Planning for disaster – are you prepared?

Hurricanes, earthquakes, floods… every time we turn around, there seems to be another disaster going on somewhere that makes us think, “If that had happened to me, what would I have done?” It’s an important question, particularly as it relates to IT infrastructure.

In the midst of a disaster, a healthcare provider’s focus should be on caring for the sick and wounded, not dealing with technical and operational issues that could have been prepared for ahead of time. We can’t always predict what will happen when disaster strikes, but you can put a plan in place to diminish the impact and reduce or eliminate your downtime.

When Hurricane Sandy hit the East Coast that’s just what we were – prepared! With more than 79 million studies and 5.5 billion images across 800 clinical sites being protected in the Dell Cloud Clinical Archive data centers and more than 53 hospitals and 40,000 physicians running their applications within our secure healthcare cloud, we knew our customers were counting on us. With the storm bearing down, the Dell team triggered a series of measures as part of our service level agreements to ensure that the data our customers entrust with us was protected.  

Because of our best practices, disciplined workflows and automation processes we were able to monitor the path and progress of the storm, review recovery and continuity plans, test redundant communication networks and power supplies and confirm customer support was available around the clock. We ensured that our fully redundant failover site was in place to protect and manage our customer’s most critical systems if the worst happened.

So what role does a managed disaster recovery service play in the event your organization faces such a disaster? The good news about disaster recovery is that it’s not as hard as it used to be – especially if you have a trusted partner on board.

Nearly all hospitals would like to procure their own, self-hosted disaster recovery solutions, but the fact is that hospitals have to operate within very real, often very snug budgetary constraints. A reliable and compliant disaster recovery solution for your applications requires a second data center at a geographically separate location in addition to a host of security and governance procedures to ensure the protection and privacy of the information.

There are other sound reasons that healthcare organizations might opt to subscribe to managed disaster recovery services. Perhaps there is no viable facility to house a redundant data center. Or, if the space is available, the connectivity is not. And though you may have budget for the infrastructure, it’s costly to add long-term FTE overhead to manage such a space.

Care must be taken, however, when selecting a DR provider. All disaster recovery services are not created equal. It is imperative that the organization with which you entrust your healthcare data – arguably the most important data in your environment – understands your environment and the issues facing your hospital. Other critical elements to consider include:

  • Is the DR provider familiar with the approved server and storage configuration for your healthcare information system?
  • Do they have network connectivity expertise pertaining both to your facility and to the DR site?
  • Are they knowledgeable of and do they comply with HIPAA confidentiality and security requirements?
  • What kind of reputation do they have as a DR provider?
  • Do they have the availability and expertise of DR resources in the event you need assistance managing your system in recovery mode or re-establishing your primary data center?
  • Is there fault tolerance at the DR site itself?
  • Is they space availability at the DR facility for your operations staff, if necessary?
  • Do they have the ability to test the DR plan on a regular basis?
  • What caliber of infrastructure is used by the DR provider? Is it new, warranted, state-of-the-art equipment, or is it used hardware?
  • Does the vendor have the ability for the DR site to evolve with your organization?
  • Do the services meet your organization’s recovery time and recovery point objectives?
  • Are they able to deliver managed security services for enhanced protection and data privacy?

So what is your organization doing to prepare for the unknown?  

About the Author: Tim Olivier