Bringing Data Back to Life After Disaster

Bringing Data Back to Life After Disaster:
4 Questions to Ask Your Vendor & Technology Team
By Cheryl Toth
Chances are, your practice backs up the computer system daily. But are you sure you could bring
it back up after a system crash or major power outage? What are the steps for getting the system
back online, and who is involved? How quickly would your practice be operational?
Don’t wait until disaster strikes to learn the answers. Review these questions with your practice
management system/EMR vendor and technology team to make sure the right plans are in place.
1. Where, exactly, is your data?
Does it ‘live’ on servers in your office, or is it ‘in the cloud (on remote servers)?’ If it’s in the
cloud, are the remote servers in the software vendor’s facility, or an off site hosting or data
Where the data is, and how fast you can access it, are critical when disaster strikes. “If yours is a
cloud vendor, how quickly can they install or get you the backup copy?” asks John Brewer
President of Med Tech USA, LLC, a firm that provides HIPAA compliance consulting and
solutions. “If the backup copy is sizeable, say greater than 10GB, it won’t be possible download
all of it from the Internet in less than a day. In that case, will the vendor overnight you a hard
drive with your data?” Knowing how long you’ll wait for the data set is essential for setting
expectations with physicians and patients as the team works to get the system operational.
2. What is the procedure for backing up data, and how many copies are there?
Ask your team who is responsible for backing up the system, how often backups are completed,
and where copies are stored. According to Brewer, for 90% of practices, a daily backup is plenty.
“Backing up multiple times a day is costly and slow if you’re doing it in-house,” he adds. “But
ultimately, your practice must weigh this against the value of a day’s worth of data.”
Find out if the practice or vendor maintains only one copy of the data, or multiple. The latter is
typically referred to as a ‘redundant data set;’ an almost exact mirror (it might be off by a few
hours) of your data that’s maintained on a separate server, all the time. When your primary
server or system does down, the redundant data set can shorten system downtime and make
restoration faster than tape or digital media backups. In some cases, the time it takes to prepare,
move the redundant copy into the live database and restore access can be an hour or less.
Advises Brewer, “Vendors often charge for data back ups based on the amount of data stored. Be
sure to ask about costs for multiple copies.”
ACOS Practice Tip – Submitted July 2013
3. What is the authentication process for bringing the system ‘up?’
Vendors use an ‘authentication process’ to guard against security threats such as abuse of system
access rights, impersonation of authenticated users, and future security attacks. This
authentication process will be required to reinstate your system after it goes down.
Even if you subscribe to a cloud system, the vendor must coordinate with various individuals in
the practice to obtain and enter specific passwords and security codes. “Your team must
understand exactly what the authentication process is,” Brewer insists. “Be sure they have access
to the exact number to call, and the exact information required to authenticate that you are who
you say you are.”
4. Where is the written plan for who-does-what to recover data after disaster?
“A written plan is hugely important and must be a major focus of your disaster and contingency
plan,” Brewer says. “In the chaos that happens after a disaster, nobody will be thinking straight.
Having a well thought out plan is key to getting the practice generating revenue ASAP.” And,
HIPAA now requires practices to have a disaster plan for protected health information (PHI).
“Don’t expect that the practice management system/EHR vendor will manage 100% of the
disaster planning and recovery headaches,” says Brewer. “Your manager, IT consultant, and
others must be involved as well.” Ask the vendor to outline your practice’s role in the restoration
of data after disaster. What exactly will your manager and/or IT team or consultant need to do? If
you have multiple office sites, how will they communicate and coordinate? Review and update
these written procedures annually.
Cheryl Toth is a consultant and writer with Chicago-based KarenZupko & Associates. She
brings 20 years of consulting, training, and product and executive management to her projects.
ACOS Practice Tip – Submitted July 2013