Disaster Recovery: Cross-Training Key

Tornado Experience Offers Important Lessons
A key factor in ensuring that information technology is available in the wake of a disaster is cross-training IT staff to handle multiple roles, says Terrell Herzig, information security officer at UAB Medicine.UAB Hospital was able to keep its information systems running in the critical hours after tornadoes ravaged Alabama thanks to its disaster recovery planning efforts, Herzig says.

"We had just completed six months ago a disaster test where we simulated a fire in our computer facility and, on paper, we took out a few of our key staff, like our network director and our server manager, just to see how the team would respond," he points out. The academic medical center cross-trains its IT staff "so no one individual holds a monopoly on any role," he notes.

This cross-training came in handy in the aftermath of the tornadoes, when several members of the data center staff could not make it to the hospital, Herzig points out.

In an interview with Howard Anderson, executive editor of HealthcareInfoSecurity, during the HIPAA Security conference May 10 in Washington, Herzig also:

  • Points out that backup generators and uninterruptable power supply (or UPS) systems, plus two connections to the power grid, enabled the hospital to have continuous power.
  • Advises healthcare organizations to test generators frequently. "Our generators are tested each month by our maintenance staff," he says. "You don't want to depend on a generator that's never been run."
  • Stresses the importance of preparing disaster recovery plans for rare events, like tornadoes. "And be sure to test those plans."

In addition to serving as information security officer at UAB Medicine, Herzig is HIPAA security officer. He heads a team of three security specialists at the delivery system, which includes a 1,000-bed hospital and numerous outpatient facilities throughout the state. He is editor the book, "Information Security in Healthcare: Managing Risk," published by the Healthcare Information and Management Systems Society.

Herzig also is the featured speaker in a webinar on developing a policy for protecting information on mobile devices.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.