Texas Health Resources’ ability to continuously maintain business functions is critical in protecting the health and well-being of our patients, managing business risks, and preserving our reputation and long-term sustainability.
We designed our business continuity planning process to minimize the impacts of unexpected events and ensure a quick recovery in case of a natural or manmade disaster, delayed shipment of supplies, technology outages and/or other unforeseeable factors. We achieve this through the following programs:
Systemwide multi-disciplinary teams manage the physical security of our hospitals and facilities. They review potential hazards and data to identify trends in frequency and severity.
We prepare for emergencies by leveraging the robust National Incident Management System and the Hospital Incident Command System. These resources ensure patient and staff safety when activated in the event of a hospital, system, city or regional disaster or event. We also coordinate emergency response with other health care providers, community representatives and government agencies.
We leverage lessons learned through drills and review real-time emergencies to improve surge capacity, fire response, communication, decontamination, patient tracking, evacuation and business continuity processes and infrastructure.
Disaster Preparedness/Emergency Response
Preparing for continued operation during a disaster is a key responsibility to our community. Participation in disaster preparedness is coordinated at the local and regional level through the North Central Texas Trauma Regional Advisory Council, which tests and surveys hospital disaster readiness.
We conduct hazardous vulnerability analyses and other risk assessments to identify “at risk” areas. Moreover, we conduct drills and test our disaster recovery plan each year.
Additionally, Texas Health worked with local electric utility, Oncor Electric Delivery Company, in concert with the Dallas Fort Worth Hospital Council, to create a database that identifies and designates electricity meters serving critical care facilities. This helps Oncor prioritize and restore electricity service to these meters first in the event of an unexpected outage, which ensures our facilities’ continued operation.
To combat the growing number of computer-based threats and vulnerabilities, Texas Health protects information and intellectual property using a combination of technology, processes and controls.
Texas Health is committed to responsibly and proactively safeguarding our patients’ health information from inappropriate use or disclosure. Federal and state privacy laws and regulations also govern how we use, disclose and protect health information.
To maintain privacy, Texas Health Resources maintains and implements policies and procedures, provides employee training, monitors and audits plans, and investigates and reports unsecured information breaches as needed. Our compliance with federal and state laws and regulations is governed by the Texas Health Resources Audit and Compliance Committee and Information Security Governance Council.
Clinicians, employees and patients must be able to access data and information through our comprehensive communication network. The network includes our electronic health records, robust Internet and intranet sites, department-specific portals, a web-based emergency notification system, and secure VPN connections and remote access through Citrix.
To protect, secure and ensure the reliability of information, we deploy proven technologies, monitor all alerts and address all possible breaches and potential threats in a coordinated and responsible manner. Some of our primary security measures include:
- 24/7 secured data centers that are accessed only from distribution-controlled key cards.
- Systematic firewalls, intrusion detection tools, email monitoring and filtering capabilities, and automatic security patches for servers, desktops and laptops.
- Data encryption of sensitive outbound information.
- Automated alert systems and active monitoring tools.
Additionally, we limit access to electronic health records and other patient information based on clinicians’ roles.
Progress Being Made
The North Texas region experienced a variety of natural and manmade challenges in 2011-2012 that tested our business continuity response system: a multi-day water outage, ice storms, telephone outages, broken water pipes and electricity brown outs that required all systems to run on generator power. We successfully put our emergency plans into operation to minimize disruptions, and rescheduled a few elective surgeries.
Other progress made during this timeframe included:
- Conducting a hazardous vulnerability analysis to ensure our response processes and protocols were current.
- Conducting disaster drills to test our systems mitigation, response and recovery plans for our top three potential risks. One was a regional drill, which included local health care partners, jurisdictions, public health and medical operation centers. These exercises, as well as lessons learned from actual events, helped us to identify opportunities for improvement and develop action plans.
- Updating business continuity plans for System Services Departments.
- Prioritizing functions that needed immediate recovery during an incident.
In 2013, Texas Health plans to complete a business impact analysis and a 24-hour drill for all critical System Services Departments to ensure objectives can be met should an incident arise.