As clinical care becomes increasingly reliant on electronic systems, IT failures now pose life-and-death risks to patients. Data protection and disaster recovery planning are now critical not just to the health of a hospital's data, but to the health of its patients. In addition to data protection, the continuous availability of clinical systems is becoming a necessity, as once "routine” downtimes, due to server upgrades, hardware failure, or backup windows, are no longer tolerable for most organizations. At the other end of the spectrum, systems are expected to be up-and-running even after severe disasters. Data shows that most hospitals are unprepared for disasters, however, and are far from having their systems protected or continuously available.
Where should a hospital start? A seemingly limitless array of variables presents itself: should we prepare for a server failure or a flood? What about regional disasters that wipe out all transportation and communications? Does all data need to be backed up? And if so, how often? How will the hospital prioritize the applications it needs at an alternate site? Will there be different plans for different types of disasters?
This brief aims to answer these questions and also to give hospitals a blueprint for organizing a disaster recovery/business continuity planning effort with strategies for each step in the process. Ultimately, hospitals can not prepare for all disasters: redundancy of all systems and replication of all data is an impossible task. Rather, hospitals must weigh the costs and benefits of recovery to focus investments on protecting what is most important.