TORONTO — A global flu pandemic that kills hundreds of thousands might – or might not — be an absolute certainty, depending on whom you ask.
But the number of other incidents over the last few years – SARS, terrorism, devastating hurricanes and forest fires, to name a few – indicate it’s prudent to have some sort of IT disaster recovery planning.
But while IT consultants are happy to charge considerable fees to help you put one in place, for many health-care organizations, such an exercise is pointless.
“Our organization does not have a formal IT disaster recovery plan, but that’s not uncommon,” said Jacques Lirette, CIO of the South East Hospital Authority in Moncton, N.B. “Most organizations don’t in health care. We could go hire consultants and they could come in and do a disaster recovery plan, but our infrastructure was changing so much so fast and we’re doing so many different things that to keep those documents up to date was almost impossible.”
That’s not to say the IT organization is not prepared, though, said Lirette, who spoke Tuesday at the 8th annual summit on wireless and mobile health-care technologies. Lirette said it was clear when he first took on the job shortly before Y2K that the organization, which has about 2,700 employees, 500-plus volunteers, some 2,000 networked devices and a $180-million operating budget, was not prepared to deal with a major disaster.
Lirette said while the health authority itself has a pandemic flu plan, the IT organization decided to instead come up with some guiding principles it would use in its IT investments. For one thing, he said, redundancy is not optional.
“We made that very clear from the beginning,” he said. “If they (the health authority) want us to buy a system we build the redundancy – if we need two servers, we get two servers.”
The SERHA also has two data centres within the same facility at opposite ends of the campus, he said. The assumption Lirette is operating on is not that he would lose the entire facility but that he would lose a piece of the IT infrastructure while the rest of the organization operates normally.
“That’s where we’re going to be in trouble, because if the rest of the organization operates normally and we lose a certain component of our IT infrastructure, we need to be prepared for that.”
Lirette added the spectre of a pandemic flu poses scenarios he originally hadn’t thought of, such as the HR component.
“Even if our systems are operational, if our HR systems are in crisis — it could be a labour issue or a pandemic flu — the mobility of those workers (is) very important.”
To deal with the possibility of mass absenteeism, the SERHA implemented ROAM, a secure remote access and communications infrastructure from St. John, N.B.-based Anyware Group that includes an integrated desktop portal, SSL VPN security and role-based identity management.
The health-care facility first found out how effective it was to provide remote access during a labour dispute in September 2004, he said.
“We had just introduced the remote access service, and not everybody was on it,” said Lirette, who proposed providing the service to managers as an alternative to having to cross picket lines to provide the required reports to the province.
“Within an hour and half we had 150 managers using remote access, and the interesting part is as a result 70 per cent of them are still using it and they love it.”
In the event of a flu pandemic, only authorized IT staff will be allowed on site.
“IT doesn’t need to be in the hospital in the case of a flu so we had to figure out ways to plan for that,” he said. “We know our services are going to be taxed — we’re taxed now, so imagine if we have a pandemic flu.”
Most IT staff already have remote access, but those who don’t can be set up quickly because the ROAM system is linked to the organization’s Active Directory. Help desk calls will be forwarded to home phones, and the whole system can be monitored remotely.
“Our first priority is to keep our systems with as much integrity as possible and they’ll remain online and available as long as conditions permit,” he said.
To ensure everything works according to plan, the SERHA has invested in two dedicated 10MB pipes to the Internet from separate providers. If one fails, the other takes over.
“We did that because more and more we depend on our data infrastructure to communicate with our workers,” he noted. “Our primary-care physicians are not on the network, they come through the Internet. Hopefully the technician keeping the pipes open is not too sick.”
Although one audience member questioned the availability of the Internet in the event of a pandemic if everyone is trying to work from home, that shouldn’t be an issue, said Lawrence Surtees, vice-president and principal analyst, communications research at IDC Canada Ltd.
“Carrier class service provider networks are engineered to peak demand,” he said in an interview with ITBusiness.ca. “Hypothetically, if the entire working population of a city was ordered to stay at home — and that would be an extraordinary thing – would some access points choke up and slow down? Maybe.” But they would be unlikely to fail, he said.
Gerry Verner, CEO of Anyware Group, who also spoke at the session, said while the world in general has begun to wake up to the importance of pandemic planning, most Canadian organizations do not yet have a specific plan in place, specifically connecting remote employees to the work place.
“The traditional focus has been around buildings,” he said. “But if you take a broader perspective what’s really important is your remote access to your IT resources.”
While a pandemic flu has been the focus of much disaster planning recently, there are many mini-situations that occur that force organizations to operate differently, he said.
“So whether it’s a global scale or localized situation these are things we need to make sure we’re ready for and have the technology in place to deal with.”
Comment: info@itbusiness.ca