In recent years, I’ve had first-hand experience with ASCs that were trying to recover from natural disasters and other accidents. While in many cases the leadership team had plans for emergencies that damaged the physical facility, they hadn’t put together a plan that would enable the group to recover in the event of a technology infrastructure failure (server, network, or database), which can occur because of a natural disaster or other causes like hardware malfunction, cyber-attack, or even simple human error.
With more information being stored digitally, it is crucial for ASCs to ensure that all files and data are backed up and saved, and that a recovery plan for IT infrastructure is in place.
To start, administrators should work with technology vendors to ensure their systems are properly maintained with respect to storage capability, security, (and the application of necessary updates), as well as a regular backup of information stored in their databases. Asking questions about these practices is essential to selecting a hosting partner, and should also be verified and incorporated as part of regular updates to the facility’s overall disaster recovery plan.
If your facility hosts the applications that you use (i.e. you own and house your own servers), you also need to confirm and document what the disaster recovery protocol is. For example, if there was a fire or flood at your facility, how would you know which patients were scheduled the next day or how to contact them? How would your facility continue to manage its revenue cycle? Who is responsible for obtaining a new server, restoring your database, and distributing devices to business office personnel?
Be sure to understand how the backups are maintained and who maintains them. You should also ensure that a copy is stored in a secure location offsite.
With respect to these practices, it’s also important to confirm that the backup utilities are actually working properly — which is especially critical for facility-hosted systems. Administrators should check periodically (at least a few times annually) to ensure those backup utilities are running correctly.
Finally, your facility's disaster recovery plan, whether it pertains to physical or digital assets, should never be kept a secret. Review the plan with employees and ensure everyone understands exactly what to do in case of an emergency. A quarterly review with all impacted employees would ensure that everyone is familiar with their specific role and the processes to follow, and will also provide an opportunity to update the plan as the business changes. Treat the plan as a living document that must be updated to reflect the changing dynamics of your facility!
What would you "Ask a CASC" if you had the chance? We've begun this Q&A blog series to help you navigate the most important issues in ASC management. Submit your questions in the form on the right and check back for answers from SIS's own CASC certified experts.
[cascMod]