Hospital’s disaster recovery plan born out of 9/11

The tragic events of September 11, 2001 changed the world forever. For many, that single day marked a turning point in their efforts to safeguard human life and mission-critical data.

Daniel Morreale, CIO of Kingsbrook Jewish Medical Center in Brooklyn, NY, says it was 9/11 that prompted him to reevaluate his hospital’s disaster recovery plan. “The 9/11 lesson was pretty intense,” he says. “We built a very robust infrastructure with multiple pathways. We took the lessons learned and put them into practice.”

Morreale explains that while he is most concerned about losing clinical data, safeguarding the information systems needed for the day-to-day running of the hospital is vital. “There’s a trust relationship in healthcare, but there are legal implications around financial data,” he says. “Our disaster recovery plan is secondary to our business continuity model.”

In taking this approach, Kingsbrook has invested in a wireless environment, VPN circuits and built-in redundancy, he says. The hospital has also rolled out an electronic health record (EHR) and now boasts having almost all documentation in electronic form.

Located in one of the five boroughs of New York City, Kingsbrook Jewish Medical Center is a 782-bed teaching hospital that also includes a rehabilitation institute, a brain injury center, a bone and joint center and a neurosurgical specialty center.

The hospital was not affected by Hurricane Sandy and was, in fact, one of the hospitals to which patients were evacuated, Morreale says.

Since 9/11, technologies have changed and Kingsbrook has made some changes in its disaster recovery plan. Its EHR and clinical applications, for example, are now hosted by Malvern, Pa.-based Siemens Healthcare. And while the hospital continues to operate its own onsite data center, it has begun to move more applications outside the hospital.

Working with Tempe, Ariz.-based ClearDATA, Kingsbrook has prioritized each application and has contracted with ClearDATA to be its host provider. It also is changing the way it backs up and stores data. “We keep a disc copy in Brooklyn and a copy is sent to ClearDATA,” Morreale says. “We also have multiple carriers into the cloud.”

Morreale admits that on occasion an email or document will need to be recovered, but with the back-up system now in place, that has not been a problem.

Formulating a detailed and workable disaster recovery plan took time and much careful planning. “We had to define the strategy and the steps,” he says. “We defined our tasks and then split our data transport among multiple carriers so we’d always have connectivity to the outside world.”

Morreale says that while he encountered no challenges in rolling out a disaster recovery plan or in getting everyone on board, there was one major stumbling block. “Funding was our biggest challenge because we’re a community hospital,” he says. “As a result, it took time. We had to spread it out over several years.”

As for offering advice to other CIOs who are planning to implement a disaster recovery plan, Morreale says, “It’s a have to, not a want to. It’s expensive. It takes time. But it’s all part of delivering high-quality patient care.”

Original article posted March 29, 2013 at: