When I hear the names Alberto, Ernesto, Rafael and Michael my mind immediately brings up visions of bad romance novel covers. Men with long hair wearing swash-buckling pirate shirts, dipping women, with even longer hair, in their arms. However, these are just a few of the 2018 Atlantic Tropical Cyclone names provided by the World Meteorological Organization. (Sorry to disappoint you!)
This year hurricane season is shaping up to be “near or above-normal”, according to predications from the National Oceanic and Atmospheric Administration (NOAA). NOAA is forecasting ten to 16 named storms, including five to nine hurricanes, and one to four major hurricanes with Category 3 strength or higher, for this year’s Atlantic hurricane season. While these expectations are below what we experienced in 2017, the need to accurately predict and prepare for the devastating impact of hurricanes is an absolute necessity. And, the forecast for the central Pacific region doesn’t look very promising either, with a 70% chance of three to six tropical cyclones.
When natural disasters strike, they can cripple a provider’s ability to deliver care. What hurricanes like Katrina and Maria have taught us is that healthcare providers need to have effective disaster recovery plans in place to treat patients – both during and after a disaster scenario. Furthermore, HIPAA requires that providers, “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence that damages systems that contain electronic protected health information (PHI).”
In order to have an effective disaster recovery plan, it is critical to have a strong information governance (IG) program in place. An effective IG initiative can help ensure that all important sources of data – such as electronic medical records, case management information, diagnostic images, electronic test results and patient financial data – can be accessed and recovered in an emergency operation mode. In addition, when operating in emergency mode due to a technical failure or power outage, IG practices are critical to address security processes that must be in place to protect patient information.
To best prepare for natural catastrophes, here are a few steps you can take before disaster strikes:
Step 1: Get the plan right
Establish data backup and disaster recovery plans that will create and maintain retrievable, exact copies of electronic PHI and establish procedures to restore any loss of data. Build plans with policies and procedures that enable business continuity, protect the security of sensitive information and prevent the possibility of a data breach.
Step 2: You built it, now test it
You shouldn’t wait until disaster strikes to know whether or not your backup and recovery plans will work. Make sure your plans are thoroughly and regularly tested. Work with a trusted recovery expert that can review your current processes, test for gaps, determine areas to revise and then help to implement your plan.
Step 3: You’ve got it, now flaunt it
Once your plan is in place and tested, you’ll want to make sure it’s shared with the broader organization. Leverage your IG steering committee to establish and communicate responsibilities for disaster recovery preparedness across your organization.
Since disasters seldom adhere to convenient schedules, proper preparation is a must. Check out www.noaa.com for the most accurate and up-to-date information by geographic area and leverage other sources of information from experts, such as Iron Mountain. Stay informed and more importantly, stay safe!