The recent cybersecurity incident involving Change Healthcare, which Hall Render discussed here, serves as a wake-up call for many in the health care industry. One obvious response companies are taking is related to security and penetration testing. By now, many organizations have started some assessment and validation to double check their security posture to report to their leadership or board. While heightened attention is understandably directed toward assessing and strengthening security measures, there exists an equally important facet: ensuring seamless business continuity. This includes being able to keep the business operating, treating patients and staying financially solvent should a major system, service or functionality become unavailable, particularly ones that are beyond their direct control.
A Business Continuity Program (“BCP”) is critical to every health care organization, as it helps keep your business in operation at some level when technology is interrupted or fails. A BCP is a structured framework and process that identifies resource needs and establishes playbooks and processes so that key departments and teams know what to do in the event of a critical technology outage and how to recover once it is restored. A BCP is typically driven by both non-clinical and clinical departments, as both types will be impacted and will need to staff up and/or perform the work.
Almost every company is implementing some form of new technology, applications and process automation to streamline operations, improve efficiencies, and/or reduce costs. It is common during such implementations for organizations to discuss and consider the necessary level of high availability or redundancy, and the decision often boils down to cost vs risk. These implementations will likely involve some combination of external dependency, such as “cloud” or data exchange with external third-party systems.
There’s an old saying, technology is great until it doesn’t work. The more that organizations rely on technology and third-party external systems, the more significant the impact will be when the technology and systems don’t work. For external systems, high availability or redundancy should be covered in the vendor’s contract through Service Level Agreements and penalties should an outage occur. While those are valuable remedies after the service is restored, they don’t address how the organization will function during the outage period. This is usually the responsibility of the organization to figure out.
The Hall Render Advisory Services Advantage
Hall Render Advisory Services has several offerings related to business continuity and can help determine or assess your organization’s readiness to stay in operation should there be a service interruption or system outage. These offerings include conducting an overall assessment of your BCP, reviewing the framework of that program or leading tabletop exercises to test the plan and identify possible gaps.
Our team provides a valuable resource for health care organizations looking to review and optimize their Business Continuity Program. Contact Hall Render Advisory Services or visit HallRenderAS.com to learn more about how we can help your organization.
If you have any questions, please contact:
- Dan Cumberland at dcumberland@hallrenderas.com or (443) 951-7050;
- Mark Branstetter at mbranstetter@HallRenderAS.com or (615) 423-6651;
- Michael Latcha at mlatcha@hallrenderas.com or (269) 207-6382;
- John Norling at jnorling@hallrenderas.com or (214) 615-2010; or
- Your primary Hall Render Advisory Services contact.
Hall Render and Hall Render Advisory Services blog posts and articles are intended for informational purposes only. For ethical reasons, Hall Render attorneys cannot—outside of an attorney-client relationship—answer specific questions that would be legal advice.