Delivering high quality patient care, ensuring business resiliency, and protecting reputation: these form the pillars of a high-performing healthcare enterprise. The question then becomes: how firm is the technology foundation underneath these pillars? Here are the four critical risks you should be aware of. For more info, visit our site: http://ow.ly/FQjW301iD1A

1. EXECUTIVE BRIEF
SUNGARD AVAILABILITY SERVICES
4 Critical Risks for Healthcare IT
Patient care, business resiliency, and
your reputation all depend in large part
on the strength of your healthcare IT
environment. Dozens of interdependent
software modules covering every aspect
of healthcare activity are crucial for
delivering exceptional patient care.
Appropriate tiering of applications
supports business resiliency, ensuring
that critical systems are available to
doctors, nurses, and staff members
at time of disaster or disruption.
Securing patient data in the complex
world of meaningful use protects
a healthcare enterprise’s reputation
in a challenging marketplace.
Healthcare IT supports your entire
healthcare enterprise. But it is easy
for cracks to threaten this foundation.
These cracks are often hidden at first,
but they invariably widen, spreading
damage throughout the healthcare
IT environment. Here are four critical
risks you should be aware of, along
with steps to counteract them:
1. How you manage change may
negatively impact recoverability
With hundreds and even thousands
of applications engaged in running
a healthcare enterprise, the number
of changes made to the production
environment each year is astronomical.
There are operating system upgrades,
patch upgrades, machines being added
and taken away, new applications, etc.
It is critical for business resiliency to
make sure that the recovery environment
mirrors the production environment at
all times – otherwise, recovery will be
significantly hampered or even found
to be impossible at time of disaster
or disruption, with a direct impact on
reputation and delivery of patient care.
The challenge you may face is that
you need your best IT personnel focusing
on production. There is simply too much
going on each day to spare resources to
update a recovery environment that may
not be needed any time soon. And so,
day by day, the production and recovery
environments get more and more out of
sync. Then, when an outage, breach,
or disaster occurs, it becomes painfully
clear that it doesn’t matter how expensive
the recovery system is – if it is not
up-to-date, it is useless.
To repair this crack in the healthcare
IT foundation, weigh the cost benefits
of assigning internal resources to
change management, or partnering
with a Recovery as a Service provider
to manage the constant flux. What
should be avoided at all costs is to
continue as is and “hope for the best.”
2. Mismatched recovery methods
and incorrectly-tiered applications
delay recovery time goals
A modern healthcare enterprise has a
colossal number of applications running
on diverse platforms. For instance, the
billing system may run on UNIX. The
nursing station may utilize a Windows
environment. The supply chain may be
based in the cloud. And the list goes on.
With a hybrid IT environment such as
this, recovery isn’t a matter of “sticking
everything in the cloud.” Not everything
runs in the cloud, therefore not
everything can be recovered from the
cloud. A hybrid recovery approach,
which may include real-time replication,
storage area networks (SANs), cloud
recovery, and tape or disk backup,
ensures your healthcare enterprise
remains fully operational.
As a healthcare executive, three things are likely top of mind
for you: concerns about delivering high quality patient care,
ensuring business resiliency, and protecting reputation. These
form the pillars of a high-performing healthcare enterprise.
The question then becomes:
How firm is the technology foundation underneath these pillars?
For more
information
visit the healthcare
industry section
of the Sungard AS
website or call
1-866-714-7209.

2. About Sungard Availability Services
Sungard Availability Services is a leading
provider of critical production and recovery
services to global enterprise companies.
Sungard AS partners with customers
across the globe to understand their
business needs and provide production
and recovery services tailored to help them
achieve their desired business outcomes.
To learn more, visit www.sungardas.com
or call 1-888-270-3657.
Trademark information
Sungard Availability Services is a trademark
or registered trademark of SunGard Data
Systems or its affiliate, used under license.
The Sungard Availability Services logo by
itself is a trademark or registered trademark
of Sungard Availability Services Capital, Inc.
or its affiliate. All other trademarks used herein
are the property of their respective owners.
Connect with Us
© 2015 Sungard Availability Services, all rights reserved. EBS-026 1115
SUNGARD AVAILABILITY SERVICES
As a best practice, you should
choose your recovery methods
by tiering applications in order
of importance. For example, the
emergency department would likely
be a Tier 1 application demanding
a near-zero Recovery Time Objective
(RTO). A public health reporting
module, on the other hand, might
be judged Tier 3 – it can lie dormant
for a few days, if necessary.
With appropriate recovery methods
and correctly-tiered applications, you
can boost your resiliency, ensuring
that you can continue to deliver
top-notch patient care even in
the midst of a crisis.
3. Shadow IT causes recovery
and compliance challenges
With the vast amount of personally
identifiable information (PII) that flows
through your healthcare organization,
shadow IT can be a real problem.
Enterprise Technology 1
reported
an instance of a healthcare executive
setting up an Amazon cloud account
without IT’s knowledge. He then sent
protected health information (PHI)
via an unsecured connection in direct
breach of HIPAA regulations. In other
cases, physicians may use mobile
devices or public services such as
Dropbox to share patient information
with their associates – enhancing
collaboration, but jeopardizing patient
confidentiality. Or again, a department
within your healthcare enterprise might
decide a new application is necessary
and deploy it without ever notifying IT.
The ramifications of shadow IT are
broad. If Shadow IT applications are
not included in business continuity
planning efforts, they may put your
healthcare enterprise at risk of a data
breach. Heavy fines can be levied for
failure to comply with HIPAA, PCI,
and other industry regulations.
You must raise awareness about
the dangers of shadow IT with all
employees, and be rigorous in asking
every department what applications
they use to their jobs done and what
data passes through those applications.
Only then can you ensure that all
instances of shadow IT are brought
into the light. Disaster recovery
providers can help uncover and
identify hidden applications and IT
environments. Once they are properly
recognized they can be included in
a full system recovery approach.
4. Inappropriate security
measures endanger HIPAA,
HITECH, and PCI Compliance
Security is a huge challenge for three
reasons. First, your organization
collects extensive personally
identifiable information about
every patient. Second, you need
to transmit that information to other
healthcare institutions to comply with
meaningful use requirements. Third,
you have to mirror all that data in
a recovery environment, doubling
the opportunities for a breach.
If a data breach happens at any step
along the way, the cost – financially
and in terms of your reputation –
is devastating. In 2014, the New York
Presbyterian Hospital and Columbia
University Medical Center were
required to pay $4.8 million to settle
alleged HIPAA violations.2
More
recently, the UCLA Health System
sounded the alert that a hacker had
gained access to their network, and
that 4.5 million patients should take
steps to protect themselves.3
You need rigorous and mature security
measures in place for encrypting,
transmitting, storing, and replicating
data protected by outside regulatory
bodies. Choosing cloud and Recovery
as a Service providers who build
HIPAA-compliant security into their
service offerings can relieve much of the
burden of security from your IT staff.
Repairing the Cracks in the
Healthcare IT Foundation
It might seem that the stability
of your organization is sure to
disintegrate under these multiple
stressors, but the tools are
already at hand for you to repair
every crack in the healthcare
IT foundation. Industry-leading
technology firms can offer the
high availability, application
agility, business continuity/disaster
recovery, security/compliance,
and cloud computing solutions
necessary to ensure that patient
care, business resiliency, and
reputation are not compromised.
It is up to you to assess your
IT environment to ascertain
where there are gaps, and
remediate those gaps with
strategic partnerships,
products, and services.
1 www.enterprisetech.com/2015/06/17/bring-
shadow-it-out-of-the-dark-gartner-tells-tech/
2 www.healthcareitnews.com/news/group-
slapped-record-hipaa-fine
3 www.uclahealth.org/pages/data2015.html