COVID-19: Business Continuity Lessons Learned

Posted by Ken Reiher

ComplyAssistant’s President and CEO, Gerry Blass, and Dana Penny, Chief Compliance Officer for The New Jewish Home in New York, were interviewed by on their insights regarding business continuity and disaster recovery, as lessons learned from the COVID-19 pandemic. Listen to the full podcast on

Not only did the COVID-19 global pandemic change the way care is provided, it changed how security and compliance programs needed to be structured, especially with regard to disaster preparedness and business continuity. Though healthcare organizations typically have disaster recovery and business continuity (DR/BC) plans in place, it can often be difficult to operationalize those plans when a disaster arises. Lack of budget and lack of resources to carry out the plan can hinder a healthcare organization’s response. And, updating existing plans may get overlooked in the day-to-day activities of running a business and caring for patients.

However, the COVID-19 pandemic – for better or worse – helped shed new light on DR/BC planning. Many of the steps that healthcare providers took to maintain business continuity during the pandemic can also be used when developing or updating broader disaster recovery plans, such as those used after weather-related events or cybersecurity events.

In this podcast with, Dana Penny, Chief Compliance Officer at The New Jewish Home, gives insight into how he and his team addressed the unique disaster preparedness strategy needed for nursing homes. Dana discusses how the organization needed to limit onsite staff but enable communications so they could work from home or from other sites. This was quite different from the business continuity procedures for weather-related emergencies, which are generally focused on getting staff to their facilities. In addition, the team at The New Jewish Home also had to move quickly to enable patients to communicate remotely with their families.

Dana also speaks to new considerations in relation to telehealth and phishing emails that evolved during the pandemic. In this regard, Gerry Blass, President and CEO of ComplyAssistant, also touches on the “numbers game” of security and compliance, and how telehealth and other technologies implemented during the pandemic only served to increase the volume of locations of electronic protected health information (ePHI). Gerry describes the different locations of ePHI to consider and include in a DR/BC plan, and the need to make sure healthcare organizations have a complete and updated inventory of those locations.

Finally, in the podcast, Dana and Gerry share their lessons learned during COVID-19 which can then be applied to other types of disasters, including:

  • Making sure your organization’s staff is safe and that they can communicate with each other
  • Have equipment available that doesn’t depend on WiFi.
  • Update your DR/BC plans and game them out so you can determine where you may have gaps.
  • Train the workforce so they are continually aware of new and emerging threats that may come their way.

For more on disaster preparedness, check out these resources: