When I.T. Fails….
By Bryan O’Neal, Golden West Technologies
$7,900 per minute.
That’s how much unplanned downtime costs healthcare organizations, according to a recent survey conducted by Ponemon Institute and Emerson Network Power. With an average incident lasting just under 80 minutes, healthcare organizations lost $627,418 per incident from computer network outages in 2013.
That’s a lot of money to lose. I think we’d all agree we’d want to protect ourselves from that kind of loss. But would your organization, here in the Midwest, really lose $7,900 per minute? Should we believe that downtime is that much of a risk?
First, let’s define what downtime is. Downtime is a period of time in which a system is unavailable and can be planned (for maintenance) or unplanned. I’ll be referring to “downtime” as unplanned in this article. Downtime may affect a single application, such as your EMR. It can also be system-wide, such as a server crash or loss of Internet connection.
Now consider what your organization would do without access to patient history, charting, scheduling, billing software, or phones. How many people would be unable to perform their jobs? Consider the costs of additional personnel needed to see patients, inefficient paper-based downtime procedures, and data entry that must be performed once the system resumes operations. Additionally, there are intangible costs of diminished patient and employee satisfaction to think about. Your actual cost will vary based on size of the organization, patient load, specialties, and which phase of Meaningful Use you’ve attested to.
No matter your size or location, downtime will cost you and will only get more expensive.
How can you address this risk without breaking the bank? To start, evaluate which of your practice’s critical workflows are supported by your Information Technology (IT). Typically, this includes your scheduling, charting, prescriptions, billing and accounting (including payroll!). Determine the impact to organization if these services are not available or lost. How long can you survive without the information? What potential fines for HIPAA violations could you be subject to?
Evaluate the likelihood of the threats from the most probable, such as hardware failure, to the extreme, such as natural disasters. The National Institute of Standards and Technology (NIST) has published a brief overview of the most common threats in its handbook.
The most common threats reviewed include:
- Errors and Omissions
- Fraud and Theft
- Employee Sabotage
- Loss of Physical and Infrastructure Support
- Malicious Hackers
With this information in mind, assess your current situation. Where is the central location of your critical data and what redundancies exist? Where and how are the servers and storage at your location backed up and how quickly could you restore that information? Also consider how quickly a replacement server could be installed. If you have your data hosted, how redundant is your connection (i.e. Internet or dedicated connection)? Does the risk of downtime warrant a second-failover connection?
Unfortunately, you can’t completely eliminate downtime from happening. Hardware can fail unexpectedly, malicious hacking continues to rise, and natural disasters are out of our control. But by performing a thorough evaluation and investing in a solid continuity plan, you can prevent downtime from truly costing your organization.
Bryan O’Neal is a healthcare technology consultant at Golden West Technologies in Rapid City, SD. To start assessing your downtime risk, visit www.gwtis.com/resources.