Business Continuity and HIPAA Business Continuity Management in the Health Care Environment [Electronic resources] نسخه متنی

BUSINESS IMPACT ANALYSIS (BIA)

A BIA is an assessment of a healthcare organization's business processes to develop an understanding of their criticality, recovery time objectives, and resource needs. The purposes of a BIA is to specifically define and prioritize the healthcare organization's business processes to determine which is most critical and define the minimum amount of tolerable downtime before significant impact.

By completing a Business Impact Analysis, a healthcare organization will gain a common understanding of functions that are critical to its survival. It will enable the healthcare organization's management to achieve more effective planning at a lower cost by focusing on essential corporate functions.

During the BIA process, the risk of business process failures is evaluated. Additionally, critical and necessary business functions and their resource dependencies are identified. The BIA process will produce estimates of the financial and operational impacts of a disruption, identify regulatory/compliance exposure, and determine the impact upon the healthcare organization's market share and corporate image.

One result of the BIA is a determination of each business function's Recovery Time Objectives (RTO). The RTO is the amount of time allowed for the recovery of a business function. If the RTO is exceeded, severe financial damage to the healthcare organization could result. These time estimates and dollar contributions of the business unit allow management to make an informed decision on how to allocate recovery funds. Additionally, the BIA process allows Information Technology to have the RTO determined for computer applications.

Based upon the results of the BIA, you can perform a review of additional expense and business interruption insurance coverage required by the healthcare organization. For healthcare organizations, insurance can provide a fallback.

What does the BIA process provide to the healthcare organization?

It determines critical and necessary business functions/processes and their resource dependencies.

It identifies critical computer applications and the associated outage tolerance.

It estimates the financial and operational impact of the disruption and the required recovery time frame for the critical business functions

It builds a business case for strategy selection.

The first step in conducting a Business Impact Analysis is to identify all business units within the healthcare organization, using a confirmed Organization chart. Conduct interviews so that all functions within the healthcare organization have been addressed. In doing this, important functions, that on the surface were seemingly unimportant, will be assessed.

Healthcare entities must consider the consequences of only identifying and documenting critical applications and data, and not addressing mission-critical business functions, as is too often the case. In so doing, they will miss critical feeder processes that are critical to their primary systems. The next step is to design a customized questionnaire. An example of a questionnaire that might be used in a healthcare payer environment follows: