Every July the phrase “hurricane season” begins to make its way into casual conversation. Homeowners, business owners, travelers, schools and anyone who has ties in the Atlantic Coast begins discussing the threat potential for the upcoming season. If you have any family or friends in that area of the nation you may have typed, “how many hurricanes are predicted this year?” into a search engine.
As healthcare IT professionals we spend a considerable amount of time assessing the likelihood of data loss within an organization. However, the risk of natural disaster poses a unique challenge that not all IT companies have arranged for. What we have found is regardless of the customer’s location, a business continuity management plan is necessary. Let’s look at some of the challenges within a natural occurrence and assess how a disaster recovery plan will mitigate that risk.
2017 Hurricane Season Facts
2017 was predicted to be a busy year for hurricanes; a little over halfway into the season it is meeting expectations. There are three hurricane research centers who make their annual storm predictions based off a complex calculation of water temperatures in the Atlantic Ocean, sea-to-surface temperature ratios, and average vertical wind shear components.
For comparison, the 30-year historical average for the Atlantic Basin is 12 named storms, six hurricanes, and three major hurricanes (meaning a Category 3 or higher). The three agencies who report on this are the Colorado State University (CSU) Tropical Meteorology Project, the National Oceanic Atmospheric Administration (NOAA), and The Weather Channel.
As of mid-September, there have been 13 named storms. The U.S. had one named hurricane (Arlene) falling so early in the season that researchers debated whether or not it should be included in the official season tally. Next, the nation watched as Hurricanes Harvey and Irma ripped through Texas, Louisiana, Georgia, and Florida. Currently, Jose remains in the Atlantic Ocean and will potentially move in on the Northeast while Hurricane Maria is rapidly strengthening and expected to threaten the same areas of Florida who are still drying out from Irma.
UNFORTUNATELY, THE SEASON WILL LAST FOR ANOTHER TWO AND HALF MONTHS WITH AN OFFICIAL ENDPOINT OF NOVEMBER 30TH
Hurricanes are categorized on a scale of 1-5 based off their potential to destroy property. A Category 1 will damage some roof tiles and break larger tree branches off. A Category 5 will destroy nearly every house and building, residential areas will be completely blocked by trees and poles, power and water will be out for months thus making the entire area uninhabitable.
Harvey made landfall as a Category 4 and was responsible for 57 deaths with an eventual total loss of $75 billion.
Irma first bore down on the Caribbean as a Category 5 before landing in Florida; damages are estimated from $32 billion to $50 billion with 68 reported deaths.
Check out the complete Saffir-Simpson Hurricane Wind Scale HERE.
First-Hand Experience
I lived in Miami, Florida during the record setting hurricane season of 2005 and, sadly, I have experienced this destruction first-hand. The salient memory for me was bracing for a new threatening storm every other week from August to October. It was impossible to escape the fear of losing everything you own; and just when you felt the relief of one storm being downgraded, a new one intensified.
I worked with over 100 medical practices based in Miami and Fort Lauderdale at the time and they all felt the same sense of uncertainty. In 2005, we were not yet required to demonstrate meaningful use of electronic medical records (EMR) and it was many years before we began securely storing data in the cloud. At that time the risk was real that an office may lose all their paper charts and billing records from a storm surge or flood.
That year most of Florida ended up ended up spared by Hurricanes Dennis, Katrina, Rita and Wilma, yet New Orleans suffered the greatest loss of life due to a storm that we have witnessed in our lifetimes.
Business Continuity Plan Basics
Hurricane Katrina taught us that we must take hurricane threats seriously, that we needed to have better infrastructure in place to allow for flexible hurricane recovery planning, and that a hurricane’s path is never set and can change overnight.
What this meant to my Florida hospitals and physician’s offices was we needed to become better prepared and assume that at some point we would likely face a natural disaster. As new technology was introduced to the market we began to utilize these resources to better secure our data.
When electronic medical records became the standard, offices were tasked with adding new levels of security such as:
Throughout the years I have sought to establish an repudiated level of security regardless of where I was consulting. Irrespective of an office’s location, they must be prepared for natural disasters. Even an office in sunny, land-locked Phoenix could experience outages due to high winds, lightning strikes or sand storms.
When Hurricane Harvey first started to become a real threat, I heard from a handful of clients we consult. They were concerned about the status of their networking systems and wondered if they needed to implement any new downloads or backups. I was able to assure them that our healthcare information security protocols are among the most stringent in the industry. If your IT provider cannot ensure unparalleled levels of data security in your virtual machine computing environment, it is possibly time for an IT assessment.
Real-Time Data Replication
Backup and recovery solutions are a necessary pillar to keeping your data flowing in the event of a service disruption. Any office requiring continuous access to secure medical data should scrutinize their Disaster Recovery as a Service (DRaaS) provider. Redundancy plans should include having continuous offsite replication and fully load-balanced offsite spare servers. With these systems in place, whether due to a server crash, hardware failure, or natural disaster, any service disruption can be immediately bypassed without any loss of data.
My clients hung up the phone knowing their data was securely stored on their servers and at ours and no additional protection measures needed to be taken. They could return to focusing on keeping their families and property safe from the storm.