healthcaretechoutlook

Are You Ready ?

By Michele Scaggiante, VP & CIO, New York Blood Center

Michele Scaggiante, VP & CIO, New York Blood Center

Saving Lives in Healthcare Industry

Today not many IT professionals can say that their work helps to save lives every day, but if you work in the Healthcare Industry, chances are this holds true for many of you.

This privilege comes with some extra challenges and pressure both for you and your team: strict quality and regulatory requirements, the need to operate 24/7 and limited budgets, to name a few.

Furthermore, the Healthcare Industry is experiencing an increase in sophisticated attacks trying to gain unauthorized access to confidential medical and patient information, which is extremely valuable to criminals trying to commit fraud.

In an emergency situation, how you respond can have very different outcomes for the patients and communities you serve and can thoroughly test your organization’s capabilities. It also shows how well you’re prepared for it.

New York Blood Center

New York Blood Center (NYBC) is one of the largest community-based, non-profit blood collection and distribution organizations in the United States. For more than 50 years, NYBC has provided a variety of blood products, medical services and innovative research that helps to save lives every day, serving more than 20 million people in New York City, Long Island, the Hudson Valley, New Jersey, Connecticut, and Pennsylvania.

"The Healthcare Industry is experiencing an increase in sophisticated attacks trying to gain unauthorized access to confidential medical and patient information which is extremely valuable to criminals trying to commit fraud"

Our employees and volunteers are passionate about what they do, and we depend on the generosity and loyalty of our blood donors and financial benefactors who make this possible every day.

Johann Wolfgang von Goethe, a German writer and statesman wrote, “Blood is a juice of a very special kind,”(Faust, 1808) and he was right; the adult heart constantly pumps approximately 5.5 liters of blood throughout the body everyday, and we can’t live without it

Every 2 seconds, someone in the US is in need of blood, yet the only available source depends on the commitment of thousands of donors who voluntarily turn up at a blood center or a mobile drive across the country.

Donated platelets, which control bleeding, can be stored for no longer than 5 days; red blood cells, which transport oxygen, up to 42 days.

Since our founding in 1964, NYBC has worked diligently to maintain a safe, reliable, high quality blood supply for all the hospitals and patients who need it. So how do you ensure business continuity in case of an emergency or a disaster?

An Effective Plans Leads to Better Execution

Take the time to define in advance processes, roles and responsibilities, provide clear phone trees and emergency contacts for all critical business areas, develop checklists, and include evacuation plans and facilities diagrams. Test your plan regularly and update it at least once a year.

WHAT A PLAN DOES: Provides some stability during chaos, serves as a template for the future, helps protect our staff and first responders, assists in responding to a disaster.

WHAT A PLAN DOES NOT DO: Cover everything that may happen, guarantee that nothing will go wrong, ensure that it is communicated to everyone who needs to know, make sure that you have all the necessary resources.

Death and Damage in New York City

On October 29, 2012, Super-Storm Sandy hit New York City and the majority of the East Coast, causing devastation and over 200 deaths. At least 650,000 homes were damaged or destroyed, more than 8.5 million customers lost power and all forms of transportation were disrupted for weeks, at a cost of about $65 billion in the U.S. alone.

Here is how New York Blood Center responded to this catastrophic event and what we learned from our experience:

Ways to Manage an Emergency

1. PreparednessPreparedness begins with communication: 5 days before landfall, the Senior Leadership Team started daily calls to assess the risk of different scenarios and to coordinate activities across all business lines. During these calls, all critical business and support functions were represented, including Information Technology. The topics covered during these calls ranged from communications with donors, hospitals, employees and supporting vendors, to critical assets and services, keeping our supply chain operational.

As the likelihood and impact of different scenarios were becoming clearer, the IT team was in a better position to adopt a risk-based approach and to identify critical systems or processes for mitigation and contingency.

We focused first on the basics: network, telecommunications and power. Here are some good questions every CIO should think about when preparing for the worst: Do we have single points of failure in our infrastructure? Is our voice and data running on the same network? Is there dependency on a single vendor? Do we have a Disaster Recovery site for your critical applications? Can we quickly switch your network and internet access to a secondary provider?

After this it is important to communicate across the organization what contingency options are available in case of outages.

2. Response– During the first 24-48 hours, a number of decisions and contingency choices needed to be made quickly and closely coordinated between business lines and IT. When our main processing facility flooded we had to move operations, staff and inventory to a secondary location within 24 hours while ensuring continued access to systems and telecommunications. Several outages in different areas (network, power, telecom) forced us to switch to secondary networks and alternate providers while maintaining communications between essential personnel, service providers, hospitals and donors.

3. Recovery–After the storm, we declared an emergency blood appeal to replenish our depleted inventory and started assessing the damage to our operations in order to return to normal processing and restore regular IT services across all sites. This phase was particularly challenging because of the extensive and prolonged disruption of most forms of mass transportation for weeks after the storm, which affected most of our staff, partners and donors. It took 10 days after Sandy hit New York to return to normal operations but none of the hospitals we serve suffered from a blood shortage during this period.

4. Mitigation– Every emergency offers an opportunity to learn from and to improve your existing preparedness plan and contingency measures. In our case, the storm highlighted how crucial the ability to maintain basic communication and infrastructure services is to the organization, together with executive coordination and decision-making.

This experience made it very clear how much we depend on technology we usually take for granted, like email, phones and the internet and how seriously it can affect our daily operations if unavailable. In testimony of the critical role IT plays during emergencies, I was asked by the CEO to take a lead role in the company’s business continuity planning shortly after returning to normal operations - a responsibility I still hold today and one every CIO in Healthcare should be prepared to take.