December 2001 Bulletin

Act today to prevent disaster tomorrow

Maintain adequate backup in safe, accessible location; verify recovery plan periodically

By Ronald B. Sterling

The events of Sept. 11 have highlighted the need for you to plan for recovering from the failure/ loss of your system, or inability to gain access to your office.

Real life examples of system losses include a hardware failure, robbery and other events that could block access to your system or office. For example, one practice office was flooded during a weekend because of a plumbing problem in the office above. The main system and many computers were com- pletely destroyed. The cost of preparing for such a problem and mitigating your loss is well worth the effort.

In addition to your interest in preserving your computer data, the following requirements are included in the pending HIPAA security regulations:

Maintaining a current backup. Although many practices profess to have adequate backups of their computer data, too many practices could not recover their data from their backups. In addition to having all of the files and information needed to run the system, the backup should be kept at a separate location. Your house, bank, and other practice location may be good places to keep your system backups. A safe in the office, another location in the building, or a car parked in the garage or even the parking lot are risky options.

Recovery plan. For computer systems, and communications, you should maintain a recovery plan. The recovery plan should include fallback procedures to allow for continuing operations during the recovery period as well as the various components you will need to rebuild your computer system and supporting data communications. Your list should include the specific requirements of your system and a couple of sources that could supply equipment. If you do have a problem, be sure to immediately contact your software and hardware vendors to get your recovery process underway.

Verifying your recovery plan. You should test your recovery plan on a periodic basis. The test should include verifying the equipment you will need, the type of communications support and the validity of your recovery procedures. Be certain that the staff knows the recovery plan and how to use the recovery procedures. Most importantly, you should verify that you could recover your backup data.

Make sure you can get immediate access to your backup tape. Note that one practice had a serious problem because the backup was kept at the house of an employee who left on a two-week vacation the day before a catastrophic system loss. The backup tape could not be accessed for several days, delaying the recovery process.

Verify that the backup tape contains a backup of your system. One practice found out the hard way that their daily backups had not worked for at least six months.

Test the restoration of the backup. Computer software has a variety of pieces and components that are completely transparent to the user. Configuration files, setup files, drivers, database management software, operating system patches and other components are needed to allow you system to work. By testing your ability to restore your system, you can verify that all of the software you need is contained in your backup tapes. Trying to reconstruct missing files in the event of a problem is difficult, complex and risky.

Ronald Sterling, CPA, MBA, of Sterling Solutions, Silver Spring, Md., is a nationally recognized expert on electronic medical record and practice management systems.

Computer Link welcomes suggestions about future topics for the column and questions about the use of computers in orthopaedic practice. Send your suggestions to the Bulletin at AAOS, 6300 N. River Rd., Rosemont, Ill. 60018.

Home Previous Page