Recently, I was talking with a colleague about a challenge he was having in his department. He was concerned that he was finding it increasingly difficult to find a time when he could take portions of the network down to perform maintenance, such as patching, updates, and minor fixes.
In healthcare IT, the network is the heartbeat of the organization. Like a human heartbeat, it must remain constant, it cannot suddenly run erratically, it cannot stop. It is constantly available and everything associated with this electronic heartbeat relies on it completely.
It's easy to be lulled into a false sense of security in healthcare organizations where IT runs well, where the only down times are scheduled down times, where service is predictable, steady and constant. End users expect the network to be up, because it always is (and yes, this feels very scary to write because like every seasoned IT professional, I am highly superstitious when it comes to mentioning that things might be going well.)
IT excellence is expected, almost demanded, these days. And that's fine because the evolution of technology has provided so many more tools to use to keep things up-and-running. Virtualization has removed single server point of failure. Network virtualization, storage virtualization, cloud computing - all have contributed to our ability to provide highly reliable, highly available IT solutions to our end users. That's the good news.
The bad news is that our end users may have become a bit rusty in their down time skills. What do nurses do in ICU or in the nursery when the Electronic Medical Record (EMR) is not available? How do surgeries proceed if images are not available on the OR monitors? How do you manage medications or lab orders when there's no electronic system to manage them?
If you're like most healthcare IT departments, you do EMR upgrades in the middle of the night to inconvenience the fewest number of people...but there's a good chance those third shift folks simply 'wait it out' when you have a scheduled down time or an upgrade. They don't run their backup reports, they don't practice down time procedures. They wait until systems are back online. And we (in the industry) really don't want to run a down time drill at 11am during the highest time of admits and discharges, now do we?
As IT leaders, we need to gently remind our organizational counterparts that we need to prepare for the worst. Whether it's a network outage, a cloud-connectivity problem, or a ransomware attack, we need to prepare to provide care without computers.
It's ironic that just about a decade ago, many people were lamenting the need to use an electronic medical record and now, organizations can't run without them. We've turned the corner, but we need to make sure we're still practicing skills needed to keep patients safe and continue to provide care no matter what.
Do you practice disaster drills? Do they ever include having no access to email, VoIP phones, network, Internet, applications or the big dog, the EMR? Might want to give that some thought.