As members of the first responder community, healthcare enterprises simply cannot afford lapses in information access. The patient care imperative requires information to be available precisely when and where it is needed.
Beyond patient care, business issues including security, compliance and the need for business preparedness elevate disaster recovery/business continuity (DRBC) beyond just an IT issue to an important business concern. Fortunately, advances in DRBC are helping healthcare organizations in their quest for greater data availability, driving both superior patient care and strengthened operational performance.
Old vs. New
The traditional focus on "always being ready" is evolving to "always being on."
An "always being ready" approach emphasizes an organization's ability to recover from a disaster once it has happened or is imminent. In this scenario, getting a business back up and running can take hours or even days — resulting in potentially significant revenue losses.
Conversely, an "always being on" approach helps ensure that organizations have access to data, when and where they need it, depending on level of criticality as defined by users. During a potential event, the most important applications continue processing reliably and securely at an offsite location, and resulting data is captured, thus maintaining operational continuity.
The traditional practice of relying solely on tapes for back-up has evolved to include supplementing tapes with vaulting.
The physical handling and transport of tapes naturally introduces an element of manual intervention — and consequently, vulnerability to human error. For example, tapes that aren't properly stored can be lost or stolen — making the idea of sole reliance on tapes risky.
Vaulting enables a secure, reliable form of data back-up and protection that brings an added level of assurance to tape-based approaches. More specifically, the vaulting technique is based on electronic vaulting software installed on systems, which automatically backs up selected files at scheduled frequencies and times. The software then captures changed information in file or database, which is compressed, encrypted and transmitted, usually via an IP connection, to a secure remote vaulting facility. While data is typically transferred over the Internet, the vaulting service may utilize a dedicated communications circuit for a higher bandwidth connection to accommodate higher data volumes.
By supplementing tapes with vaulting, healthcare enterprises can drive a higher level of protection for data and tapes.
Information access must be reliable, but only for the right people.
Healthcare enterprises are viewing data availability and security as mutually reinforcing goals — not two competing ends. Co-existence can be achieved cost-effectively through a comprehensive security program comprising information consulting and managed security services.
Today's information security consultants are providing much more than standard recommendations and uniform best practices for technology applications. Rather, they are taking into account each organization's unique data security priorities and most vulnerable points of weakness in order to design and implement tailored, effective solutions, delivered as managed services.
For example, information security consultants may work with a healthcare enterprise to define policy procedures — such as optimal password complexity and [Continued on p. 74] [Continued from p. 72] duration for a particular application — based on the value of the inherent information. Managed services can then tailor and deliver identity and access management services in a manner supporting the defined policies. These services, often delivered from a remote location, are both reliable and sophisticated, and allow organizations to access and leverage the most advanced security technologies available in the market. This kind of comprehensive approach offers enhanced protection against a treacherous and dynamic threat environment. Other key benefits include offloading relatively mundane tasks such as access management, thus freeing up IT staff to focus on more strategic, revenue-generating and/or patient care-focused projects.
DRBC strategies emphasize people planning to a greater extent — avoiding an insular focus on IT planning.
Today's healthcare enterprises are putting into place comprehensive DRBC strategies that factor "people planning" into the equation to a greater extent, helping to ensure that patient care professionals always have access to the information they need to do their jobs. For instance, an avian flu pandemic could potentially take down or disrupt the public Internet altogether, as more employees across industries work from home and networks become overloaded. Public and private enterprises alike are collaborating with third-party experts to ensure that the most critical operations maintain network access.
Confidence is key
When armed with higher confidence in DRBC, healthcare enterprises can focus on their ultimate mission: superior patient care. Furthermore, they can re-direct energy and resources to new patient care endeavors. DRBC is a strategic business-level issue and one that should be considered both an IT and business area of responsibility.