I. PURPOSE:
The purpose of this standard is to protect the safety of our workforce members and mitigate potential risk(s) that could materially affect the ability of the facility to remain operational and/or continue service.
II. DEFINITIONS:
A. “Administrators” means the individuals responsible for the technical administration of information assets, including networks, systems, applications, and databases.
B. “Facility Leadership” means the individuals responsible for the management at a Tenet Facility, including, but not limited to, the CEO, CFO, CIO, CNO, COO, Compliance Officer, Regional Privacy Officer, or their designated appointees. C. Additional capitalized terms used herein are defined in the Information Privacy
& Security Glossary of Definitions.
III. STANDARD:
This standard defines the minimum requirements to plan for the identification, protection, and recovery of critical information assets in the event of a disaster. These documents serve as a supplement to the Facility’s Disaster Recovery Plan (DRP). Tenet Facility Leadership will develop, implement and maintain a comprehensive Contingency Planning Program.
A. Contingency Planning Program
Each Tenet Facility is responsible for developing, implementing and maintaining a comprehensive Contingency Plan. The Contingency Plan must encompass, but is not limited to, the Data Criticality Analysis, Data Backup Plan, Emergency Response Plan, Business Continuity Plan and Disaster Recovery Plan.
The Contingency Planning Program must consist of six major components. Each is discussed in greater detail in Section IV. Procedure.
Data Criticality Analysis (DCA)
Data Backup Plan (DBP)
Emergency Response Plan (ERP)
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
B. The following standards must be agreed-upon and approved by Tenet Facility Leadership:
1. A Contingency Planning Program budget must be allocated to support plan development and maintenance
2. A Key Disaster Scenario must be defined and used as the basis to design, develop, activate and execute the Contingency Plan (CP)
3. Contingency Planning Program administrators must be entrusted with the responsibility to develop, implement, maintain, test and execute a Data Criticality Analysis, Data Backup Plan, Business Continuity Plan, Emergency Response Plan, and Disaster Recovery Plan
4. Key Disaster Scenario
The Key Disaster Scenario must be used as the basis to design and develop the Contingency Plan. The Key Disaster Scenario represents the worst-case conditions of a disaster, which:
a. Is severe in magnitude
b. Occurs at the worst possible time
c. Inflicts majority loss of critical resources to conduct business d. Requires implementation of the CP
5. Budget Requirements
The principal budget requirements are for labor, supplies and services to fulfill component obligations of the Contingency Planning Program; specifically to develop and implement the:
a. Data Criticality Analysis b. Data Backup Plan
c. Business Continuity Plan, Emergency Response Plan and Disaster Recovery Plan
d. Contingency testing plan, including testing for the BCP, ERP and DRP
g. Other potential network, hardware and software in support of the Contingency Planning Program
6. Emergency Response Team (ERT)
The ERT is the key disaster recovery team and is activated in the initial phase of an emergency. The ERT’s primary roles during a disaster include: a. Ensuring the safety of individuals
b. Providing initial response review
c. Making decisions regarding the level of disaster response
d. Planning, coordinating, exercising, managing and maintaining the Contingency Plan
e. Coordinating plan development, response and recovery with all department managers.
Prior to an emergency, the ERT must approve the recovery resources and procedures documented in the BCP, ERP and DRP. The ERT must include management from the following areas:
Administration (CEO, COO) – Chairperson
Regional Privacy Officer and Compliance Officer
Information Security Officer
Information Systems Facility Security Human Resources Accounting (CFO) Public Relations IV. PROCEDURE:
A. Data Criticality Analysis (DCA)
Each Tenet Facility is responsible for conducting a DCA to identify essential business functions that must be recovered in the event of a disaster for the Tenet Facility to remain operational. The DCA is used to identify mission critical applications and data sets so as to determine the recovery priority of this information in the event of a loss of availability.
The DCA may be used in conjunction with cost-benefit analysis to determine recovery strategies and to help target information that shall be backed up and relied upon in the event of an emergency.
1. Target Organization: Tenet Facility.
2. Task: Classify systems based on availability requirements, thereby identifying critical business systems required to recover.
3. Deliverable: Completed Data Criticality Analysis worksheet for all systems.
4. Primary Responsibility: Tenet Facility Leadership. 5. Secondary Responsibility: As delegated.
6. Frequency: Annually, upon addition of a new application, or after significant business change.
7. Components of the DCA:
a. List of business impacts (patient care impact, revenue loss, penalties, extra expenses) per function.
b. List of business impacts over time per function.
c. Availability ranking by category per application. Category designations should be made as follows:
(1) Category 4: Critical system that cannot be unavailable for any length of time. Redundant systems with full backups are required.
(3) Category 2: System that cannot be unavailable for longer than 72 hours. Backups must be retained at an off-site location from which they could be retrieved within 72 hours. Disaster recovery procedures must allow for recovery and restoration within 72 hours.
(4) Category 1: System that must be restored, but can be made unavailable for a period longer than 72 hours. Backups must be retained at an off-site location from which they could be retrieved within a reasonable amount of time. Disaster recovery procedures must document recovery and restoration procedures.
(5) Category 0: System that will not need to be restored following a disaster. Backups may be retained, but are not required. Disaster recover procedures may document recovery and/or restoration procedures.
B. Data Backup Plan (DBP)
Information essential to the Tenet Facility (as identified in the DCA and regardless of format) shall be backed up, stored in a secured facility away from the primary source location. This information must be available upon recall for recovery purposes (tape, compact disc, microfiche, film, video, paper, etc.) with procedures for the recall/recovery contained in the DBP. Each Tenet Facility is responsible for developing, implementing and maintaining a Data Backup Plan to document this process. See EC.PS.04.07 Backup Security Standard for more information.
1. Target Organization: Tenet Facility.
2. Task: Ensure that critical data has been regularly backed up and stored off-site in a secured location.
3. Deliverable: Data backups and documentation for critical function data, as identified in the DCA.
4. Primary Responsibility: Tenet Facility Leadership. 5. Secondary Responsibility: As delegated.
7. Components of the Backup Plan: a. Contact list
b. List of critical data c. Schedule of backups d. Retention periods
e. Off-site storage facility rotation schedule (See EC.PS.04.05
Technical Controls Security Standard for further information).
C. Emergency Response Plan (ERP)
Each Tenet Facility is responsible for developing, implementing and maintaining an ERP that lists critical resources and procedures to be followed beginning at the onset of a potential emergency(s) through the time a disaster declaration (initiation of the DRP) has been made. The ERP is to cover the handling of or dealing with, actual events as they are identified.
Example: fire, tornado, etc.
1. Target Organization: Tenet Facility.
2. Task: Develop, implement, test and maintain the ERP.
3. Deliverable: Procedures document outlining the initial response procedures following an emergency, but before a declared disaster.
4. Primary Responsibility: Tenet Facility Leadership.
5. Secondary Responsibility: Emergency Response Team (ERT) or as delegated.
6. Frequency: Annually, upon addition of a new application, or after a significant business change.
7. Components of the ERP:
a. Team Identification and Contact Lists (ERT, business function recovery teams)
d. Disaster Criteria
e. Notification Procedures f. Command Center Logistics g. Disaster Alert Procedures h. Disaster Declaration Procedures D. Business Continuity Plan (BCP)
Each Tenet Facility is responsible for developing, implementing and maintaining a BCP that outlines how the Tenet Facility should continue to conduct critical business operations while recovering from an emergency and/or declared disaster. The BCP is to cover those steps to be followed to specifically maintain or continue operations when an adverse event(s) would otherwise impact the function(s) of a facility. This may or may not be in relationship to an emergency. Example: post-fire / tornado, staff shortage/illness, supplies, etc.
1. Target Organization: Tenet Facility.
2. Task: Develop, implement, test and maintain the BCP.
3. Deliverable: Procedures document outlining how the Tenet Facility should continue business operations for systems with critical data, as identified in the DCA.
4. Primary Responsibility: Tenet Facility Leadership.
5. Secondary Responsibility: Emergency Response Team (ERT) or as delegated.
6. Frequency: Annually, upon addition of a new application, or after a significant business change.
7. Components of the BCP:
a. Team Structure – Team Leader and alternates, team members, contact numbers
b. Team Notification Procedures
E. Disaster Recovery Plan (DRP)
Documented procedures to restore and recover the Tenet Facility’s critical information assets shall be developed, implemented and maintained for each facility. The DRP shall list resources and recovery procedures for critical systems. This includes systems supported outside the Tenet Facility, as well as those critical systems provided by and/or managed by Tenet.
1. Target Organization: Tenet Facility Information Systems Providers (internal and external).
2. Task: Develop, implement, test and maintain the DRP.
3. Deliverable: Procedures document for recovery and restoration of systems following a disaster.
4. Primary Responsibility: Tenet Facility Leadership. 5. Secondary Responsibility: As delegated.
6. Frequency: Annually, upon addition of a new application, or after a significant business change.
7. Components of the DRP:
a. Team Structure – Team Leader and alternates, team members, contact numbers
b. Team Notification Procedures c. Location of Recovery Facilities
d. Backup Tape Requirements and Retrieval Processes e. response Procedures for critical systems
f. Recovery Procedures for critical systems g. Resumption Procedures for critical systems
h. Restoration and Return Procedures for critical systems F. Contingency Testing Plan (CTP)
this documentation will be the date and scope of each exercise/test validating the procedures of the tested plans
1. Target Organization: Tenet Facility.
2. Task: Test the facility’s Contingency Planning Program.
3. Deliverable: Procedures document outlining the process used to test the facility’s Contingency Planning Program.
4. Primary Responsibility: Tenet Facility Leadership. 5. Secondary Responsibility: As delegated.
6. Frequency: Annually. 7. Components of the CTP:
a. Procedures to review the DCA to ensure that all systems are represented and appropriately categorized.
b. Procedures to review the DBP to ensure that all appropriate systems are included in the plan. Test the DBP to ensure that systems are backed up in accordance with the plan, and that backup media can be retrieved within an acceptable period of time. c. Procedures to review the ERP to ensure that procedures contained
therein are relevant and appropriate.
d. Procedures to review the BCP to ensure that all appropriate systems are included in the plan. Test the BCP to ensure that adequate documentation (paper documents) are available in the event of a disaster, and that business continuity processes are effective.
e. Procedures to review the DRP to ensure that all appropriate systems are included in the plan. Test the DRP to ensure that the recovery facility is accessible, contact lists are current, team structures are current, backup tapes are available, and response, recovery, resumption, and restoration procedures are documented for all appropriate systems.
G. Contingency Plan Maintenance
The Tenet Facility’s Contingency Plan should be updated whenever the need for changes is identified. These updates should be approved using a structured approval process, as outlined by Tenet Facility Leadership. Typically, updates should be made after the annual contingency plan testing, after installation of a new system, or after a significant business change.
H. Awareness and Training
Appropriate personnel should be trained on the Tenet Facility’s contingency planning procedures. Documentation should be maintained for all training classes conducted.
V. IMPLEMENTATION:
A. Tenet Facility WITHOUT Regional Privacy Officer
1. The Tenet Facility Compliance Officer, Tenet Facility Information Security Officer, and Tenet Facility Compliance Committee are responsible for distribution and oversight of Information Privacy and Security Program Standards at the facility level.
2. Tenet Facility will
a. Adopt this standard and where necessary develop specific written procedures in order for the Tenet Facility to operationalize this standard;
b. Develop appropriate methods to monitor adherence to the written procedures; and
c. Report monitoring activity to the Tenet Facility Compliance Officer and Tenet Facility Information Security Officer.
B. Tenet Facility WITH Regional Privacy Officer
2. Tenet Facility will
a. Adopt this standard and where necessary develop specific written procedures in order for the Tenet Facility to operationalize this standard;
b. Develop appropriate methods to monitor adherence to the written procedures; and
c. Report monitoring activity to the Regional Privacy Officer. C. Home Office
1. Tenet’s Information Privacy/Security Office will work with the Tenet Facility Compliance Officers, Tenet Facility Information Security Officers and Tenet Facility Compliance Committee to develop, maintain, and update procedures and standards for protecting the privacy of PHI and other Confidential/Proprietary information and affording patients their rights with respect to their PHI.
2. Tenet Home Office and Tenet Regional Offices must incorporate these standards into their specific policies and procedures where necessary.
VI. REFERENCES:
- EC.PS.01.00 Information Privacy and Security Administration Policy
- EC.PS.04.00 Information Security Policy
- EC.PS.04.07 Backup Security Standard
