Search Site

 Advanced search
 

Journal Entries

 

Stay Informed

Sign Up Today to stay informed about HINZ events and relevant health informatics news!

*

 

 

Latest News

read more news

 

Upcoming Events

Other health informatics events...
 
 

Supporting Partners for 2012

Major Sponsors

 

 

 

 

 

 


 

 

Supporting Partners

 

 

 

 

 

 

 

 

 

 

 
 

International Events 2012

 

 

 

Business Continuity Planning in the New Zealand Public Health Sector

Sunday, July 1st, 2007
Karolyn Kerr, PhD Information Systems, MHSc, PGDip HEIN, RGON

Manager, Information & Analysis, Central Technical Advisory Services

Wellington

New Zealand

Abstract
This paper reviews business continuity planning processes for the management of a significant outage of technology in a health care environment resulting in the unavailability of critical business systems. Regardless of the cause or likelihood, complete or "all out" network failure within a large health care organisation would have significant impacts on patient safety and the ability of the organisation to deliver services. Staff throughout the health sector need to understand the implications of such failure and prepare for them, as part of their disaster planning and preparedness strategies.

Background
The increasing reliance on electronic information collection, storage and retrieval in the New Zealand health sector means that it is now imperative that plans are in place to ensure business continuity should these systems fail.[1] In particular for the health care environment, any threat to the security of information, including its confidentiality, integrity and availability, requires careful mitigation planning.

Larger hospitals in New Zealand are moving towards almost entirely paperless systems. The impact of no access to electronic information increases as time passes since the implementation of paperless systems. This is because staff forget, or never had to learn, how to manually process and manage patients in their areas. The impact of the inability to treat patients due to equipment failure is also increasing with already long waiting times for radiotherapy treatment, for example. Access to patient demographics and personal details may be difficult. In an electronic environment, all this information is digital and in an outage is not available making the start point for the manual processing of individuals even more problematic.

The literature related to business continuity planning (BCP) notes the increasing importance of BCP and the growing concern of many organisations internationally that is leading to the development of plans for the mitigation of technology failure being developed.[1] Despite this, around 47 percent of organisations in the US have no BCP whatsoever, and of those that do, few have completed a comprehensive plan including a business impact analysis and training and the testing of plans.[1] At present, there is no direction, leadership or policy from the New Zealand Ministry of Health related to BCP.

Further, many articles note the increasing use of information technology to assist in disaster management, particularly for the dissemination of information and to facilitate co operation between disparate disaster management sites.[2-5] In planning for disaster management, it is essential to consider that information technology may also be affected, particularly where there is infrastructure damage and network cables have been damaged.

Possible Areas of Threat
Understanding the common internal and external causes of technology interruptions assists an organisation to plan for outages and mitigate them appropriately. One of the most significant areas of concern is human error as it is difficult to predict and prevent all possible sources, and appears to be one of the most common causes of outages.[6] The next most common is application failure. Intentional disruption to a network is also possible, bringing the potential for information security threats such as the introduction of a computer virus or worm into the system. This could be either from an external source to the network or internally through employee misconduct.

A power outage is also a possible event, with the risk relatively easily mitigated through the provision of a back-up emergency power supply, commonly part of the infrastructure of the health care environment.

Service provider failures are also possible, therefore health care organisations should ensure all service providers have in place their own risk mitigation strategies. Natural disasters may damage technology infrastructure. In such a situation, damage to all infrastructures is likely and repairs may be delayed due to other priorities. Terrorism and bioterrorism are other potential causes, for example the release of toxic gases close to where the business systems are located. Ideally, in this case, the business would have the ability to manage core systems remotely.

Scope and Context of Business Continuity Plans
A comprehensive approach to BCP seeks to mitigate all major interruptions of business systems[1] and to ensure a level of capability remains within the affected organisation during and following disruption to core business systems. Contingency plans generally relate to a planned event, while BCPs relate to services and assets that are already operational.[7] Disaster recovery planning is a subset of business continuity and focuses on extreme examples of business interruption (disasters). The BCP should approach the issue from the patients’ perspective, considering the impact on patient care and safety. BCPs for health care organisations include the specialised equipment required to diagnose and treat patients, for example, radiotherapy equipments and scanners.

At a minimum, a BCP must have:

  • A budget that is formalised and approved by senior management.
  • Formal disaster declaration authorities which will be responsible for activating the BCP when required.
  • An incident management system within the organisation to manage BCP processes once activated.
  • A regularly reviewed BCP that is benchmarked against industry regulations, where present, and other organisations’ processes.[8]
There is no one standard format for a BCP, therefore each organisation needs to assess their own requirements. The scope of a BCP is generally poorly defined with little proper benchmarking, with only 32 percent of British companies in one survey having had their BCPs externally evaluated or benchmarked.[6] However, the literature does provide some guidance to common inclusions. The types of systems that are likely to be impacted by an outage and the impact of that system being down needs to be considered in the plan. For example, a patient management system outage could mean access to admission and discharge templates and information is prevented, meaning manual workarounds are required and/or the regular back up of data to non electronic storage may be appropriate.

The steps in the process to develop and implement a BCP commonly noted as required are:

1. Business impact analysis
2. Business continuity plan development
3. Training and testing of the plan

Each of these steps is outlined below.


1. Business Impact Analysis
A business impact analysis provides the supporting evidence for where priorities for plans and preparation lie. Criteria must be developed by which to identify the critical functions the organisation must perform to continue to deliver services. The risks to these critical functions must be identified and then rated according to the likelihood of them occurring and their level of impact. The analysis must look at ways of avoiding, mitigating or absorbing the risks. In the case of health care organisations, analysis would include the clinical and administrative impacts. In the longer term, the financial impact might also need to be understood.

It is crucial to understand what core information is required to treat patients in each area and what core clinical services would be required. These are priority services which people would be required to get up and running immediately. It is essential to know what core skills would be required to do this, and what core roles would be required to activate, manage and recover from an outage. The impact of the length of the outage, as well as the impact of the time of day of the outage need to be understood and would add to the planners’ understanding of the priorities for recovery. A further factor would be the interdependencies between systems.[9]

Planners need to grasp what biomedical equipment utilises the organisation’s networks and could, therefore, become unusable in a network outage. Also which equipment holds patient identifiable information, in case of potential security breaches. Therefore, a careful inventory of all business systems is necessary.


2. Business Continuity Plan Development
The development of a BCP should be based on the business impact analysis. BCP planning can be a complicated process due to the size and complexity of health care organisations. Automated BCP software is available to assist with the development and maintenance of plans and might be useful to organisations that have limited resources to dedicate to BCP. Existing plans could be utilised in some areas of response, such as those developed for Y2K, pandemic planning, disaster planning and disaster recovery plans, and should be referred to and aligned within the BCP.

Ideally, BCP planning and implementation should be identified and integrated at all phases of the Systems Development Lifecycle,[9] rather than just in the maintenance phase. For example, when very high system availability is identified as required during the requirements phase, this may indicate that real-time mirroring at an alternative site should be built into the system design and operational costs.[9]

The key tasks in BCP development are:

  • Reduction (of risk);
  • Readiness;
  • Response; and
  • Recovery.
Each of the key tasks is examined in more detail below.


Reduction
Reduction of risk can be managed once the business impact assessment is completed and is supported through readiness actions, such as having staff already trained in what is required to manage an incident. Risk reduction could include ensuring staff have an understanding of the workarounds required, such as paper-based templates for recording information when systems are down, and the actions that would be required to support such workarounds. This could include providing tools such as manual admission and discharge packs, to ensure consistent processes are used throughout the organisation and that vital information is still collected and available with the patient as they move through the organisation.

Readiness
Readiness in the BCP pertains to plans that could be put in place and actions that could be undertaken in preparation for an outage. Plans could include the management and co-ordination requirements throughout an outage. An appropriate team of core people need to be aware of their roles during an outage and must be able to be brought together when the BCP is activated. This can often be those already designated as part of the emergency management team, but should also include the CIO or equivalent if this person is not already in the emergency management team. Plans must allow for the fact that all senior staff need to, at least, be informed of an outage regardless of any role they may have on the emergency management team.

Response
The BCP should include the plan for the initial response to an outage, including an assessment of the outage’s impact. Is BCP activation required? These criteria should be defined in plans so all staff members are clear as to what constitutes an outage of significant enough impact to require BCP activation. This assessment would be continuous. Once activated, a pre-planned response cascade of informing the emergency team will bring together those required to manage the situation. The current risk status should be reported back to the emergency management team at regular intervals. As with any emergency management process, there should be one central control centre and clear guidelines to assist with understanding roles within the emergency management team and key decision-making.

Careful consideration of the organisation’s communication requirements during an outage is needed, keeping in mind that nearly all telecommunications systems rely on networks. Consider this – your PABX now runs on the network and the emergency notification process (for example, cardiac arrest, fire, security alert) invariably utilises telecommunications. Your organisation probably already has back-up for PABX outages – but would this back-up still work in the case of a network outage? Is the emergency co-ordinating team aware of the impact of a network outage, as well as the telecommunications operators? Previous experience in New Zealand has found that when landline phone communication was down in a major city, many people switched to using cellphones. This in turn quickly overloaded the capacity of the cellphone companies’ networks, rendering them unusable. Paging systems are also unlikely to work; therefore, CB radios are most likely to be the only communications tool available. Media communication is also required so that the public can be kept aware of the situation and can be directed to other health care facilities if possible. Relatives of patients already in hospital might also require information, as might relevant external agencies such as neighbouring health care facilities.

Plans should be in place to ensure communications equipment is distributed as required and human "runners" can be utilised to distribute information. Pre-planned workarounds should be enacted, mostly those requiring manual processing of patients treatment plans, patients’ movements around the hospital and the discontinuation of non-essential services, depending on the impact to such services.

Recovery
A considerable amount of information collection and dissemination could be lost during a network outage. This information would still be required for the ongoing management of patients and the organisation. Consider the impact on income if data used for claiming patient subsidies from central government were never inputted. Those patients who missed appointments and scheduled treatments would need rescheduling and this could take considerable administrative time. Planning should take into account the impact of recovery requirements such as extra, temporary staff; or overtime might be needed to assist the organisation’s functioning to recover in an appropriate time frame. Recovery time is highly dependent on the length of time of the outage.


3. Testing and Validation
When testing the plan, consider:

  • Is the plan achievable?
  • Is there a clearly defined starting point for the plan, i.e., activation?
  • Does the plan address the situation in a timely, cost-effective, consistent way?[7]
An evaluation of the BCP process is required following an outage. It is unlikely that any BCP will manage to cover all eventualities and such experience is valuable in the preparation for any future crisis. Ongoing maintenance and review of the plan is required to ensure its applicability to changing systems and processes.


Training
It is then paramount that all staff are made aware that such a plan exists, where it is kept, what their role is during and immediately following an outage. Merely making staff aware of what the impact could be will increase staff ability to function through appropriate workarounds. Staff may not realise that in the case of a significant outage, they wouldn’t have access to patient appointment schedules, drug dispensing may be interrupted, and radiology views and reports as well as laboratory results would be inaccessible.


Roles and Responsibilities
At present, many Information Services (IS) departments are seen to be responsible for BCP, at least for the co-ordination of their development. It is unlikely that the IS department of a large hospital is able to identify all critical business functions. Senior health care providers from all disciplines are required to provide the analysis of criticality and appropriate (feasible) workarounds and for the maintenance of such plans. Senior executive staff are necessary to support the development and implementation of the BCP to ensure adequate ongoing funding is provided.[1,7]


An Approach to BCP Development in a New Zealand Health Care Organisation
Several health care organisations in New Zealand now recognise the need for a BCP and have developed and implemented comprehensive plans. One approach to the development of such a plan was initiated by the Chief Executive Officer of a large health care organisation, who engaged senior business managers across the organisation in a BCP process and made them ultimately responsible for the development, implementation and maintenance of BCPs for the various service delivery areas. The group already met regularly and had understanding and responsibility for existing disaster management plans.

Once members of the group had reached an understanding of the high level requirements of the plan, each service area was required to develop plans that aligned with the organisation’s overall approach and existing plans. Senior clinical staff were supported through the process with templates, guidelines and structured interviews to elicit the core requirements for ongoing clinical care delivery. Facility support areas. such as the central sterilisation unit and the kitchen, were also assisted to develop plans for essential services.

The net effect of the project was a high-level, planned approach to managing business continuity, with more detailed local plans for service delivery and support areas. Responsibility for maintenance of the plans was given to senior business managers. Increased awareness across the organisation of the impact of a technology outage was significant. New staff became aware that they had never learnt how to manage core processes manually prior to the introduction of paperless systems. Longer term staff realised the tools required to do so were no longer in existence.

Examples of mitigation steps developed included:

  • Back-up paper forms developed to assist staff to collect the appropriate information from patients.
  • Back-up of business systems’ data to local drives in support areas where possible and confirmation that there was sufficient capacity for this, ie., radiology systems contained sufficient memory to store essential radiotherapy measurements for patients that could be backed up overnight. The central sterilisation department could back up records of instruments sterilised and "recipes" for surgeon’s tray preferences.
  • Step-by-step cards were developed and are now held in service and support areas to guide those in charge of them through the planned management and workaround processes should an outage occur.
  • Changes were made to the emergency response team’s communications plan to ensure it would be possible to treat cardiac arrests during a network outage.


Conclusion
BCP needs to become commonplace throughout the health sector as awareness of organisational vulnerability in technology emergencies increases and the shift to almost entirely paperless systems continues. A comprehensive BCP is required in health care organisations, given the critical nature of many of their business systems and the risk to patient care delivery. The development of such plans can be complex and time consuming, with subsequent possible mitigation strategies requiring considering financial support.

At present, there are no standard benchmarks in New Zealand for the development of BCPs, but there is consistency enough within the international literature to guide plan developers towards an appropriate plan for their organisation.

 

References

  1. Cerullo V, Cerullo MJ. Business Continuity Planning: A Comprehensive Approach. Information Systems Management Journal, Summer 2004. Available via the Internet [subscribers only] from http://www.auerbach-publications.com//ejournals/articles/article.asp?id=82480. Accessed 11 May 2007.
  2. Leitl E. Information technology issues during and after Katrina and usefulness of the Internet: how we mobilised and utilised digital communication systems. Critical Care 2006; 10(1):110.
  3. Mathew D. Information technology and public health management of disasters – a model for South Asian countries. Prehospital & Disaster Medicine 2005; 20(1):54-60.
  4. Arnold JL, Levine BN, Manmathma R, Lee F, Shenoy P, et al. Information sharing in out-of-hospital disaster response: the future role of information technology. Prehospital & Disaster Medicine 2004; 19(3): 201-7.
  5. Chan TC, Killeen J, Griswold W, Lenert L. Information technology and emergency medical care during disasters. Academic Emergency Medicine 2004; 11(11): 1229-36.
  6. Maximum Availability. Business Continuity: HA/DR Issues and Drivers. An Overview. Available from www.maximumavailability.com. Accessed 11 May 2007
  7. Rittinghouse JW, Ransome JF. Contingency and Continuity Planning of Business Continuity and Disaster Recovery for InfoSec Managers. Elsevier; 2005. Digital Press; 2006. Available from http://searchsecurity.techtarget.com/searchSecurity/downloads/Rittinghouse_Chap1.pdf. Accessed 11 May 2007.
  8. Grillo A. Information Systems Auditing of Business Continuity Plans. UpGrade, December 2003; IV (6):12–16. Available from http://www.upgrade-cepis.org/issues/2003/6/up4-6Grillo.pdf . Accessed 11 May 2007
  9. Federal Financial Institutions Examination Council. Business Continuity Planning, IT Examination Handbook. 2003. Available from http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bus_continuity_plan.pdf  

Back