Business Continuity: Having a Plan Matters
You rarely get advance notice when disaster strikes. Even if you are fully prepared for it, things can unfold in unexpected ways. To give your business and your technology protection in the face of any unforeseen event, you need a guide: a business continuity plan.
What is a Business Continuity Plan?
You need a clear set of guidelines that ensures your business is prepared for any unplanned manmade or natural event, and the business continuity plan is your roadmap to recovery. In this case, a disaster is any unexpected instance in which you and your team are unable to perform your jobs, resulting in a loss of profitability, stress/chaos, and a risk to your practice’s reputation.
Typically, the plan includes such components as:
- documented business/practice objectives
- a complete inventory of hardware, software, and other technology
- defined tolerance for downtime and data loss
- defined data backup parameters
- alternative workspace and technology plans
- a comprehensive testing process when getting back online
- other steps related to getting your practice up and running as efficiently and quickly as possible
“A key goal of the plan is to have a backed up, micro-level view of your business—including all your technology and data—retained from a week, a month, and even a year back,” explains Eric Adams, Information Technology Operations Manager at Integrity Systems & Solutions. “Given the ever-growing sophistication of hackers and other evolving security issues, among the core goals of the plan is making sure your data is backed up as redundantly as possible, giving you multiple copies to fall back on should a disaster occur.”
What Happens without a Plan?
In addition to protecting your systems and data, a business continuity plan is essential to keeping your practice operating continuously, with as little downtime as possible. Without a plan, your business faces:
- A potential HIPAA violation. Because HIPAA guidelines require that you have a plan, you run the risk of a compliance issue without one. And if you are flagged, it can create lasting reputational damage.
As Adams puts it: “It can send a potentially damaging message to your patients, making them question how secure they are with your practice. ‘You mean you didn’t have a backup copy of my records?’”
- Chaos. A business continuity plan brings peace of mind, preparing your business for a worst-case scenario. For example, what happens to your server if there is a flood?
“With a business continuity plan in place, there is a clear and very orderly process,” explains Adams. “If not, you need to scramble and think on your feet. All of the things that the plan prepares you for—such as ensuring that you have alternate workspaces and servers to depend on—become frantic calls to your IT support letting them know what’s happening and trying to make your people aware as well. That’s where the security a plan offers comes in. There might be some stress, but it’s much lower when you’re prepared.”
- Loss of profitability and productivity. If there is an issue and you don’t have a plan, that means downtime, which translates into lack of care for your patients and loss of revenue and productivity. With a plan, those issues are minimized and you typically continue to operate, even if not immediately at full strength.
“We had a client who experienced a disaster, and because of their preparation and planning, they were only down for about an hour,” Adams says. “They were still able to treat patients and maintain some level of production.”
Building a Business Continuity Plan
Not all business continuity plans are created equal. As discussed, much of what your practice is required to do is defined by HIPAA, but those guidelines are largely geared to the plan’s administration, procedures, and performance. The level at which you choose to physically protect your business assets and the steps you put in place to do that can differ depending on your practice needs.
When deciding your plan’s requirements, it makes sense to have an experienced advisor such as Integrity guiding you through the process and ensuring that nothing is missed.
“Just taking time with an advisor—someone who can look at your technology objectively and holistically—can make a difference,” notes Adams. “That perspective can provide clarity around what you need to protect as well as the ‘why’ and the ‘how.’ And once you have that plan in place, should any problem occur, you’ll know that things should unfold in a certain way and that your practice will continue functioning.”