Chapter 17 DISASTER RECOVERY PLANNING
Disaster Recovery Planning
Encompasses all measures taken to ensure
organizational survival in the event of a natural or
manmade calamity and to minimize the impact of such
event on the organization's staff, patients, and bottom
line.
The DRP is an extensive inclusive statement of actions
to be taken before, during and after a disaster.
Goal of Planning process:
Minimize the disruption of operations and ensure a
measure of organizational stability and orderly recovery
after a disaster
Formal planning method is needed to ensure quality,
consistency, and comprehensiveness of disaster
recovery contingency plans.
Health Insurance Portability and Accountability Act
(HIPAA) of 1996 requires that every health organization
implement documented policies and procedures
addressing disaster recovery and contingency planning
Healthcare organizations are also required to test the
plan to ensure that it promotes restoration of systems,
networks, and data following a disaster
The disaster recovery contingency planning process
includes these steps.
* Risk Identification
* Risk Analysis
* Risk Prioritization
* Risk Reduction
* Risk Management Planning
* Risk Monitoring and testing
Risk Identification (How will you able to identify the
risk?)
* Brainstorm the issues surrounding the project
* Decision Drivers
* Further risks may be identified from analysis of
project plans
Possible Sources of hazards
* NATURAL THREATS
* TECHNICHAL THREATS
* HUMAN THREATS
RISK ANALYSIS
RECORDS
consider the value of the records, both paper and
electronic.
FACTORS need to consider:
1. How much did it cost to create that record in the first
place? What would it cost to recreate it now?
2. Does the information protect the rights of individuals,
research, or the business interests of the agency?
3. Is the information complete, or would other
documents be necessary if action had to be taken.
4. How available is it? If the information could be
obtained from another source without too much delay,
its value is reduced.
RECORDS TWO APPROACHES:
*Recreating the information.
calculate the cost of gathering the information from
scratch and then the cost of producing and reproducing
it. This is estimated by the number of man-hours x
$/hour for the project.
Reproducing only.
- Calculate the cost of duplicating your essential records
now for off-site storage, or the cost pf reproducing your
off-site records for use after a disaster. The most visible
form of information is paper, closely followed by
magnetic and film records.
PROCESSING
There is also a need to analyze the risk related to
delivery of services in the event of a computer related
disaster.
RISK PRIORITIZING
Risk prioritization is all about determining "risk
exposure".
Risk exposure = (probability of unsatisfactory outcome)
x (loss, if
outcome is unsatisfactory)
*Determining risk exposure provides the disaster
planning project manager with a prioritized list of risks.
*In all cases, the cost of reducing the risks must also be
considered. A ratio may be calculated that is known as
the "risk reduction leverage".
*This ratio assesses the risk exposure before and after
the risk reduction processes have been carried out and
compares them with the cost of those processes.
RISK REDUCTION
PHYSICAL PREVENTION
Physical prevention requires a thorough audit of all
facilities to identify areas where paper-based or
electronic data are created and stored. The audit
reviews the presence or absence of factors such as
those listed as natural or technical treats.
PROCEDURAL PREVENTION
Procedural prevention includes activities relating to
security and recovery, performed on a day-to-day,
month to-month, or annual basis
The goal of procedural prevention is to define activities
necessary to prevent various disasters and ensure that
these activities are performed as required
RECOVERY OPTIONS
*Off site data storage at host sites, warm sites, or cold
sites
*Reciprocal agreements for data storage with other
organization
*Multiple data centers and multiple computers
DISASTER RECOVERY PLAN
Disaster Recovery Plan
The Disaster Recovery Plan (DRP) involves more than
off-site storage and backup processing.
It should contain all the information necessary to
maintain the plan and execute its action steps.
The following areas should be considered when
developing a disaster recovery plan
PART 1: Introduction and Statement of Purpose
PART 2: Authority
PART 3: Scope of the Plan
Events planned for
Locations planned for
Relationship to others plans
PART 4: Emergency Procedures
Appendices
Use as many appendices as may be needed to include
information vital to the success of the plan. These may
change so often, however, as to make its inclusion in
parts 1 to 4 impractical.
*A staffing chart of the department
*Call-up lists of key personnel
*Instructions for contacting outside organizations
*An inventory of essential records and the priorities for
their protection
*A summary of the arrangements that have been made
for relocating the records
*Instructions for ensuring the emergency operation
*Probably the most important appendix is a list of
resources that might be needed in an emergency
*The final appendix
Plan Testing and Maintenance
The contingency plan must be audited and tested on a
regular basis to know that proposed processes serve the
purpose of protecting the data and processes of the
organization should a real disaster occur.
CHAPTER 18 IMPLEMENTATION CONCERNS
Resistance to Information Systems and Computers in
Healthcare
The adoption of technology requires users to change
how they work. Organizational change places great
demands on staff members. Change creates
uncomfortable situations where staff faces the
unknown and where their coping skills may not be
effective
In 1982 Ball and Snelbecker examined the reasons why
healthcare professional nurses, physicians, and
technologists alike have been slow in adopting
computers and information technology.
Their research resulted in identification of the
following major factors contributing to resistance:
*Oversell by vendor
*Unrealistic expectations,
*traditional practices,
*insufficient nursing involvement,
*fear of embracing
*new approaches
*fear of the unknown.
Oversell by Vendors
The first general reason for resistance to innovative
technology is a tendency of some vendors to overstate
the capabilities of or to oversell their product
Unrealistic Expectations
A second source of resistance stems from unrealistic
expectations regarding the capability potential of
computer systems.
Changes in Traditional Procedures
it is difficult to move an organization forward with
current technology and trends. Many are reluctant to
move beyond the decade in which they were schooled.
Consider these five concerns, which lead to resistant
behavior among staff members
 As the organization expects to become more
efficient when using automation, staff members
may fear losing their jobs.
 Information systems impact both formal and
informal communication patterns.
 Peer pressure and previous experience with
system implementation can also influence the
organizational climate, promoting success.
 *Individual reaction to system implementation
depends on the individual’s overall personality
and cultural background.
 *Management techniques used to implement
systems directly affect users’ perceptions
INSUFFICIENT INVOLVEMENT OF NURSES
Each clinical user group has a role to play in the
selection, implementation, and successful use of an
information system.
Administrators and nurses need to be adequately and
consistently involved in critical decisions about the use
of information technology.
EMBRACING NEW APPROACHES
common tendency is to view a particular function solely
in terms of existing systems characteristics rather than
to recognize alternative ways of how patient care may
be improved. It is not adequate to use new technologies
simply to complete old tasks faster. Instead, technology
is being used to transform the entire caregiving process.
The Problem of managing and accessing medical
records provides a typical illustration. The medical
record is designed to provide a single location where
clinicians can document the care they provide and use
the information from other clinicians to make decisions.
Problems caused by documentation remaining on
paper:
*Sizable storage challenges
• Expensive maintenance and reproduction costs
• Inaccessibility to all care venues in which a clinician
makes decisions, Expanding the paper-based system has
not solve these issues.
Computerized information systems as a
communications controller and file manager provides
greater flexibility in the functions and use of medical
record systems.
the objective of any medical record is to document
information about the care of patients. It is ideally
accessible to all of the healthcare team who
collaboratively provide high-quality care.
Having electronically captured data has eliminated the Roger's Theory of Diffusion of Innovation
need for eight different members of the care team each
suggests that some never adopt the change.
to ask patients the same questions for medical histories,
allergies, and demographics. Where you need to concern yourself is if the active
resistor(s), laggard(s), is in an area of influence or a
management position.
Fear of Leaving Paper and of the Unknown
Otherwise, once enough areas and users are using the
Printed Word has LIMITATIONS
system, the rest naturally follow.
Paper-based records are available to

 only one person at a time
 they are not-up-to-the-minute accurate,
 data are not backed up
 and what is written is only as good as the
person's memory and handwriting
Form of Resistance
 Traditional
 Time-tested Reliance
 Trust of printed material
Computer-based Information System
provide storage and retrieval of information
afford new opportunities for increasing knowledge and
research through data mining and data collection.
Duplication of Effort is one of the most expensive yet
least measured cost expenditure in healthcare
organizations
Streamlining
provides users with additional resources to accomplish
their critical missions. This may be enough to motivate
support of an automated system.
Motivation for change is the key to overcoming
resistance.
The team can motivate each group affected by the
system by identifying how the system benefits them
and fulfills personal and organizational goals.
Another major aspect of collaboration between key
team members is to communicate effectively a plan
A sacred cow is a term that is used in business. This
means an outmoded belief, assumption, practice,
policy, system, or strategy that inhibits change and
prevents responsiveness to new opportunities.
Lewin's Dynamic Balance of Forces
suggests that behavior in an institutional setting is not a
static habit or pattern but a dynamic balance of forces
working in opposite directions within the social-
psychological space of the institution.
Lewin identified three stages for accomplishing
changes in behavior
 un- freezing the existing equilibrium,
 moving toward a new equilibrium,
 and re-freezing the new equilibrium.

Fear

Is an incredibly strong motivator. Once recognized,

however, it can be used to assist in the change process

Management of Change

It is important to recognized that an organization is like

any other social system and change- where everything
and everybody's actions are interrelated

Managers must completely asses the effects of change

on the entire organization and develop a plan to
motivate each department to participate in the
implementation and adapt to change.