Disaster recovery is the processes used to protect business assets and business continuity in the case of an unexpected event that has, or has the potential to cause, an interruption in service. Plans for disaster recovery include business plans to resume full operations and also plans to keep the business functioning in the interim. Protecting the ability to access computerized data during and after a disaster is a core component of disaster recovery. In a health care environment the access to computerized records is often required for core tasks such as care of inpatients, care of outpatients, provider and patient access to records, billing, payroll and administrative activities.
Planning for disaster recovery starts with reviewing the organization's portfolio of applications and determining which are critical for business continuity and resumption, and determining a reasonable time frame for recovery. For example, the organization may have a goal to restore access to the EHR within six hours, restore billing and payroll within six days, and restore less used reporting systems within six months.
Organizations should consider their plans for a varieties of scenarios, ranging from the loss of a single server room to widespread natural disasters. Identification of required hardware, systems software and applications software and necessary ancillary services, such as temporary office space, can be a large project in and of itself.
In the wake of hurricane Katrina, in addition to issues with providing clinical care in a disaster zone, there is a significant issue with access to medical records for people within and without the disaster zone. Despite any issues with restoring access to computerized records, EHRs have advantages in this area over paper records. Unlike paper, destruction of the original does not lose the data and information is not geographically restricted, so evacuees can use their records to help with continuity of care.
Companies faced with losses in The World Trade Center provide examples of successful recovery from disaster.
There are a number of components to a successful disaster recovery strategy.
H Garcia-Molina, CA Polyzois Issues in disaster recovery Compcon Spring'90.'Intellectual Leverage'. Digest of Papers Page 1 CH2843 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=63741
Halamka JD, Szolovits P, Rind D, Safran C. A WWW implementation of national recommendations for protecting electronic health information. J Am Med Inform Assoc. 1997 Nov-Dec;4(6):458-64. http://www.pubmedcentral.gov/articlerender.fcgi?tool=pubmed&pubmedid=9391933
Columbia University Mailman School of Public Health. “On the Edge: Children and Families Displaced by Hurricanes Katrina and Rita Face a Looming Medical and Mental Health Crisis” April 17, 2006 http://www.ncdp.mailman.columbia.edu/files/marshall_plan.pdf
Morrissey J. A Day in the Life of a Medical Record: Lifting the veil on the security of today’s paper-based environment. The National Alliance for Health Information Technology http://www.nahit.org/dl/A_Day_in_the_Life.pdf (Accessed June, 2006)
Scalet SD. “Staying Power.” CIO Magazine. Sep. 1, 2002 http://www.cio.com/archive/090102/staying.html