Experience shows us that good intention and honest effort doesn’t guarantee that our data will be protected in the event of a catastrophe, or even a small equipment failure or database corruption.  Did you know that 60% of all backups are incomplete, 50% of restores of the backed-up data fail, and only 25% of companies using backup tapes actually take them off-site?  Even more disturbing:  end user compliance with backups is less than 10%; with either failure to check the backup and/or swap the tapes; or even verification that the process was set up in the first place.

The consequences of data loss can be severe.  By the sixth day of a major data loss, companies experience a 25% loss of revenue, on average.  By Day 24 that has risen to over 40%.   Significantly, 43% of companies experiencing a catastrophic data loss without a recovery plan never reopen.  It can truly be disastrous if a critical system fails and the core clinical and business applications are unavailable and the data is not recoverable.

What are you doing in your facility to protect yourself from such a predicament?

There are some basic steps that you can take to quickly and securely develop a backup program to avert these kinds of disasters.  A solid backup and recovery strategy is imperative in maintaining your facility and its ability to accommodate patients and complete cases.  The key elements of an effective backup strategy are as follows:

Define which data need to be backed up.

Which data need protecting?  Some can never be re-created or would be too time-consuming and/or expensive to input into the system again. 

Determine the type of media to contain the backup and who will manage it.

Should you use local backup tapes, or remote off-site backup?  Can your staff handle changing the media?  Do you trust your administrator to actually do this on a daily basis?  Surprisingly, in one of our recent surveys, we found that over one-half of the surveyed administrators actually had a backup tape containing all of their patient records in the glove box of their car.

Specify the level of access to the information.

You will need to know how to secure the information you have backed up.  Can your local IT support technician manage the data?  Does it require encryption?

Delineate the backup policies.

You must outline polices that document the requirements for the backups.  How often will you perform a full backup versus incremental backups?  Will you backup everything every day? How long will you retain the data? 

Review and report.

Any backup process must be audited and monitored every day to ensure that it is providing the protection that it was intended to provide.

When looking for help from your IT provider, make sure they understand the requirements for surgical facilities; this includes making sure that you meet HIPAA and Red Flag Rule requirements.  In addition, they should be knowledgeable as to what your clinical and business applications require to ensure that their complex databases get backed up in a way that will be usable when a restore is needed.

Most of all, have a plan!  Don’t assume that all is well and your data is safe solely because your local IT provider says it is OK.  Guarantee that it is by making sure that you have verified with a healthcare IT provider skilled and experienced in this arena that the correct data is being backed up, and by having the board review a summary of the backup reports each month.