The Importance of BCDR in Healthcare’s Digital Transformation
To stay current, BCDR plans should not be treated as one-and-done projects; they need to evolve and adapt. “Static BCDR plans are not sufficient. Organizations need to continue to iterate their BCDR plans,” Doyle says.
Organizations also must identify the responsibilities and procedures for incidents affecting different environments, whether on-premises, cloud or hybrid. While organizations have responsibility for their on-premises systems, cloud providers can offer greater resiliency. For example, Pennsylvania-based Jefferson Health migrated its on-premises electronic health records to Microsoft Azure, in part to mitigate risk, citing the cloud solution’s BCDR advantages.
Creating Robust BCDR Plans for HealthcareHealthcare organizations must proactively create their BCDR plans before a disaster hits. That starts with a business impact analysis that identifies the most critical business functions and their potential vulnerabilities, as well as the impacts of downtime.
A business continuity plan should specify which procedures would enable the business to continue to function during downtime — even at reduced capacity — until systems are brought back up. This might involve temporarily switching to manual processes or alternative systems.
It’s not technologically or financially feasible to bring all systems back up at once. That’s why, as part of its disaster recovery plan, an organization should determine which systems are most critical and have to be recovered first. “It’s superimportant to understand the prioritization of systems during the recovery,” Doyle says.
As part of the disaster recovery plan, a business must determine both its recovery point objective (how much data loss it can tolerate) and its recovery time objective (how long it can wait before fully restoring operations).
READ MORE: What is cyber resilience, and how should healthcare organizations approach it?
In addition, organizations must ensure any disrupted systems were not compromised during downtime. That’s vital when an organization uses its own data to train artificial intelligence tools. An incident could lead to data poisoning, compromising the data used to train AI models. “As organizations adopt more modern technologies like AI, BCDR ensures those innovations are resilient, secure and always available,” Doyle says.
With any BCDR plan, training and testing are not optional. Staff should be trained on what to do in the event of a disruption; whether, for instance, they use paper or an alternative system during downtime.
And as more organizations add new systems and tools, testing and modernization should go hand in hand. “Rigorous testing should be done during the development of a solution, not after the solution is developed,” Doyle says.
“We’re at an inflection point,” he adds. “More and more organizations are using modern technology. As they adopt these solutions and services, they need BCDR as part of that process.”
healthtechmagazine
