Академический Документы
Профессиональный Документы
Культура Документы
12 Optimize
Introduction
Disaster recovery refers to the ability to recover data after a disaster or other
interruption of service. You can use the contingency plan assessment to assess your
current contingency plans and to prepare for enhancements as more mission critical
clinical information systems are adopted and replace paper-based systems.
How to Use
1. The person responsible for contingency planning should complete this form, in
conjunction with the (HIT) steering committee. The HIT steering committee needs
to be involved in determining the criticality of IT resources, data, and applications.
Some home health agencies may utilize companies that specialize in emergency
mode operations/disaster recovery planning to develop, test, and maintain such
plans for the physical facility, such as for fire safety. These plans should be
enhanced with backup and business continuity/disaster recovery plans for
disruption to HIT.
2. If you do not have physical facility contingency plans, it is critical to assess
your HIT contingency planning needs.
3. If your agency will have its servers hosted offsite, you may just need business
continuity plans for reverting to paper and manual processes in the event of system
downtime, loss or failure of an input device, lack of connectivity, or power outage.
If your agency will manage its own data center, a more robust plan for backup and
disaster recovery is needed in addition to business continuity planning.
4. Complete each of the sections of this tool in sequence, reflecting the current
situation at your home health agency.
5. As your data criticality changes with electronic health records (EHR) and
participation in a health information exchange organization (HIO), evaluate your
changing needs. For example, you may currently back up once a day and have an
employee take the backup to the banks safe deposit vault. Once you move to an
EHR, you will need fully redundant servers, network capability, and simultaneous
backup. These can be acquired through an information systems host, application
service provider, or software as a service vendor (see Section 1.9 Financial
Assessment, Financing Resources, and Acquisition Models), but there may still be
additional costs for other forms of redundancy, such as for
Criticality Analysis
Use the following definitions to describe Criticality Level:
For IT Resources:
o Remote and fully redundant (with automatic failover and sustainable
power)
o Local and fully redundant (with automatic failover and sustainable power)
o Redundant (without automatic failover)
o Backup only (with specified lag time during which data may be lost)
For Applications:
o Mission critical (impacts patients)
o Critical (impacts productivity)
o Important (manual workarounds suffice)
o Deferrable (minimal impact)
For Data:
o Private/Sensitive (disclosure adversely impacts patients)
o Confidential (wrongful disclosure has potential to harm individuals or the
organization)
o Proprietary (disclosure of business/practice secrets may result in loss of
competitive advantage)
o Public (no harm through disclosure)
Current State
Description
Criticality
Planned State
Planned
Level
Criticality Level
Remediation
IT Resources
Production server(s)
Test server(s)
Back up server(s)
Exchange server(s)
Other:
Input devices
Printers
Scanners
Other:
Telecommunications
devices
Telecommunications
media
Telecommunications
provider (e.g., telephone
company for Trunk Line)
Method
Media
File
Naming
Data
Application
Media
Rotation
Location Transport
SLA
Recovery
Testing
Software
Operating
Systems
Hardware
Organization
Operations
Recovery Operations
Return to Normal
Operations
Appendices
Description
Purpose
Applicability
Scope/Assumptions
Development
Maintenance
Testing
Record of Changes
References/Requirements
Steering Committee
Management Team
Support Teams
IT Resources Description and Architecture
Application Description and Architecture
Data Description and Architecture
Damage Assessment
Response
Deployment of Teams
Procurement of Resources
Dissemination of Public Information
Recovery Procedures
Emergency Phase
Backup Phase
Recovery Phase
Concurrent Processing
Plan Deactivation
Personnel Contact List
Vendor Contact List
Notification List
Present?
Copyright 2013
Updated 11-20-13