Concerns of a healthcare organization are probably the most unique
due to its complex web of interwoven clinical and business processes.
These existing interdependencies directly impact a healthcare provider's
ability to provide patient service. The systemic flow of critical
information is exhaustive and typically requires constant interaction
among numerous entities. Any breakdown at any point in this network
of interdependencies could cripple a healthcare organization.
Further, there are the recent regulatory mandates from the Health
Insurance Portability and Accountability Act (HIPAA) and from the
Joint Commission on Accreditation of Healthcare Organizations (JCAHO).
The pending approval of HIPAA legislation looms large over the healthcare
industry - for it would mandate strict standards for ensuring the
privacy, protection, availability and reliability of patient data,
as well as for business continuity and disaster recovery practices.
All healthcare entities that electronically maintain or transmit
patient health information are subject to HIPAA requirements. Failure
to comply could result in financial penalty and possible closure.
JCAHO, which supports the mandates of the HIPAA legislation, similarly
has requirements and standards of service for healthcare organizations,
which also encompass business continuity planning. Significant effort
will be required to align business processes, operational areas,
systems functionality and third party relationships to respond to
and satisfy HIPAA requirements.
HIPAA and JCAHO legislation notwithstanding, there are several
additional areas of concern in the healthcare industry:
Clinical Functional Considerations
These risks, in the main, exist over the unavailability or inaccessibility
of:
• Critical medical staff or primary care personnel, or personnel
who are single points of failure within the organization
• Critical patient data
• Critical services and information typically maintained in
the clinical laboratory, and the ability to recover these functions
following an interruption
• Communications networks and mediums with managed care organizations,
consulting physicians, accrediting organizations, lawyers, and medical
research agencies
• Drugs and medications either from the pharmacy itself, or
from shortages due to interruptions in its supply chain
• Vital consumable materials such as bandages, needles, syringes,
and various other supply support materials
• Sterilized equipment requirements
Facilities and Plant Services
Fire damage is the leading cause of loss in healthcare facilities,
followed by water damage due to broken pipes and fittings, sprinkler
leakage, boiler malfunction, and machinery malfunction.
Healthcare facilities have many areas of concern from a risk management
perspective such as storage rooms, laundries, kitchens, pharmacies,
flammable liquids and gases, hazardous material, and labs. Failure
to have viable maintenance procedures and risk mitigation programs
in place could result in a disastrous situation.
The need for the availability and recoverability of high value,
unique medical equipment is critical to providing basic medical
support for daily business operations, let alone contingency scenarios.
The lead-time and monetary expenditures required to replace the
loss of critical high value medical equipment such as CAT scans,
MRI machines and hydrostatic chambers could be excessive.
Dietary and Food Services
The requirement for healthcare organizations to maintain consistent
food service capability is critical to their ability to operate.
Any interruption would require significant coordination to arrange
for alternate food service support. Extensive prior planning needs
to be undertaken to mitigate the risks in this category. This is
particularly true given the high risk of spoilage and contamination.
This situation is compounded due to the fact that patient dietary
considerations have to be taken into account. If food sources can
be obtained, further thought and planning needs to be given to food
preparatory and storage equipment and its availability.
Human Resources
Staffing shortages, such as those caused by the recent nurse strikes,
mean that there are potential single points of failure in your organization.
There is also an increased reliance upon outsourcing arrangements
for things like clinical coding, for example. Healthcare organizations
need to have multiple vendor arrangements or ensure that the third
party vendor has its business continuity plans in place.
Recommended Treatment
The changing healthcare business model, replete with alterations
in business processes and market strategies, must be empirically
treated within the context of a proactive business continuity and
risk management program. This program must provide a balance among
all the various facets of business continuity planning, including
crisis management and communication, disaster recovery, and business
resumption.
About the Author
Michael T. McDonnell is a member of the GE
GAP Services' Business Continuity Solutions team. He may be reached
by calling (216) 241-3663 or emailing Michael.T.McDonnell@gegapservices.com
|
