Search Site

 Advanced search
 

Journal Entries

 

Stay Informed

Sign Up Today to stay informed about HINZ events and relevant health informatics news!

*

 

 

Latest News

read more news

 

Upcoming Events

Other health informatics events...
 
 

Supporting Partners for 2012

Major Sponsors

 

 

 

 

 

 


 

 

Supporting Partners

 

 

 

 

 

 

 

 

 

 

 
 

International Events 2012

 

 

 

Disaster Management Planning in Primary Care in the Greater Auckland Area

Sunday, July 1st, 2007
John Cameron

John Cameron, Medical Executive Officer, ProCare Health, Chairman, ADHB
Primary Care Emergency Response Group

Auckland

New Zealand

Abstract
Disaster preparedness has not been a recognised priority within general practice within New Zealand. Recent threats, such as pandemic influenza and electrical supply outages, have lead to a heightening of attention on this topic within primary care. This report details the response of one of the largest primary care organisations in New Zealand to these potential threats and the remedial actions undertaken.

Introduction
In the words of Monty Python, “Nobody expects the Spanish Inquisition”. Like the random intrusion of Spanish Inquisitors into Monty Python sketches, disasters generally occur without warning and at the most inopportune times. Managing disasters, be they environmental, political or medical, requires planning prior to the disaster to the degree that robust systems are in place to provide at least a framework on which to base a response. In this article, ProCare Health’s pathway to an effective disaster management plan will be discussed along with current risks and difficulties found in disaster planning within primary care as a whole.

ProCare Health Ltd
ProCare Health Ltd is an organisation which provides support and Primary Health Organisation management services to over 500 primary care physicians and their practice teams over a geographical area comprising the greater Auckland area of New Zealand. These general practitioner (GP) led primary care teams care for over 650,000 Aucklanders from Waiuku in the south to Orewa in the north. A significant number of these patients are high-needs patients of Maori or Pacific ethnicity and, in fact, ProCare is the provider of health care services to the largest number Maori and Pacific peoples in New Zealand. Thus ProCare has the duty of being capable of the ongoing provision of service to this population at all times.

Disaster Management and Continuity of Operations
It is fair to say that over the ten years that ProCare has been in existence, very little direct action had been taken in regards to disaster management and the ability to maintain business continuity during, and recovering from, the impact of disasters. ProCare, along with all Aucklanders, has weathered two significant power outages (one prolonged) in the last 10 years, but despite these incidents, little heed had been taken of these events and little action had been taken to review the impact of such events on ProCare’s day-to-day functioning.

A more active approach was required through the recent drive to develop an organised response to a potential novel infectious disease (pandemic influenza). The planning process was assessed during the recent nationwide avian influenza pandemic planning Exercise Cruickshank. [1]

The primary care pandemic planning process, in which ProCare has played a significant role in the Auckland region, required organisations to look beyond their current functioning and provided a scenario against which organisations could test their ability to continue to function during and after a potential influenza pandemic.

Many of ProCare’s initial attempts at formulating a pandemic response were based on scenario analysis, with attempts to define responses arising out of a particular threat (eg, power outage, communication failure, building disruption, etc). It rapidly became obvious that this approach could not result in workable solutions because of the sheer volume of different required responses arising out of consideration of each potential scenario with complex and unworkable mixed responses being the result.

Upon discovering this, ProCare realised that any particular response was dependent on the continuance of the functionality required to maintain the business rather than being dependent upon the nature of the disaster itself. Thus, over the latter part of 2006 and into 2007, ProCare developed an in-house business continuity plan designed to ensure that the organisation could continue to function, albeit on a significantly reduced basis, during any disaster at all.

Developing Critical Function and Critical Personnel Roles
The Board of ProCare Health Ltd specifically tasked a group of senior managers and relevant personnel under the leadership of a contracted experienced disaster manager to identify the key critical processes in each area that were required for a generic disaster situation. This group met monthly over a six-month period reporting back on reviews undertaken within each business team within ProCare.

The key event to emerge from this process was the identification of “critical” processes and, consequently, “critical” personnel required to ensure that the organisation could continue to function.

It was understood that during any potential disaster, many of the current functions of the organisation would cease to have their usual relevance. Reducing functionality in such areas by releasing staff from areas not of a “critical” nature at that particular time would enable the organisation to increase its workforce capability for the maintenance of key functions. For example, a considerable amount of the ProCare workforce is involved in running primary care clinical programmes. These processes entail the development of new programmes, the initiation of new programmes into primary care, the maintenance of such programmes and the accounting processes required to pay for these programmes.

In the analysis of critical functionality during a disaster, it was considered that these programme-related functions would be of such low priority, both within the organisation and also within primary care itself, that the whole programme process could cease for the duration of the disaster. As mentioned above, this would release a significant number of personnel to support critical functions necessary to allow the organisation to carry on throughout the disaster and its aftermath.

Personnel roles that were identified as critical for excellent disaster management included the provision of overall leadership (under the auspices of the Chief Executive Officer and Chief Financial Officer), the provision of hour-by-hour “control”, the maintenance of information technology (IT) functionality and support to all roles required to maintain the responsiveness of the organisation to its providers and their populations.

Maintenance of Core Critical Functions During a Disaster
Each critical functional area was then asked to undertake a risk analysis for their particular sphere of reference to identify processes considered to be mission critical and to develop robust solutions to reduce these potential risks.

Areas of key core functionality deemed critical to the ongoing functionality of an organisation such as ProCare included the ability to provide ongoing primary care leadership, the ability to co-ordinate and manage the primary care workforce in the community, the provision of a communication conduit to and from other health care agencies and the provision of primary care base funding (capitation) to ensure the viability of ongoing primary care services.

As an example, one of the key functions that was deemed critical to ProCare’s business was the maintenance of its communications infrastructure. ProCare, through its in house subsidiary, HomeCare Medial Ltd (HML), provides a 24-hour nurse telephone triage system to patient populations resident not only in the Auckland geographical area but also nationwide. HML also provides the telephone communications portal to ProCare itself. Both of these services were seen as core critical functions. Thus, HML was charged with ensuring that it would be able to maintain its own functionality, regardless of the disaster. Once HML was able to define its mission critical processes it was able to approach the organisation as a whole to develop an organisation-wide solution to the problems that required more than their own resources to resolve (eg, IT support, provision of uninterruptible power, provision of workforce, etc).

Key core functions identified (additional to HML) included finance, leadership, manpower management and IT support. Apart from developing manpower management, all key functionality was designed to be maintained with limited additional infrastructure or cost. The development of a robust manpower management system is still outstanding because of the unresolved scope of such a role and the adequate funding streams to develop this capability.

Hence, inter-departmental planning was required across the organisation. Again, the plans developed from this process were based on functionality rather than the nature of a threat, to ensure that the plans developed were of a sufficiently generic nature allow flexible responses to emergencies.

IT was seen as integral to all response processes because of the depth to which IT is enmeshed in all processes of the business. The maintenance of an in-house IT capability was taken as a base requirement; but the ability to function remotely from the ProCare base site was also seen as an intrinsic component of a disaster management plan. Accordingly, plans were developed which would enable key personnel to maintain their functionality using remote access. This capability was understood to be totally dependant on the availability and ongoing functionality of broadband internet access.

Approaches were made to the leading providers of broadband services. As would be expected, no absolute guarantee of provision of service could be made by these suppliers. However, these providers do see ProCare as an essential service and as such, it was understood, ProCare would be provided with their best available service in any emergency situation.

In addition to reviewing key functionality within the organisation, this activity also revealed gaps in base functionality, especially with regards to communication. As has been revealed by most previous disaster experiences, including Hurricane Katrina in New Orleans, communication capability was a vital, often missing, component of any response to a disaster.

In ProCare’s situation, it was found that its ability to communicate effectively, 24/7/365, with practitioners and their practice teams was based on incomplete and out-of-date data. The organisation’s ability to communicate directly with its providers outside “normal business hours’ was also severely limited by not having up to date home and mobile phone provider contact details. In many cases, contact details for our practitioners were over ten years old and often incomplete. The Board of ProCare recognised this major concern and requested that this situation be remedied. Under their direction, the ProCare in-house IT team, in conjunction with the private IT solution provider Enigma Publishing Ltd, developed an integrated online database tool (On Line Practice Data Base [OPD]).

Funding for this process was provided directly by ProCare as part of the infrastructure funding response to disaster planning. The tool which was developed enables each individual practitioner and practice to adjust full demographic and contact details via a password-protected web page, with the data synchronising with ProCare’s own membership data base. Items such as bank account details for payment are not adjustable via the web page; being present for information only. Other fields, such as change of practice address, are only adjusted through a ProCare internally mediated process, whilst simpler fields such as practitioner contact details automatically synchronise. Although each practitioner is only able to view and change their own data, authorised individuals within each practice are able to view and adjust details on other members of the same practice. No practice/ practitioner is able to view the details of any other practice. ProCare is able to review all the data held.

Thus, during any disaster management scenario, ProCare is able to immediately access full contact details on any of its over 500 GP contractors and over 600 practice nurses and practice administrators on a full 24-hour availability, independent of ProCare’s IT infrastructure function.. In addition to ensuring quality contact details, the OPD is able to be used to poll practices on functional capability on an instantaneous basis, as long as web access is maintained. All ProCare data is backed up daily with copies held off site. The information held on the OPD acts as separate secure off-site data storage location accessible immediately via the web. This places a further layer of information security on the practitioner and practice demographic data base beyond that held at ProCare itself. There is the functional capability of expanding this tool to cover any possible number of individuals or practices both inside and external to New Zealand.

Planning and Maintenance of an Effective Disaster Response

1. Exercise Cruickshank

Nobody expects the Spanish Inquisition!!

ProCare’s Spanish Inquisition occurred with Exercise Cruickshank, the recently held nationwide pandemic influenza preparedness exercise. This gave ProCare the opportunity to trial its own in-house plan regarding the management of such a threat and, in doing so, provided a partial test of its own business continuity plan. Exercise Cruickshank was not directed at primary care and, as such, this enabled ProCare to trial areas of its own response plan in a manner and degree of its own choosing.

2. Barriers to Disaster Management Planning

Perhaps the most important outcome of this exercise, apart from demonstrating areas of remedial work required to in increase our readiness to respond in an emergency, was to once again highlight the necessity for disaster and business continuity planning. The greatest barriers to the provision of a workable disaster management plan are general apathy (“She’ll be right ’cause it will never happen!”) and the lack of ongoing championing of the plan at every level of the organisation. The trite statement that we spend too much time working in our business and not enough working on our business holds true in this regard. Disaster planning is seen as an imposition on many and a distraction to the real job in hand. And disaster planners are too often seen as “Doom Merchants”, constantly reminding others of the risks of their wayward lives, very much like those wearing sackcloth and ashes and foretelling the demise of Rome!

Engendering the “What if” culture in all processes within the organisation is a continuing difficulty, but, with ongoing business management refinements and the embedding of robust processes in all business systems, the future is looking rosier.

The bench mark of the effectiveness of the processes that have been developed can only be assessed by testing them against a scenario. Although this was partially achieved through Exercise Cruickshank, there is a major need for a full primary care testing exercise. The true capability of our nationwide health resource lies in the skill and capability of our community based practice teams and although it reassuring to know that the hospitals may keep functioning, it is less reassuring to realise we have an untested primary care disaster response.


Wider View of Business Continuity in Primary Care as a Whole

The Crucial Role of Data Security and Access in Business Continuity
Business continuity planning at the GP practice level is currently weak to non-existent and, where it does exist, it is rather haphazard and lacks a high quality framework to follow. There is awareness of the need for data security within primary care and at least this aspect of business continuity has been addressed by most GP practices. All practices are heavily dependent on their own IT arrangements. Ongoing horror stories of hard disk failures and either non-existent back-ups or back-ups that fail to have any useful data are of sufficient prevalence to cause occasional ructions within primary care. It would be true to say that all practices are aware of the need to have robust data back-up capabilities and that most, if not all, undertake regular and systematic data back-ups.

Practices use a range of validated data security processes such as slave drives, weekly DVD burns, USB / Tape back up drives, etc, but often the key function of a trial of practice data restoration is not undertaken. Thus, many practices have been stung by a hard drive crash only to find that what they considered to be readable back-up data contains one email and a photo of the children! In general, however, total loss of all historical data rarely occurs although it is common with hard drive failures that there will be some degree of data loss. The ramifications of this, along with any potential legal responsibilities, are yet to be explored. However, it is hoped that through the rigorous back-up procedures at practice level this risk would be minimised if not removed.

Data security and reliability at the organisational level (eg, PHO/ IPA) is in general more rigorous and structured with limited risk of information loss or corruption. There have been moves to work towards significant centralisation of data. It is yet to be seen if this avenue holds more or less security then the current practice of dispersed but less robust holding of such data. If the data is held centrally, a central failure is catastrophic, whereas a failure of one disseminated portion of the data leaves the whole of the data less at risk.

The security of data is maintained at all levels. Primary care physicians understand that patient data is highly sensitive and highly confidential. The storage and transmission of such data in general is maintained under strict privacy requirements (from both legislative requirements as defined in the Privacy Act 1993 and PHO-DHB- practitioner contracts that reflect this legislation) which are well understood at all levels of primary care. It would appear true to propose that information currently is more secure in the community than it is in more centralised data bases in that the closer the information is to the site of recording, the more likely it is that privacy processes are more rigorous. This is not to say that centrally held data is at risk; however, it is easier to maintain security with few having access to a smaller degree of data then if greater numbers have access to a wider range.

In recent times, the largest interruption of access to patient data occurred during the Auckland power outage, June 12, 2006. During this outage, access to data was lost but the overall functionality of primary care, although reduced, did not lessen to such a degree as to place the provision of care at risk. There was no loss of data as such, but rather a loss of access to such data. This loss of access would appear to be potentially a greater current risk at present then the loss of actual data.

Maintenance of a Core Primary Care Response Capability
Again, in the work undertaken in planning for a potential infectious disease epidemic, the notion of “Key Practices” has emerged. These “Key Practices” are the medical facilities that will be the “do or die” facilities in that, in a situation of limited support capability (eg, manpower, resources, supplies, etc), such support will be preferentially channelled to these practices should a disaster occur. A controlled centralisation of medical resources to these “Key Practices” would occur as the ability to provide medical care is reduced at GP practices further down the chain from the “Key Practice”. Patients would be directed initially to their usual provider of medical services until/unless such facilities are no longer functioning. If the usual facility is not functioning, patients would be directed to their nearest Key practice by radio and print media processes as well as telephone call diversion and 0800 call centre services.

Business continuity planning was seen as an essential process for these “Key Practices”. Although technically feasible, it was decided that the centralisation of practice data from other practices to “Key Practices” provided a level of complexity that could interfere with, rather than augment, the provision of care and as such, this proposal was not taken further.
A similar task of identifying potential risks and exploring mitigation strategies that occurred at Management Services Organisation or PHO level also took place within “Key Practices”. However, similar barriers to the ongoing review and development of this planning (apathy, championing,) occur here as they do at more central agencies.

A further barrier at this level is the lack of funding resource to provide this “Key Practice” functionality. Primary care in New Zealand is largely owner operated and it is difficult to build a business case for applying a significant degree of funding to build business continuity capability when such capability, although providing ongoing community care, will not provide any financial return on investment for the practice. Currently, apart from a degree of funding for the development of a disaster management and business continuity plan at “Key Practice” level, there has been no recognition by central funding providers of the role these practices will be required to play in maintaining community based health care during a disaster. There is the need for significant infrastructure development such as security of power supply, water supply and communication capabilities, and to date this has not been recognised by funding agencies. This may prove to be a major defect in the ability to respond adequately to a disaster situation as required at primary care level and may only be discovered at the worst possible time, ie, during an emergency.

To date, the only significant framework for practice based primary care disaster management and business continuity planning has occurred in the context of planning for a potential influenza pandemic. It has been a difficult task to bring this to the practice level and there is still a significant amount of work required to raise the capabilities of individual general practice teams to a degree where functionality can be assured. There has been a significant amount of work undertaken to assure robust capability to at least “Key Practice” level but ongoing development and testing of the strategy is still required.

Conclusion
Overall, the drive to ensure a high quality response to any potential threat is ongoing and has been largely achieved (although untested) at a PHO level within ProCare. There are more uncertainties at practice level and it is unlikely that this will be remediated unless sufficient resources and effort are applied to remove the barriers to bring this to practice level.

Footnotes

  1. www.moh.govt.nz/moh.nsf/indexmh/pandemicinfluenza-exerciseprogramme-cruickshank

Back