Healthcare Business Continuity and Disaster Planning

The Business Continuity profession has seen rapid and explosive growth in the days after 9/11. On that terrible day, the significant difference between the companies located in the World Trade Center that would reopen and those that would close was the degree of resilience of the business processes that the companies had.

In the years since 9/11, companies large and small have implemented not only data redundancy, but also continuity planning for all critical business processes. Sure, healthcare has also implemented data redundancy and business process continuity planning for business and administrative activities, but what about the real healthcare business?

Business continuity planning is designed to preserve critical business processes that must be preserved to maintain operations and profitability. For an investment firm, those processes include data warehousing, client accounting, and real-time financial processing, to name just a few. Healthcare business contingency planning is aimed at supporting processes such as data warehousing, customer accounting, and financial processing in real time; But does this support the mission of healthcare?

An investment firm is dedicated to managing money and markets; your business continuity planning supports that mission. Health care is in the business of providing health care. Currently, healthcare business continuity is divided between two professionals, the business continuity professional and the medical contingency planner / safety officer. The business continuity professional is responsible for ensuring that the financial and administrative processes of the healthcare business are maintained. The medical contingency planner / security officer is responsible for ensuring that the provision of medical care continues without interruption. But does this divided approach support the mission of healthcare?

Healthcare business continuity planning must preserve the critical business processes necessary to maintain operations and profitability. This necessarily includes both critical medical services and critical financial and administrative processes. However, most healthcare institutions in the United States are private sector companies. These companies do not meet their operating budgets with emergency medical services or even general hospital admissions. This was confirmed in the late 1970s and early 1980s when losses in emergency medical services caused hospitals to close or restrict emergency room services. In an effort to stem this trend, Congress passed the Emergency Medical Treatment and Active Work Act of 1986 (EMTALA). In 2007, health institutions subsidized the unfunded EMTALA mandate with outpatient services. These are the services that most medical contingency planners / security officers shut down when disaster strikes.

Like business contingency planning, health care disaster planning begins with a vulnerability analysis; However, unlike Business Vulnerability Analysis that focuses on identifying critical business processes, Healthcare Vulnerability Analysis focuses on quantifying external threats. Disaster planning in healthcare is based on an “All Hazards” approach. Despite the apparent emphasis on external threats, an “All Hazards” approach is intended to be a “Process Risks” approach. Here is the challenge for the medical contingency planner / safety officer and the new market opportunity for the business continuity professional.

The healthcare industry desperately needs a planning professional who can combine health vulnerability analysis with business process vulnerability analysis. The average daily revenue loss for a hospital that closes outpatient services after a disaster is a quarter of a million dollars. Additionally, financial losses occur as a result of failures in the registration, charge entry, and billing process. The provision of health services frequently suffers as a result of process failures during a disaster that cause a backlog of patients and a loss of efficiency. Healthcare disaster planning based on standard healthcare vulnerability analysis combined with process vulnerability analysis would not only address business process continuity, but would highlight medical process vulnerabilities, allowing for focus on limited medical resources in the continuity of the medical process. Lastly, an attention to business continuity focused on the healthcare institution’s core mission of delivering healthcare and maintaining profitability would support business processes and medical processes while quickly returning to normal operations to restore all streams of income.