded and said he was dressed and up on deck manning his station before he even knew he was awake.

They had prepared for this type of event over and over again, and groaned and grumbled all the time about the hassle of the training drills. But as they were pushing jets off the deck and fighting fires, he realized that all that their continuous training made their reactions in this crisis automatic, and saved the ship and the many lives aboard.

Hopefully none of us will ever face this type of life and death disaster. The point here is to not make this so daunting a task that you avoid it at all costs. Disruptions small and large are just that – disruptions. They can be not just events that cause anxiety, but also a liability for the practice. We can use all kinds of fancy buzzwords and language around the development of a comprehensive plan, but why not keep is stupid simple (KISS) and get the job done?

Don’t wait for a natural disaster or a Zombie apocalypse to think about disaster recovery and business continuity planning. Every day presents us with what if scenarios that we can easily plan for in advance. Start your What if ___? plan now!

Julie McGovern is CEO of Practice Wise, LLC.

Comments 3
  • So true – I’ve worked with physicians who don’t want to spend the time/money for their staff to practice for this. I ask them about experiences where they’ve had to “code” a patient and whether it would have even been possible without training or practice. This puts it in terms they understand and often makes the necessity of practice/drills more real. It may not be Advanced Cardiac Life Support but it’s certainly Advanced Practice Life Support.

  • One criteria for Meaningful Use is to perform and respond to an IT Risk Analysis. The Risk Analysis must conform with the NIST 164.308 rules. Part of the process is to evaluate the Disaster Recovery Plan to ensure that it has information, resources, systems, vendor support, regulations, procedures, and return-to-service plans to protect infrastructure on-site and off. The IT Dept needs to have a formal, documented emergency mode operations plan, as well as regular workforce training, and a designated emergency team to invoke the emergency plan if needed.

  • Well stated Julie. We too have seen the challenges of getting healthcare practicioners to prioritize the time needed for BC and IT-DR. I have a couple of comments for your readers:

    1. We avoid the term ‘disaster’ when we discuss healthcare continuity, recovery planning, etc. The problem with focusing on disasters is that it makes it seem as though these plans are for those (hopefully) rare events when real disasters occur. Certainly, The Joint Commission and CMS exacerbate this ith the laungauge in their standards. We use the term ‘disruption’ as this is a broader category of event that includes disasters but more importantly includes those almost every day occurences of IT outages, vendor delays, etc. In the healthcare setting, there is a limited number of known dependencies around which clinical, clinical support and business processes cannot function without: people, workplace (incl working remote), IT applications, communications services, infrastructure services (med gas, med vacuum, elevators, etc), supply chain, interdepartmental workflow.

    2. In our experience, while hospital management will complain at the start of a BC program that they do not have time for this, once they understand that the work is manageable, the effort is focused, the objective is to minimize impact to their daily routine, the tools facilitate planning and updates, and a few other tenets we focus on – they get it. We have had great success obtaining close to 95% or better participation in building and, more importantly, sustaining BC planning across healthcare systems.

Leave a comment



This site uses Akismet to reduce spam. Learn how your comment data is processed.

Platinum Sponsors




Gold Sponsors


Subscribe to Updates

Search All HIStalk Sites

Recent Comments

  1. Re: Walmart Health: Just had a great dental visit this morning, which was preceded by helpful reminders from Epic, and…

  2. NextGen announcement on Rusty makes me wonder why he was asked to leave abruptly. Knowing him, I can think of…

  3. "New Haven, CT-based medical billing and patient communications startup Inbox Health..." What you're literally saying here is that the firm…

  4. RE: Josephine County Public Health department in Oregon administer COVID-19 vaccines to fellow stranded motorists. "Hey, you guys over there…

  5. United is regularly referred to as "The Evil Empire" in the independent pediatric space (where I live). They are the…