Living Business Continuity Plan Can Minimize Disruptions


Healthcare Business Continuity Plan Provides SecurityAlthough people in any industry will say that Business Continuity (BC) is important, those of us in healthcare recognize that any downtime is undesirable.

Admittedly, 100 percent uptime is an unrealistic goal, but we all should hold ourselves to the highest possible standard when patient care and safety are on the line. Business Continuity, in addition to Disaster Recovery or Resiliency Planning, is critical in every area of a hospital.

But any plan you develop isn’t worth anything if it sits on a shelf in the IT director’s office or in an electronic archive, says Ken Ho, Professional Services Engagement Manager at McKesson. “From my experience, even those who have a plan in place for Disaster Recovery and Business Continuity rarely actively update their documentation, which leads to confusion when disaster strikes. As well, communication amongst departments should always be considered,” says the industry veteran, who works with McKesson’s team of medical imaging consultants.

A research report from the Ponemon Institute shows that while the average length of data center disruptions across industries is decreasing, the average cost per minute is increasing sharply. In the healthcare industry, a single disruption can cost nearly $700,000 in direct costs, indirect costs and lost opportunity. And, on average, each minute of disruption costs an organization $7,900, a 41 percent increase from 2010 to 2013, according to the report.

Hospitals have reported periodic outages of data systems, most commonly EHRs, occasionally leaving nurses and clinical staff unable to access any patient information for a full day. This situation highlights the need for each department within a hospital to have a living, breathing business continuity plan that is current and continually updated.

Not a Matter of ‘If’

The key to effective Business Continuity planning is to prepare for the worst while hoping for the best. If your medical imaging solution doesn’t have a plan, it’s time to get started. And if you do have a plan, is it current? Is it accurate? When was the last time it was tested?

An earlier post on Medical Imaging Talk outlined five issues related to resiliency planning you should keep in mind:

  1. Understand the need for Disaster Recovery (DR) in your geographic area.
  2. Develop a business case for Resiliency Planning.
  3. Conduct a risk assessment.
  4. Make an investment in solution architecture.
  5. Define roles and responsibilities in your DR plan.

The McKesson Medical Imaging Professional Services™ team breaks its offerings into three main areas:

  • Application Impact Analysis, a study of CVIS/PACS-related IT assets, critical dependencies and related infrastructure to understand the impact of downtime on patient care and operations. The process will clarify or establish a recovery time objective and a recovery point objective for the CVIS/PACS system, based on defined management objectives.
  • IT Disaster Recovery Plan Documentation designed to recover the CVIS/PACS system based on the objectives outlined in the AIA.
  • Disaster Recovery Test Facilitation to test the validity of the plan and discover other areas of improvement to a system’s business continuity or disaster recovery plan.

Analyze, Plan, then Test

Many hospital IT departments, especially larger organizations, choose to create their own business continuity planning and testing. What must be kept in mind is that effective planning in the healthcare space requires not only technical knowledge but also clinical knowledge of workflows. Further, the integrity and privacy of protected health information must be safeguarded at all times.

McKesson Professional Services Team works with more than 800 facilities in North America and meets ISO/IEC standards related to service management systems, information security management systems, business continuity and security of highly sensitive information. In cases where health systems look outside the organization for BC planning or testing, the vendor should have specific healthcare knowledge and industry certifications.

Any disaster recovery plan should be tested every six to 12 months, Ho says, and whenever a PACS system is upgraded or additions are made.

For more information on how to receive a McKesson Medical Imaging Professional Services Complimentary Imaging Assessment, please visit our website or contact myself at

Leave a Reply