Tier3MD has put together a guide to business continuity and disaster recovery. The truth of the matter is most medical practices aren’t doing nearly enough when it comes to continuity and disaster planning. It’s
inconceivable that in this era where practices, hospitals and other medical facilities store more sensitive data than ever before, and the risk of losing this data is so great, that a recent Systematic survey revealed that up to 57% of medical practices still have nobusiness continuity or disaster recovery plan in place.

Your Practice

As a Physician or medical office employee, you owe it to yourself, your employees, and your patients to answer this one question: Is your practice and your ePHI resilient and protected enough to withstand short or
long-term interruptions to its operations? The answer should be immediate. If you have to pause or think for one second before responding, the answer is no. Each
day of business brings with it unforeseen risk. Whether it’s catastrophic weather conditions, cyber- security threats, or the vulnerabilities of the technology we’re dependent on to perform daily work functions, there must be both a business continuity (BC) and disaster recovery (DR) plan in place. There must also be complete confidence in the effectiveness of the BC/ DR strategies that are implemented.

A Competent Strategy

Often misconceived as a problem for the “big guys,” business continuity is a concern for practices of all sizes – whether there are 5 or 5,000 employees. The costs of having no solutions in place are too high for many
smaller practices to rebound from. Several hours of unplanned downtime can result in thousands of dollars lost each hour.

That’s the kind of disruption a small practice may face from a shorter-duration tech issue or power outage. Imagine the consequences of longer lasting outages, where a practice may be down for days or weeks, as seen in natural disasters like Hurricane Sandy and Hurricane Katrina.

Beyond the immediate tangible costs of outages like lost productivity and revenues, there is also an intangible domino effect that may be harder to quantify. The repercussions can greatly exacerbate the total losses over time, for instance:

  • Patients leaving your practice for another physician.
  • Liability of not being able to produce patient records
  • Word of mouth for a negative impact
  • Employees jumping ship

These are just a few ways lost productivity could negatively impact your practice.

3 Steps to What You Can Do

Step 1 – Recognize the need and importance

Business continuity and disaster recovery strategies tend to be on the to-do lists of many practices, but they are often delayed as more urgent business issues emerge.
U.S. businesses lose roughly $1.7 billion in profit each year from network outages according to a CDW business continuity survey completed a few years ago.Obviously, it isn’t smart business for a practice to let business continuity and disaster recovery planning become an afterthought.

To structure a solid business continuity plan, practices must be prepared for all possible disruptions. It is important to note that business continuity goes beyond being prepared for natural or man-made disasters. We are now so technologically dependent that BC/DR plans must be in place to counter any disruption – big or small – that threatens your patient records, and your business data.
Internal technical or infrastructure failures or cyber attacks are obvious examples. That is the world we live in today. Small internal “single-points-of-failure” can bring down an entire operation.

Step 2 – Impact Analysis and Risk Assessment

Constant availability is critical to success. In order to minimize downtime, it’s important to determine what technology is behind each phase of your business operations. Knowing the technology infrastructure of your business allows for a comprehensive impact analysis and a better grasp of the impact on business operations when specific technology fails or becomes unavailable – even for a short period of time.

Determining what could unexpectedly bring down each piece of that infrastructure is risk assessment. Risks come in the form of either internal or outside threats. Internal threats can be anything from an application failure, disk crash, and server malfunction to human error or a bitter employee. External threats can vary depending on location – natural disasters like hurricanes, earthquakes, tornadoes, floods, and fires, as well as man-made events like power outages, acts of terror, and accidents can knock out services. Additionally, our dependency on technology leaves firms susceptible to cyber-attacks like malware, computer viruses, phishing schemes, and the theft of personal mobile devices used for work purposes.

Step 3 – Use New Technology to Simplify Your Plan

Recent technology developments like server and desktop virtualization, cloud computing, and mobile devices are beneficial to practices looking for BC/DR solutions. The cloud also allows remote workers to access an organization’s communication and collaboration tools, further allowing for “business as usual” in the event of a serious disruption. Tier3MD offers all of these solutions in order to help your practice quickly recover from any type of outage.


Although it is understandable that ownership and upper management at small to medium sized practices are hesitant to spend money, BC/DR planning is a lot like insurance. It’s human nature to think that bad things won’t happen to you, but the investment pays off the when you’re hit by an extreme event or emergency. New technology trends and the backups-a-service, remote backup, and online backup services provided by Tier3MD have given practices the ability to safeguard their practice operations at a reasonable cost. Money and resources can no longer be an excuse for a lack of solid BC/DR solutions. There is way too much at risk.

Tier3MD is a Medical IT Support Group