ComplyAssistant to speak on preparing an organization’s downtime plan past 72 hours at the NJ HIMSS and NJ HFMA Fall Conferences

Posted by Ken Reiher

Gerry Blass (President & CEO, ComplyAssistant), Rick Lang (Vice President and CIO, Doylestown Health System), Jim Cavanagh (Principal Consultant, Executive Healthcare Consulting), and John Hueter (Chief Executive Officer, Digital Health Consulting, LLC) are scheduled to speak at the New Jersey Delaware Valley 2022 Fall Conference on October 13, 2022 and the New Jersey & Metro Philadelphia HFMA Annual Institute on October 26, 2022. A summary of their presentation can be found below. If you would like to register for the New Jersey Delaware Valley 2022 Fall Conference, click here.

The challenge: Recognizing that many Business Continuity plans and responses are geared to a relatively short timeframe of 2-3 days and understanding that modern cyber threats can cause much longer outages, preparing the organization to think beyond a 72-hour outage is becoming increasingly important.

Background on Doylestown Hospital:

Doylestown Health provides a network of care, serving patients and families in the northern suburban communities of Philadelphia, including Bucks and Montgomery Counties in Pennsylvania and Hunterdon and Mercer Counties in New Jersey.

Doylestown hospital has experts in over 50 specialties offer the latest therapies for common and complex health conditions. Doylestown Health is also proud to provide retirement and long-term living options in Bucks County, PA through the Pine Run Community.

Doylestown Hospital: the flagship of Doylestown Health, is part of a clinically integrated system of inpatient and outpatient healthcare services.

Key components that make up the Doylestown Hospital family include:

  • Doylestown Health Physicians
  • Urgent Care
  • Doctors’ Offices
  • Emergency Services
  • Health and Wellness Center
  • Outpatient Imaging and Testing
  • Home Setting
  • Pine Run Retirement Community

Goal for the Business Continuity Plan:

The goal of the Business Continuity Plan is not to prevent the attacks but to document how each department will function as the IT systems continue to be down for over 72 hours.

The Process:

Doylestown Hospital has already developed an Emergency Management Plan, an Incident Response Plan and a Disaster Recovery Plan (for IT), and a process with policies and procedures to address Cybersecurity. Following a Cybersecurity exercise in 2020, Doylestown Hospital decided they needed to pursue a Business Continuity Plan that addresses how departments, and the hospital will function if a disaster or cybersecurity event continues to cause departmental system outages beyond 72 hours. Recent long-term outages at Vermont health system and Universal Health System demonstrated that both natural and cybersecurity incidents can cause significant outages that can have a major impact on health systems.