business continuity tactical level plan green module three ... · business area description ehealth...
Post on 31-May-2020
3 Views
Preview:
TRANSCRIPT
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 1 of 31
Business Continuity Tactical Level Plan Green Module Three
Summary of Essential Services and Strategies for a Disruptive Event Module for eHealth
Important: If you think a disruptive event has occurred (or suspect there may be) within eHealth then FIRST refer to this module Green Module 3 - Summary of Essential Services and
Strategies for a Disruptive Event for eHealth
Unique ID: Tactical Level Plan Author (s):
Category/Level/Type: Authorised By:
Status: Approved Version:
Date Authorised: Review Date:
Date added to CC folder:
Keywords:
Comments:
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 2 of 31
Contents Page
Document Location 4
Revision History for all modules of eHealth Plan 4
Approvals 4
Distribution of Plan 4
Policy Statement 5
Tactical Level Teams Roles & Responsibilities during a disruptive event 6
Tactical Management Team function 8
Location of Tactical Control Room 9
Call out of staff 9
Business Area Description 10
Business Area Organisational Chart 10
Summary of Business Area Essential Services 11
Interdependencies of Essential Services 15
Strategies for Disruptive Events - eHealth 16
Business Continuity Strategies for Access or Damage to premises 17
Business Continuity Strategies for Loss of Key Staff/Skills 19
Business Continuity Strategies for – Loss of Data/ Critical Systems 21
Business Continuity Strategies for – Loss of Equipment 24
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 3 of 31
Business Continuity Strategies for – Loss of Key Suppliers/Resources (internal departments and external stakeholders) 25
Business Continuity Strategies for – Failure of Utilities 26
Communication Check List 27
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 4 of 31
Document Location The source of the document will be found on the Z:\Civil Contingencies\BC\Generic Business Continuity Plans Revision History for all modules of eHealth Plan
Release date Version Summary of Changes
1.0 1st draft of document
2.0 Adoption of new Modular Template
01/11/2011 3.0 Review of Plan
01/11/2012 4.0 Review of Plan
Aug 2013 5.0 Updating Plan
Sept 2014 6.0 Updating hyperlinks on Plan, addition of 7 new Operational Plans
Sept 2015 7.0 Minor amendments to names, hyperlink update
Approvals This document requires the following approvals
Name Signature Title Date of issue
Version
Martin Egan Director of eHealth
11/11/2012 4.0
Iain Robertson Head of Operations & Infrastructure
11/11/2012 4.0
Martin Egan Director of eHealth
Aug 2013 5.0
Alex McMahon Director of Strategic Planning
Aug 2013 5.0
Martin Egan Director of eHealth
Sept 2014 6.0
Alex McMahon Director of Strategic Planning
Sept 2014 6.0
Martin Egan Director of eHealth
Sept 2015 7.0
Alex McMahon Director of Strategic Planning
Sept 2015 7.0
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 5 of 31
Distribution of Plan This document has been distributed to:
Name Department Date of issue Version
Martin Egan eHealth 11/11/2012 4.9
Iain Robertson eHealth 11/11/2012 4.0
Julie Drysdale Business Continuity 11/11/2012 4.0
Martin Egan eHealth Aug 2013 5.0
Wayne Clemitson eHealth Aug 2013 5.0
Julie Drysdale Business Continuity Aug 2013 5.0
Alex McMahon Strategic Planning Aug 2013 5.0
Martin Egan eHealth Sept 2014 6.0
Wayne Clemitson eHealth Sept 2014 6.0
Julie Drysdale Business Continuity Sept 2014 6.0
Alex McMahon Strategic Planning Sept 2014 6.0
Martin Egan eHealth Sept 2015 7.0
Wayne Clemitson eHealth Sept 2015 7.0
Andrew Elliott Resilience Sept 2015 7.0
Alex McMahon Strategic Planning Sept 2015 7.0
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 6 of 31
Policy Statement In the event of a major disruption to service, once all health and safety issues have been addressed, we will strive to ensure resilience and continuity of service to the community. Accordingly a business continuity strategy has been developed and is set out in this plan. The health and safety of our patients, our communities, our staff, visitors and contractors are of paramount importance at all times. In addition the protection and preservation of our reputation, the standard of our health services and our support facilities are key to our continued operations when managing a disruptive event. The purpose of this business continuity plan is to ensure a near as normal provision of service. It is essential that the Business Continuity plan is effective and so will be managed through our Change Control procedures. Signed: Name: Date:
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 7 of 31
Tactical Level Teams Roles & Responsibilities during a disruptive event Note: The nature of the incident and its impact will determine which departmental eHealth Team will be involved. eHealth Operations & Infrastructure
Role Primary Role Holder Alternate For Info – Strategic Lead Iain Robertson Customer Services Tactical Officers David Denholm Team Leaders Deputy Tactical Officer Team Leader of
disrupted area N/A
Administrator Cath Watson Marion Tague Problem Solver(s) Technical Staff within
disrupted area N/A
Media Specialist Communications Team Communications Team Technical Services Tactical Officers Gavin Greig Team Leaders Deputy Tactical Officer Team Leader of
disrupted area N/A
Administrator Cath Watson Marion Tague Problem Solver(s) Technical Staff within
disrupted area N/A
Media Specialist Communications Team Communications Team Sys Admin Tactical Officers Wayne Clemitson Team Leaders Deputy Tactical Officer Team Leader of
disrupted area N/A
Administrator Cath Watson Marion Tague Problem Solver(s) Technical Staff within
disrupted area N/A
Media Specialist Communications Team Communications Team Security/IT Governance Tactical Officers Tracey McKinley Tiziano Donvito Deputy Tactical Officer Tiziano Donvito IT Security Team Administrator Cath Watson Marion Tague Problem Solver(s) Technical Staff within
disrupted area N/A
Media Specialist Communications Team Communications Team
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 8 of 31
Telecommunications Dept
Role Primary Role Holder Alternate Tactical Officer Wilma Cameron Duty Telecomms Manager
Deputy Tactical Officer Mark McCloskey Operations Manager Message Filter Diane Crolla Vacant Post Administrator Telecomms Admin Telecomms Admin Problem Solver (s) Anne Aslankilinc Derek Harvey Media Specialist Communications Team Communications Team eHealth Health Records
Role Primary Role Holder Alternate For Info – Strategic Lead Maureen Masterton Tactical Officers Health Records
Manager for the Affected Site
Deputy Tactical Officer Deputy Health Records Manager for the Affected Site
Administrator Rhona McMillan Problem Solver(s) Staff within Affected
Area
Media Specialist Communications Team Communications Team
eHealth Programmes & Development
Role Primary Role Holder Alternate For Info – Strategic Lead John Sturgeon Programme Managers Tactical Officers Programme Managers Senior Project
Managers Deputy Tactical Officer Senior Project Manager
of disrupted area Project Manager of disrupted area
Administrator Angela Thompson Project Officer of disrupted area
Problem Solver(s) Project Team N/A Media Specialist Communications Team Communications Team
Action Cards are located in Module Two: Management Response Structure and Action Cards for a Disruptive Event. Along with guidelines of Notification and Invoking Business Continuity Plans. Tactical and Strategic responders will determine how to respond to the incident and whether other plans should be activated
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 9 of 31
Tactical Management Team Function The Tactical Management Team will:
Monitor the changing needs of response
Gather the analysis information and intelligences (sit-rep report)
Assess risks and balance tasks and risks
Plan and co-ordinate tasks to be undertaken
Determine priorities for allocating resources
Inform and advise strategic managers
Implement decisions taken by strategic managers
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 10 of 31
Location of Tactical Control Room The Tactical Officer should request that:
Control room(s) are accessible (un-locked)
Essential equipment is available
Essential information is available (e.g. plans and contact details)
Other responders are aware of the location and contact details
Command Centre details for a Business Continuity Disruptive Incident
Location of Command Room (For interruption to Business Continuity)
Telephone Number(s)
Fax Number
Email address to be used
Main Command Centre – IT SupportDesk
0131 536 5959 (85050)
01506 523331
David.denholm@nhs.net
Escalation Command
Astley Ainslie, Woodlands House Annexe, eHealth Meeting Room
0131 446 4598 (44598)
0131 446 4596
(44596)
Wayne.clemitson@luht.scot.nhs.uk
WGH eHealth Offices
0131 537 1164 or 01506 523347
0131 537 3394
Gavin.greig@nhs.net
St John’s Hospital eHealth Meeting Room
01506 523447 01506 523331
Martin.egan@nhs.net
Out of Hours Lauriston switchboard
0131 536 3634
eHealth OOH Duty Manager
Call out of Staff The tactical officer(s) will provide support staff with a list of people to be called out from their area, along with the following information:
Names of job titles of individuals required
Very brief account of the incident, including who is leading the response and how they can be contacted
Specific actions, information or equipment needed in advance of the meeting
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the
latest version
Page 11 of 31
Business Area Description
eHealth is managed by the department director Martin Egan.
The department provides IT resources to the whole of NHS Lothian with such services as eHealth Service Desk , Health records, Telecomms, Programmes,
Development and Support and IT training.
The eHealth department is structured into three teams,
Health Records (formerly known as Medical Records) Responsible for the administration of inpatients, outpatients, waiting lists, case note libraries, coding diagnoses, submitting government statistics and legal enquiries.
Operations and Infrastructure Responsible for the buying, installing and supporting of IT equipment and applications and Telecoms. Includes customer service, system administration, security and Telecoms teams.
Programmes and Development and IT Training
For example Patient Focused booking and Outpatient Waiting Lists
Business Area Organisational Chart
See http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/ehealthdocs/Documents/eHealth%20Structure%20May%202013%20v3.1.pdf For full eHealth Organisation Chart
Director of Health
Head of Operations
& Infrastructure
Head of Programmes
& Development Head of Health
Records
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 12 of 31
Summary of Business Area Essential Services
Functions/Services/Single Points of Failure
Essential/Emergency services Non Essential/ Elective Scheduled
PROGRAMMES & DEVELOPMENT
http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/programmesandprojects/Pages/default.aspx
Programmes
Projects
Development
Training http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/Training/TRAKCourses/Pages/LocumDoctors.aspx
HEALTH RECORDS http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-
Z/ehealth/healthrecords/Pages/HealthRecords.aspx
Admissions / Discharges / Transfers
http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/policiesandprocedures/PP%20Health%20Records/eHealth%20-
%20Health%20Records%20Policy%20PP23%20-%20General%20Admissions%20Proc.pdf
Outpatients
CHI
Merges
Coding http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/policiesandprocedures/PP%20Health%20Records/eHealth%20-%20Health%20Records%20Policy%20PP32%20-%20Manag%20of%20Clinical%20Coding.pdf
Referrals
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 13 of 31
Functions/Services/Single Points of Failure
Essential/Emergency services Non Essential/ Elective Scheduled
OPERATIONS & INFRASTRUCTURE
Telecomms http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/TelecomsDepartment/Pages/UserGuides.aspx
Voice http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/TelecomsDepartment/Pages/PhoneConferencing.aspx
http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/TelecomsDepartment/Pages/UserGuides.aspx
http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/TelecomsDepartment/Pages/PhoneConferencing.aspx
http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/TelecomsDepartment/webconferencing/Pages/default.aspx
X:\Telecomms\User guides\Voicemail Instructions.pdf
Video http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/TelecomsDepartment/Videoconferencing/Pages/default.aspx
Blackberry/Mobiles X:\Telecomms\Mobile phone info\Forms\New Blackberry request form.doc
X:\Telecomms\Mobile phone info\Forms\New Mobile phone.doc
Projects X:\Telecomms\Telecomms Business Continuity Plans\Business Continuity\Business Continuity Plans for telecomms\Business Continuity Plan- April 2010.doc
Disaster Plans X:\Telecomms\Telecomms Business Continuity Plans\Business Continuity\Business Continuity REH- April 2013.doc
X:\Telecomms\Telecomms Business Continuity Plans\Business
Continuity\Business Continuity RIE- April 2013.doc X:\Telecomms\Telecomms Business Continuity Plans\Business
Continuity\Business Continuity Rood lands- April 2013.doc X:\Telecomms\Telecomms Business Continuity Plans\Business
Continuity\Business Continuity St Johns- April 2013.doc X:\Telecomms\Telecomms Business Continuity Plans\Business
Continuity\HV - No Switchboard\Business Continuity - Hosted Voice with no Switchboard April 2011.doc
X:\Telecomms\Telecomms Business Continuity Plans\Business
Continuity\GP's & Health Centre's\Business Continuity - GP's & Health Centre's April 2011.doc
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 14 of 31
Functions/Services/Single Points of Failure
Essential/Emergency services Non Essential/ Elective Scheduled
OPERATIONS & INFRASTRUCTURE
Information Governance & Security
Data Protection http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/policiesandprocedures/PP%20Health%20Records/General%20Policy%20005%20-
%20NHS%20Code%20Of%20Practice%20Protecting%20Patient%20Confidentiality.pdf
Information Governance
IT Security http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/policiesandprocedures/PP%20Health%20Records/General%20Policy%20008%20-%20Security%20Policy.pdf
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 15 of 31
Functions/Services/Single Points of Failure
Essential/Emergency services Non Essential/ Elective Scheduled
OPERATIONS & INFRASTRUCTURE
System Administration
Directory Services http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/policiesandprocedures/PP%20Health%20Records/eHealth%20-
%20Technical%20Services%20Policy%20005%20-%20NHS%20Lothian%20User%20ID%20Request%20Form.pdf
http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/policiesandprocedures/PP%20Health%20Records/eHealth%20-
%20Technical%20Services%20Policy%20004%20-%20RequestSharedAreaForm.doc
Incident Management EHealth Service Continuity 2015.docm
eHealth Resilience Green Module Version 7 September 2015.doc
Operational BC Plans 2015.doc
GMS Primary Care
TRAK TRAK Resilience Plan 2015.doc
PiMS PiMS Resilience Plan 2015.doc
eAssess eAssess Resilience Plan 2015.doc
G2 G2 Resilience Plan 2015.docx
IIE IIE Resilience Plan 2015.docx
IIE BCP IAP Connectivity Diagram.pdf
IIE Resilience InterAgency Portal Hardware Build v1 0.xlsx
PARAGON P:\SysAdmin\Wayne SysAdmin\SysAdmin BC Plans\Nov 2014 Update\Plan Owners\Paragon Business Continuity Plan 2014.doc
NASH NASH Resilience Plan 2015.doc
ChemoCare & ChemoCare Reporting
ChemoCare Resilience Plan 2015.doc
ChemoCare Reporting Resilience Plan 2015.docx
Clinical Portal Clinical Portal Resilience Plan 2015.docx
ClinPortal Resilience Plan Scotland Architecture v2 1.vsd
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 16 of 31
iLab iLabs Resilience Plan 2015.doc
SCI-Store SCIStore Resilience Plan 2015.docx
SCI-Diabetes SCI Diabetes Resilience Plan 2015.doc
PACS PACS Resilience Plan 2015.doc
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 17 of 31
Functions/Services/Single Points of Failure
Essential/Emergency services Non Essential/ Elective Scheduled
Technical Services Servers \\wgh-app2\it\GROUP\ISD\Server Operations\System
Documentation
Networks – WAN \\wgh-app2\it\GROUP\ISD\Network Operations\All Site Info Lothian Networks - LAN \\wgh-app2\it\GROUP\ISD\Network Operations Projects \\wgh-app2\it\GROUP\ISD\Network Operations\Projects \\wgh-
app2\it\GROUP\ISD\Technical Services Projects\\wgh-app2\it\GROUP\ISD\PCNET\LANMAP\Firewall Documentation
Customer Services
Assyst HelpDesk http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/Training/non-
clinicalcourses/Documents/assyst%20Quick%20Guide%20v10%20-%20Nov%202010.pdf
Desktop support
Projects (e.g. COBIT)
Clinical Information
Referrals
Clinical Informatics
Data Sharing Partnership
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 18 of 31
Business Area
Internal Departments
Section 9 Interdependencies
Within Business Area - eHealth
Essential Services/Functions: WAN LAN
Hardware - Servers Hardware - Desktops
TRAK iLabs
PACS / Radiology Telecomms Systems
SCI-Gateway SCI-Store
Xxxx
Xxxx
RIE WGH St Johns Lauriston Building REH RHSC Waverley Gate Roodlands GP Practices & Health Centre’s
Premises Staff/Skills Data/Critical Systems
Equipment Key Suppliers/ Resources
Utility
Services Finance
Strategic Mgmnt Operational Mgmnt Clinical Information Operationws & Infrastructure Health Records Programmes & Development
HR Staff Side – Unions Estates Telecomms
LWAN TRAK iLabs PACS/ Radiology SCI-Gateway SCI-Store eAssess CP Online NASH Immediacy PIMS, ChemoCare, SCI Diabetes Various Telecomms Systems/Directories
Finance HR
TRAK iLabs SCI-Gateway SCI-Store PACS
Servers SANS PCs Printers Phones Tablets PABX’s Networks
Estates Telecomms Labs
Procurement Finance Estates HR
BT, Intersystems CSC/Bluechip, EMC, NorthGate, Carestream, ATOS Origin DELL Netcall O2 Oricom EE JL Com
eHealth Communications Estates
Electricity Gas Water Oil Fuel – Petrol/Diesel Medical Gas
eHealth Budget for Procurement eHealth budget for staff
All Dept Areas who request services from eHealth
Scottish Government - Projects - Connections
Councils (DMZ University GP’s
Business
Area
Internal Departments
External Stakeholder
s/Partners
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 19 of 31
Business Continuity Strategies for a Disruptive Event – eHealth This section of the plan focuses on strategies which may be applicable if a disruptive situation has occurred as alternative working arrangements. What needs to be prioritised, what needs should be monitored, what impact alternative arrangements will have on the delivery of service, assignment of roles and responsibilities in order to achieve these. Strategies should be detailed enough to cover all component parts that are required to resume normal services.
Access or Damage to premises
Loss of Key Staff/Skills
Loss of Data/ Critical Systems
Loss of Equipment
Loss of Key Suppliers/Resources (internal departments and external stakeholders)
Failure of Utilities
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 20 of 31
Business Continuity Strategies for – Access or Damage to Premises
Actions and Considerations – Specific to eHealth A detailed Business Continuity Plan, with a section on this specific issue has been prepared for each Essential Service Only NHS properties where eHealth have a permanent staff presence are covered by this strategy. These are:- Astley Ainslie Hospital, Edinburgh EH9 2HL 56 Canaan Lane, Edinburgh EH10 4SG Lauriston Building, Edinburgh EH3 9HA Royal Edinburgh Hospital, Edinburgh EH10 5HF Royal Hospital for Sick Children, Edinburgh EH9 1LF Royal Infirmary of Edinburgh, Edinburgh EH16 4SA St Johns Hospital at Howden, Livingston EH54 6PP Waverley Gate, Edinburgh EH1 3EG Western General Hospital, Edinburgh EH4 2XU In most cases the tactical response will be dependent on the nature of the event and which services are provided from that location. During normal office hours eHealth Staff are accessible through the automated telecoms system by dialling 0131 536 1111 or internally on Ext.61111. Out with normal hours the On-Call eHealth Duty Manager may be contacted via the Lauriston Switchboard. Actions and Considerations – Generic to NHS Lothian:
Ensure the safety of those in the affected premises and vacate unsafe areas to temporary available accommodation.
Address alternative site working through appropriate NHSL Policies & Procedures link: NHSL Corporate – ER Assist Policies e.g. Adverse Weather/Major Transport Disruption.
Regularly maintain and risk assess building stock to target priority premises to support essential services and highlight any risks.
Minimise the damage to premises through the prompt Call-Out of Estates staff.
Comply with mandatory Fire and Health & Safety awareness and training.
In exceptional circumstances where premises compromised for extended period additional capacity could be negotiated with other Health Boards and Private Providers e.g. NHS Borders, NHS Fife, Golden Jubilee National Hospital, Spire.
An NHSL Facilities Helpdesk operates Mon to Fri ‘In Hours’ on Ext: 33333 and a 24/7 On-Call is available through switchboard. The RIE, PFI Helpdesk operates 24/7 Ext: 24242
Staff induction, on-going training and exercising will include awareness of BC Plans, helpdesks, key contacts, On-Call and escalation of issues
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 21 of 31
Business Continuity Strategies for – Loss of Key Staff & Skills
Actions and Considerations – Specific to eHealth A detailed Business Continuity Plan, with a section on this specific issue has been prepared for each Essential Service All eHealth management and operational staff are covered by this strategy. eHealth staffing is identified in organisational chart http://intranet.lothian.scot.nhs.uk/NHSLothian/Corporate/A-Z/ehealth/ehealthdocs/Documents/eHealth%20Structure%20v6.0%20May%202010.pdf
All non-essential, ad-hoc, planned maintenance and other services will be reviewed, prioritised and risk assessed in accordance with the appropriate clinical model and service delivery. If necessary all eHealth input to projects will cease.
Depending on the incident time frame, staff may be trained in other roles however particular care must be taken with H & S, statutory & legislative compliance and competency levels. Staff may move across operational boundaries but note that certain critical systems can only be worked on and certain tasks can only be performed by authorised persons. (e. g. IT engineers, Administrator Level passwords )
If necessary additional resources are available via term, service and professional contractors to support in-house teams. .
Actions and Considerations – Generic to NHS Lothian:
Minimise the loss of staff by reducing the risk of impact of preventable causes e.g. Infection Prevention & Control including good hand-washing techniques, antiseptic gel dispensers and flu vaccination programmes.
Ensure staff comply with Health & Safety advice in the workplace including the use of Personal Protective Equipment to prevent injury or illness.
Manage and plan staff leave throughout the year to prevent peaks and troughs of staffing to improve resilience and maintain services where challenged by unforeseen events e.g. severe weather, volcanic ash.
Ensure staff take regular leave throughout the year so they are rested, have a life work balance and have reserves to work flexibly during unforeseen additional demands.
Address absence, planned and unforeseen leave issues through appropriate NHSL Policies & Procedures. See link: NHSL Corporate – ER Assist Policies e.g. Promoting Attendance, Adverse Weather/Major Transport Disruption.
Expand the available pool of staff through targeted training to enhance specialist skills
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 22 of 31
Staff induction, on-going training and exercising will include awareness of BC Plans, helpdesks, key contacts, On-Call and escalation of issues
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 23 of 31
Business Continuity Strategies for – Loss of Data Critical Systems
Actions and Considerations – Specific to eHealth The list of Essential Services is detailed in Section 9. A detailed Business Continuity Plan, with a section on this specific issue has been prepared for each Essential Service
The network may be exposed to various types of incident: i. Physical Disruption through accidental or deliberate damage
ii Denial of Service through “malware” or email attack. Disruption through Damage Whilst it is possible that elements of the Wide Area Network (WAN) could be subject to an terrorist attack occurring at, or close to a building where one of its numerous switches are based, disruption of the service is most likely to be achieved by a person accidentally cutting through a cable during road maintenance. There is by the nature of the WAN, sufficient redundancy on routing between the main sites to avoid total loss of services to all sites. Should such an event occur the most likely occurrence would be an apparent slowdown of access to the various systems. Should this occur, a warning will be sent to all users to reduce email traffic to a minimum and restrictions would be placed on access to the internet. The WAN is maintained by Capita (NSS manage the contract) as part of the Scottish Wide Area Network (SWAN). It is possible that some health centre or community hospital which have only a single connection from the WAN might be isolated and lose connectivity whilst repairs are carried out. All network communication and node rooms containing network switches and other devices are to be locked and access to those rooms restricted. An access list is to be maintained. Contractors or other unauthorised staff are accompanied whilst in these areas. Denial of Service A denial of service attack can be initiated through a number of events; the introduction of a Virus, Trojan or Worm into the network from sources including, external email, CDs, Pensticks and other USB storage devices. It can be triggered by a member of staff creating a chain email and it being forwarded to and from other staff. This effect simulating heavy traffic can also be produced by some “spyware” being introduced to a PC whilst the user is on the internet. To reduce and mitigate the effect of such attacks NHS Lothian has a number of defences in place including; Intrusion Detection Systems, anti virus (AV) applications, restricting the number of staff able to send “everyone” emails, restricting access to the network to NHS devices and NHS approved organisations, only allowing staff access to USB devices after a clear business or clinical need has been established.
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 24 of 31
NHS Lothian also filters incoming and outgoing mail for known virus definitions and blocks certain types of files which are known to present an increased threat to its services. This functionality is described at Appendix 2. All NHS Servers and PCs attached to the network are to have active NHS Lothian provided AV applications running to prevent virus or other attack Clinical Systems All the major clinical systems are server based and the servers are to be situated within Server rooms. The server rooms are to be locked and access controlled. An access list is to be maintained and a record is to be kept of all staff entering the server room. Where entry is via a swipe card the entry log must show who entered the room and when they did so. Contractors and others not on the access list are not to be allowed un-supervised access to the server rooms. All servers should be connected to either an individual or room served, Uninterruptible Power Supply (UPS). The UPS is to be capable of allowing a controlled or managed shutdown of the server(s) in the event of a loss of power. The UPS when it is activated should be capable of sending a warning message to an IT Support team. Server rooms are to have air-conditioning fitted wherever necessary to allow the servers to operate within their optimum temperature range regardless of the outside temperature. Servers All servers are to be backed up in an approved cycle. This cycle should provide the ability to restore both the operating system and the data in the event of a failure. The back up media is not to be left with the server but removed and placed in a different location. Where systems are deemed to be critical, a secondary or back up server is to be provided which will automatically take over the role of the primary in the event of its failure. This secondary server should ideally be in a different location to the primary Where a secondary server is not available a risk assessment is to be carried out on the effect of the loss of the server and those results held within the NHS Lothian or Operating Division Risk Register. The NHS Lothian Server team is to carry out a full restore of all critical servers annually. Where a contract exists for the provision of server hardware in an emergency, this is to be rehearsed, if necessary in the contractor’s premises and the operating system back up and the data restored within the agreed time limits. Each restore is to be logged and a report produced highlighting any issues raised
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 25 of 31
and the remedial actions required. Vision and EMIS Practices should ensure that their supplier conducts checks on their back ups twice each year. Each contract for a managed service of hardware for major clinical systems is to include an annual failover of that system
Actions and Considerations – Generic to NHS Lothian:
Contacts are accessible through the automated telecomms systems by dialling 0131 536 1111 or internally on Ext: 61111.
All staff referenced in Plans and On-Call Rotas are responsible for updating their telephone and email contact details via: -
a) NHSL Directory: RIE.TelecommsRequests@nhslothian.scot.nhs.uk and
b) Email properties: Service-Desk.eHealth@nhslothian.scot.nhs.uk
All main NHS Lothian IT systems including email, shared drives and intranet have regular back-up arrangements defined in eHealth plans.
EHealth systems are subject to regular testing to ensure contingencies are robust and data can be restored after an interruption.
An NHSL Facilities Helpdesk operates Mon to Fri ‘In Hours’ on Ext: 33333 and a 24/7 On-Call is available through switchboard. The RIE, PFI Helpdesk operates 24/7 Ext: 24242. Otherwise Ehealth & Telecomms staff operate a Helpdesk Ext: 85050 Mon – Fri ‘In Hours’ and provide 24/7 On-Call through switchboard for priority systems.
Staff induction, on-going training and exercising will include awareness of BC Plans, helpdesks, key contacts, On-Call and escalation of issues through the Speciality Bleep Holders, Clinical & Site Coordinators and the UHD EP & BC On-Call Policy as appropriate
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 26 of 31
Business Continuity Strategies for – Loss of Equipment Actions and Considerations – Specific to eHealth A detailed Business Continuity Plan, with a section on this specific issue has been prepared for each Essential Service. The eHealth equipment covered within this strategy is identified in Section 9 – Interdependencies and in most cases the tactical response will be dependent on the nature of the event and if the facility is occupied or unoccupied. Alternative equipment would be acquired in the event of an incident/disruption either through internal e.g. other departments or external sources. Where necessary service/term contractors may provide alternative equipment. Care would need to be taken to ensure that equipment was safe and meets any legislative requirements. NHS Lothian or national procurement departments would be recruited to assist in sourcing replacement/alternative equipment as necessary. If equipment cannot be replaced e.g. computers, then manual procedures or a work around would be put in place. Consideration may also be given to staff working from home or relocation. Strategically located independent (fallback) telephones are available on each major site.
Replacement/alternative telecom devices may be available from the Telecomms Department.
Actions and Considerations – Generic to NHS Lothian:
Key unique or expensive equipment will be supported by maintenance contracts for servicing, repairs and loan replacements during repairs.
Ensure equipment which is used infrequently has clear checking and maintenance arrangements e.g. to ensure this is in working order.
Clearly identify equipment which is dependent on an Uninterrupted Power Supply and location of sockets. Understand the duration of emergency supply whether Building or internal battery. Utilise time to safely remove patients from equipment or impacted area/s.
Instigate arrangements to store, track and use equipment safely and securely and prevent avoidable damage, misplacement or theft.
Control room kit includes conferencing phones which are used daily by the Site & Capacity teams and are available if control rooms are activated to manage business continuity disruptions
Staff induction, on-going training and exercising will include awareness of BC Plans, helpdesks, key contacts, On-Call and escalation of issues.
An NHSL Facilities Helpdesk operates Mon to Fri ‘In Hours’ on Ext: 33333 and a 24/7 On-Call is available through switchboard. The RIE, PFI Helpdesk operates 24/7 Ext: 24242. Otherwise Ehealth & Telecomms staff operate a
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 27 of 31
Helpdesk Ext: 85050 Mon – Fri ‘In Hours’ and provide 24/7 On-Call through switchboard for priority equipment.
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 28 of 31
Business Continuity Strategies for – Loss of Key Suppliers/Resources
Actions and Considerations – Specific to eHealth A detailed Business Continuity Plan, with a section on this specific issue has been prepared for each Essential Service The key suppliers/resources covered within this strategy are identified in Section 9 – Interdependencies. In most cases the tactical response will be dependent on the nature of the event and if a building is occupied or unoccupied. For general equipment and services within eHealth we are not reliant on a single supplier/contractor. Local and national procurement procedures are in place governed by Standing Financial Instructions (SFI’s). Negotiated contracts define that in an adverse incident/disruption then we (NHS) will be given priority. Also we are listed within their own business continuity arrangements. Contingency stocks against supply chain failure e.g. PCs, are held and managed locally. Emergency contact details for suppliers are held in local site specific operational emergency plans. PFI properties and services are supplied by a single “contractor” and as such are high risk.
Actions and Considerations – Generic to NHS Lothian:
Procurement of advance supplies with notice or predicted increase in demand
For plans for NHSL Suppliers including Procurement, see link: Generic Business Continuity Plans.
Instigate security arrangements to store and issue essential supplies safely and prevent avoidable damage or theft.
An NHSL Facilities Helpdesk operates Mon to Fri ‘In Hours’ on Ext: 33333 and a 24/7 On-Call is available through switchboard. The RIE, PFI Helpdesk operates 24/7 Ext: 24242. Otherwise Ehealth & Telecomms staff operate a Helpdesk Ext: 85050 Mon – Fri ‘In Hours’ and provide 24/7 On-Call through switchboard for priority equipment
Staff induction, on-going training and exercising will include awareness of BC Plans, helpdesks, key contacts, On-Call and escalation of issues.
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 29 of 31
Business Continuity Strategies for – Loss of Utility Services
Actions and Considerations – Specific to eHealth A detailed Business Continuity Plan, with a section on this specific issue has been prepared for each Essential Service The utilities covered within this strategy are identified in Section 9 – Interdependencies. Note: The utility supply companies regard hospitals and other health care and social services premises as priority users and give precedence to maintaining their supplies, however there are no guarantees re continuity of supply. Petrol/Diesel: Essential eHealth vehicle users have been identified and details held within Empower
Actions and Considerations – Generic to NHS Lothian:
See Facilities Plans: Generic Business Continuity Plans
Generators minimise the risk of impact to services with predetermined priority sequences to re-instate electricity to essential areas e.g. emergency lighting to egress buildings. Generators are tested regularly to ensure they supply priority areas.
Electrical contracts are ‘Non-interruptible Supply’ and Facilities stock pile oil, coal and gas as back-up to electrical supplies.
Where there is forewarning of potential disruption to Electrical, Oil, Gas or Water supplies Facilities teams will alert the appropriate Site Directors and Tactical Officers.
Met Office Severe Weather Warnings of Amber (Be Prepared) or Red (Take Action) will be issued to the pre-determined UHD Alert cascade. See link for warnings: Met Office Weather. In the event of a Red Warning UHD and Site Control Rooms will be set-up in advance of the projected impact window.
Depending on the nature, duration and anticipated or known impact of the disruption, the Director of eHealth may declare an Internal Major Disruption and establish a Site Control Room if not already set-up in advance.
Instigate security arrangements to store and issue essential supplies safely and prevent avoidable damage or theft.
Staff induction, on-going training and exercising will include awareness of BC Plans, helpdesks, key contacts, On-Call and escalation of issues
An NHSL Facilities Helpdesk operates Mon to Fri ‘In Hours’ on Ext: 33333 and the RIE, PFI Helpdesk operates 24/7 Ext: 24242. Facilities and Pharmacy have 24/7 On-Call available through switchboard.
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest
version
Page 30 of 31
Minimum Resource Requirements To Execute Above Strategies (Premises, Staff, Systems, Equip, Suppliers & Utilities by time frame, number of staff, equipment etc).
Ite
m Emergency Response
Within 1 hour Major Disruption 1 hour up to month
Recovery - Starts immediately and may extend up to 1 year
Sta
ff &
Skill
s
req
uire
d
Info
rma
tio
n
Da
ta &
Syste
ms
Eq
uip
me
nt
Su
pp
lies &
Reso
urc
es
Inte
rdep
en
de
ncie
s
NH
S
Lo
thia
n
The master copy of this document is held electronically. If you are using a paper copy, CD or memory stick issue of this document, it is your responsibility to ensure it is the latest version
Page 31 of 31
11. Communication Check List Group Objective Messages Media Frequency Responsibility
Be
fore
Ev
en
t
Senior Management Team Compliance with Governance and Statutory Obligations
Dissemination of information from NHSL forums. Escalation of issues. Agreement of priorities.
Meetings Action Plans Datix E-mails Intranet Training & Exercise
As required – weekly meetings
Director
Update on BC procedures. Highlight foreseen events which have potential to impact.
Dissemination of information Review BC Plans
As above 2 monthly
Directorate Team Meetings Progress and ratify Tactical & Operational plans
Ensure consistency Raise awareness Roles & responsibilities
As above
As required where plans are due for review or for ad hoc events
Directors & Leads for Directorate
Du
rin
g E
ven
t
NHS Lothian - Strategic Level
Briefing on eHealth readiness and response. Escalate relevant issues
Status of readiness and response capability Reports
Meeting attended Director/ Tactical Officer Situation Reports
As required Director/Tactical Lead or where appropriate
Tactical Response teams
Briefing on Directorate readiness & Incident management
Status of readiness and response capability Incident Impact Response Prioritisation of services Allocation of resources
meetings led by Directors of Operation/s/Tactical Officer or Deputy
As required Director and/or Tactical Lead
Media & other stakeholders
Engage, Warn & Inform Inform and advise of situation
Media relations Internet/ Other media as appropriate
As soon as possible and normally within 1 hours “golden hour”
Communications Officer On-Call
Aft
er
Ev
en
t Internal debrief to capture lessons learnt. Recovery, return to normal service and catch-up where required
Acknowledge achievements, what worked well and what could be improved
Meetings Debriefs Action Plans Datix E-mails Intranet Training & Exercise
As required Directors/Tactical officer
top related