Creating the Business
Continuity Plan - Continued
Webinar 3
Handouts
1
Mitigation Policy Sample
2
HEALTH CENTER NAME
Mitigation Policy
Policy Date:
Policy Revision:
Mitigation Strategy
The intent of the mitigation strategy is to provide [Healthcare Center] with the goals that
will serve as the guiding principles for future hazard mitigation, along with a listing of
proposed actions deemed necessary to meet those goals and reduce the impact of
natural hazards. It is designed to be comprehensive and strategic in nature.
The development of the strategy is comprehensive to include a thorough review of all
natural hazards from the Hazard Vulnerability Analysis (HVA) and identifies critical
processes from the Business Impact Analysis to understand how the infrastructure
affects critical business operations and to develop strategies to protect them. These
measures may reduce or eliminate future impacts of disruptions although there is no
guarantee as disasters are unpredictable.
Mitigation Measures
Maintenance of Systems/
Regular Inspections / Updates
Responsibility
Physical Site
Keys
Lock Combinations
Codes
Alarm System
Anti-Theft Systems
Fire Detection System
Fire Suppression Systems
HVAC
External Grounds
Roadways
Alternate Location
Critical Personnel
Contact information
Training on job roles
3
Timeframe
Schedule
Cross-training on job roles
Training Business Continuity Plan
Test Business Continuity Plan
Critical Equipment Inventory
Lists: Serial Numbers, Passwords,
Software Keys, Licenses, Permits,
Server Root Passwords and any
other security information
Primary Computer System
Alternate Equipment / Location
Backup ISP and Servers
Copier(s)
Fax
Printer(s
Software
Programs
Anti-virus and Malware
Communications
Primary
Secondary
Data Back-up
On-site
Off-site
Data Recovery
Off-site Vendor
Maintaining Adequate Reserves
Cash for Business
4
Food
Water
Batteries
Medical supplies
Power Sources – Alternates
Uninterruptable Power Supplies
Generator
Utilities
Electric
Gas
Oil
Water
Vendor Support
Primary Vendors
Secondary (back-up) Vendors
Vital Records
Electronic
Paper
5
BC Disruption Actions Sample Form
6
HEALTH CENTER NAME
Disruption: Computer Loss SAMPLE
Date:
Revision:
Risk
Building Loss
Probability
Low
Impact
High
Likely Scenario(s)
Power Failure, Flood, Corrupt Software
Critical Processes
Affected
Patient Registration, Pt Scheduling, Pt Billing, Insurance
Billing, Payroll, Accounts Receivable
Action
1.
2.
3.
4.
Responsibilities
1. Senior Staff notified of disruption
2. IT Manager:
-Contact vendor, and alternate vendor, for diagnosis,
service appointment and estimated time of repair
-Oversee repair, prioritized by critical function
4. IT supervisor to communicate with each department
Resources Required
Telephone, Staff Contact List, Vendor Contact List,
Equipment Serial Numbers, Computer Maintenance Plan
information, Prioritized Critical Processes, Individualized BIA
forms
Damage assessed: equipment, location, serial number
Contact vendor
Computer back-up readied
Alternate processes in place by each department (see
individual BIA forms)
7
Business Impact Analysis Form - Sample
8
ZYX Health Center
Business Impact Analysis Form
Business Process: Patient Registration
Type:
Priority:
X
X
Critical Process
High


Non Critical Process
Medium

Low
Description: How to register a patient as the enter our facility
Step 2
Employee(s) in charge: Joan Thomas
Acceptable Downtime: X 1/4 Hours  ___ Day(s)  ___ Week(s)  ___ Month(s)
Number of Patients/Staff Affected: All patients; 2 front desk staff
 No
Is this function a grant deliverable? X Yes
If so, which grant(s)? Federal HIV Grant (requires us to track when the number of
visits by our HIV positive patients
Is this function required by law/regulation? X Yes
 No
If so, which governmental agency? HIPPA
Resources Required for Resumption and Recovery
 Personnel: Front Desk staff (Joan Thomas & Carl Sagan)
 Vendor(s)/Outside Provider(s): eClinical Works (manual registration during
downtime)
 Key Contact(s): Fred Flintstone – eClinicalWorks Customer Support
fflintstone@ecw.net; (800)555-1212
 IT hardware and software: computers, server, and eClinicalWorks software
 Records (electronic or paper): both
 Medical equipment: none
 Medical supplies: none
 Facility/office space: reception area & computer server room
9
Plan for short term (< 5 days) disruption:
Use a paper log to record patient registration. Contact eClinicalWorks ASAP to
schedule service. Secure patient registration log for HIPPA and to input into the
computers at a later date.
NEEDS: pre printed registration logs and / or pads of 8.5 x 1 1 paper; pens; secure
storage area to keep logs
Plan for long term (>5 days) disruption:
Have a backup laptop computer that can connect to eClinicalWorks enter registration
information electronically.
NEEDS: laptop computer with eClinicalWorks software (tested); back up power source
for the laptop (i.e. extra batteries); back up digital storage for eClinicalWorks data
(remote server and external hard drive)
10
BC Disruption Actions – Computer Loss Sample
11
HEALTH CENTER NAME
Disruption: Computer Loss
Date:
Revision:
Risk
Building Loss
Probability
Low
Medium
High
Impact
Low
Medium
High
Likely Scenario(s)
Critical Processes
Affected
Action
Responsibilities
Resources Required
12
Key Contacts, Vendors, and Suppliers Sample
13
HEALTH CENTER NAME
Key Contacts, Vendors and Suppliers
Contact
Affiliate / Alternate Health
Center
Phone Number
Affiliate Hospitals
Local
Contacts
Facility Security
Facility Maintenance
Local Fire Department
Local Police Precinct
Local Department of Health
Mental Health Services
Terrorism Hotline
Department of
Local
Environmental Protection Government Water & Sewer
Agencies
Office of Emergency
Management
Department of Sanitation
Poison Control Center
State Department of Health
Emergency Management
Office
State
Government
Agencies
Office of Homeland Security
State Police
14
Email
Contact
State Terrorism Hotline
Phone Number
Electric Company
Elevator Service
Fire Equipment
Maintenance
Food Vendor
Gas Company
Heating, Ventilation, & Air
Conditioning (HVAC)
IT / Computer Services Hardware
IT / Computer Services Software
Janitorial Service
Site
Contacts
Lab Services
Locksmith
Medical Equipment
Maintenance
Medical Waste Service
Medications / Pharmacy
Oil Company
Plumbing
Security Vendor
Snow Removal
15
Email
Contact
Phone Number
Supply Vendor
Telephone Company
Telephone Hardware
Service
Waste Management
Services
Water Company
16
Email
Equipment Information Sample
17
HEALTH CENTER NAME
Equipment Information
Equipment
Serial Number/
Key/ License
Company
Network Server
Computer 1
Computer 2
Computer 3
Computer 4
Computer 5
Printer – Laser 2150
Printer - Jet
Copier
Fax/Scanner 1 Admin
Fax 2 - Accounting
Phone System
Uninterruptable
Power Supply
123-445-123AB
T32754
T17908
Dell
Toshiba
Toshiba
Dell
Dell
Dell
HP
Brother
Konica
HP
Brother
Avaya
APS
18
Warranty
Service Contract –
Expiration
Vendor Information
Date
12/05/11
Dell 800-555-1234
7/30/10
n/a
TeleCom800-555-9876
4/30/10
Personal Preparedness Policy Sample
19
HEALTH CENTER NAME
Staff Personal Preparedness Policy
Policy Date:
Policy Revision:
Policy Goal
The Health Center considers its staff to be its most valuable resource – one that
provides a vital service to the community both during normal operations and in times of
crisis. Because of this it is critical that staff is prepared to take care of themselves and
their families in case of emergency so they can continue to provide high quality care to
the community.
This policy will be managed by the Health Center Human Resources department.
Go Bag (Home & Work)





Health Center will provide each staff member with two (2) Go Bags – one for
work and one for home
Each Go Bag should contain:
o Extra keys
o Important personal documents (in a waterproof zip lock bag - provided)
 Family Emergency Plans (provided)
 Communication Plan
 Evacuation Plan
 Reunion Plan
 Copy of identification
 Copy of important documents (i.e. birth certificates, insurance
papers, mortgage / deeds, etc.)
 Health Center emergency information sheet (provided)
 Other
o Flashlight & batteries (provided)
o Bottle of water (provided)
o Non-perishable food
o Extra medication
Health Center will host one day a month to make free photocopies of important
documents for staff emergency preparedness needs
Staff members will be responsible to maintain their Go Bags, excluding items
denoted above as “provided” by the Health Center
Go Bag maintenance will be considered as part of staff members’ annual review.
Monthly prizes will be given to staff with complete Go Bags
20
Shelter At Home Kit





Each staff member shall maintain a Shelter At Home Kit that can last for at least
72 hours
Each Shelter At Home kit should contain:
o Water (1 gallon per person, per day)
o Important personal documents (in a waterproof zip lock bag - provided)
 Family Emergency Plans (provided)
 Communication Plan
 Evacuation Plan
 Reunion Plan
 Copy of identification
 Copy of important documents (i.e. birth certificates, insurance
papers, mortgage / deeds, etc.)
 Health Center emergency information sheet (provided)
 Other
o Flashlight & batteries (provided)
o Non-perishable food for at least 72 hours (with can opener)
o AM/FM radio & batteries
o First Aid Kit (provided)
o Whistle (provided)
o Flashlight (provided)
o Extra medication
o Child care, pet or other special items
Health Center will host one day a month to make free photocopies of important
documents for staff emergency preparedness needs
Staff members will be responsible to maintain their Shelter in Place bags,
excluding items denoted above as “provided” by the Health Center
Shelter in Place bag maintenance will be considered as part of staff members’
annual review. Monthly prizes will be given to staff submitting photos of
complete Shelter in Place Bags
Additional Resources
Health Center will provide additional resources through training and exercises. More
information can be found in the xxxxx policy.
21
Mental Health Policy Sample
22
HEALTH CENTER NAME
Disaster Mental Health Policy
Policy Date:
Policy Revision:
Policy Goal
In order to provide for the welfare of its staff, and to insure the ability to provide
continuity of care to its community, the Health Center will provide mental health
resources before, during and after a crisis to staff. The Health Center Assistant Director
will be charged with executing this policy.
Procedures

Pre Crisis
o The following local mental health resources are available in the case of a
disaster:
TYPE
NAME
CONTACT
NAME
CONTACT
EMAIL / PHONE
Faith Institution
Faith Institution
Faith Institution
Hospital
Local Dept. of
Health
Medical Reserve
Corps
Red Cross
Psychologist
Psychiatrist
Local University
Crisis Hotline
Health Provider
Health Provider
*Institutions with an “*” have signed MOUs with Health Center to provide services
in a disaster
23
o Provide information and resources to staff to lower stress and increase
mental resiliency such as incentives, information, etc.
 Some information should be provided at each staff meeting
o Where applicable, insure healthy food is served at all staff functions

During a Disaster
o The Health Center Assistant Director shall keep in regular contact with
senior leadership about the mental health condition / needs of the staff
o Activate MOU’s or other resources as appropriate

After a Disaster
o The Health Center Assistant Director will insure mental health resources
continue to be offered to staff
 Organize a debrief exercise for staff with a trained and licensed
professional
Other Resources

http://mentalhealth.samhsa.gov/publications/allpubs/ken-01-0098/#3

http://www.nh.gov/safety/divisions/hsem/documents/managingstress.pdf

http://www.bt.cdc.gov/mentalhealth/
24