If you surveyed managing physicians and office managers from the Birmingham area about their business continuity plans, how confident do you think they would be with their Disaster Recovery solution? Do they feel prepared? Have they even thought about it?
According to the U.S Dept of Labor, 93 percent of businesses without an effective Disaster Recovery plan for business continuity who experience a data disaster are out of business within the first year. Forty percent of businesses that suffer significant downtime never recover.
According to 2016 statistics from the Ponemon Institute, the average amount of lost money and the average costs could be substantial, including but not limited to:
Equipment – $8,865
Recovery – $17,570
IT Productivity – $56,789
Lost Revenue – $197,500
Business Disruption – $201,550
For a medical practice, these numbers need to be taken seriously, as disasters can happen quickly. If you are a managing physician or office manager, when was the last time you looked at your discovery plan? Last year? Sometime in the past five years? Maybe never? Unplanned disasters can affect almost anyone, including natural disasters and hardware failure. Hardware failure was the top cause of data loss and unplanned downtime totaling approximately 45 percent, and 35 percent from power outages.
Ransomware concerns have also continued to escalate over the past year as well. 2017 turned out to be year of unforgiving lessons for many healthcare businesses specifically because of ransomware. According to Malwarebytes Labs, the number of overall businesses who detected ransomware grew by 90 percent. Ransomware attacks take a toll on your healthcare organization regardless of who is at fault. When employees can’t access their system to do their job, the domino effect can be devastating. For a practice, your cash flow can come to a halt, your patients can suffer, and ultimately your practice’s reputation can suffer. These concerns are magnified when the media must be notified. The legal ramifications could be significant as well, depending if patient data was lost, breached, or if your attestation period was affected. Potential revenue and brand value loses credibility. This is why it is important to take time to go over the Disaster Recovery process.
Does your practice’s Disaster Recovery plan include coverage for potential issues such as cyber-attacks and natural disasters? If your plan does not, perhaps a reevaluation is necessary.
How does a medical practice start the revaluation process? Start by asking your IT professional. The livelihood of your practice is at stake. It is important to know who is handling what process in your recovery plan. If you don’t know, ask.
In that evaluation, having detailed functional scenarios need to be part of your plan. For example, if hardware failure does affect you, what is your plan to recover? Who is responsible for restoring your system back online? If your data and EMR software is not on premise, make sure you know how your data is getting backed up. Have your IT firm discuss their back up process with your EMR provider to make sure there aren’t any pitfalls in their plans as well. When the plan and expectations are clearly set within a recovery plan, your medical practice is able to get back online quickly.
Have you ever simulated this Recovery Plan process? If your practice has a competent and thorough plan in place but there hasn’t been any simulation process, how do you know the plan would work? A recent survey by TechTalk shows that by industry, the healthcare field is among the most negligent as 66 percent of respondents reported not testing their backup systems to gauge effectiveness. According to one report, 33 percent of polled respondents revealed that their disaster recovery plan proved inadequate when deployed in response to an outage. StorageCraft, a company that provides backup software & disaster recovery solutions, notes that 15.4 percent didn’t even consider a fully documented plan applicable to their situation.
Simulation allows you to be in control to gauge your Recovery Plan’s effectiveness, allows for accurate prioritization of systems, processes, and resources, tests how well your plan gets communicated, and perhaps most important, shows what can be done better. How will you know how capable your plan is unless there is a level of testing involved? The simulation process can be time consuming, but the benefits clearly out-weigh the alternatives. This process creates a powerful knowledge for your medical practice. Most importantly, that knowledge generates confidence.
I have seen significant data loss come down to simple lack of communication. Clinics didn’t know who was responsible for what process. Cyber-attacks like ransomware become that much more effective and costly when you don’t have a recovery plan in place.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: