You rarely get advance notice when disaster strikes. Even if you are fully prepared for it, things can unfold in unexpected ways. To give your business and your technology protection in the face of any unforeseen event, you need a guide: a business continuity plan.
You need a clear set of guidelines that ensures your business is prepared for any unplanned manmade or natural event, and the business continuity plan is your roadmap to recovery. In this case, a disaster is any unexpected instance in which you and your team are unable to perform your jobs, resulting in a loss of profitability, stress/chaos, and a risk to your practice’s reputation.
Typically, the plan includes such components as:
“A key goal of the plan is to have a backed up, micro-level view of your business—including all your technology and data—retained from a week, a month, and even a year back,” explains Eric Adams, Information Technology Operations Manager at Integrity Systems & Solutions. “Given the ever-growing sophistication of hackers and other evolving security issues, among the core goals of the plan is making sure your data is backed up as redundantly as possible, giving you multiple copies to fall back on should a disaster occur.”
In addition to protecting your systems and data, a business continuity plan is essential to keeping your practice operating continuously, with as little downtime as possible. Without a plan, your business faces:
As Adams puts it: “It can send a potentially damaging message to your patients, making them question how secure they are with your practice. ‘You mean you didn’t have a backup copy of my records?’”
“With a business continuity plan in place, there is a clear and very orderly process,” explains Adams. “If not, you need to scramble and think on your feet. All of the things that the plan prepares you for—such as ensuring that you have alternate workspaces and servers to depend on—become frantic calls to your IT support letting them know what’s happening and trying to make your people aware as well. That’s where the security a plan offers comes in. There might be some stress, but it’s much lower when you’re prepared.”
“We had a client who experienced a disaster, and because of their preparation and planning, they were only down for about an hour,” Adams says. “They were still able to treat patients and maintain some level of production.”
Not all business continuity plans are created equal. As discussed, much of what your practice is required to do is defined by HIPAA, but those guidelines are largely geared to the plan’s administration, procedures, and performance. The level at which you choose to physically protect your business assets and the steps you put in place to do that can differ depending on your practice needs.
When deciding your plan’s requirements, it makes sense to have an experienced advisor such as Integrity guiding you through the process and ensuring that nothing is missed.
“Just taking time with an advisor—someone who can look at your technology objectively and holistically—can make a difference,” notes Adams. “That perspective can provide clarity around what you need to protect as well as the ‘why’ and the ‘how.’ And once you have that plan in place, should any problem occur, you’ll know that things should unfold in a certain way and that your practice will continue functioning.”