Many of the business continuity steps taken during the COVID-19 pandemic should be considered when crafting broader disaster recovery plans, such as those used after a hurricane, two risk management and compliance experts say.
For instance, at the height of the New York area coronavirus outbreak in the spring, The New Jewish Home – which operates skilled nursing facilities and assisted living homes in the region – had to enhance its communications with staff so it could continue operations, says Dana Penny, the organization’s chief compliance officer.
“In a normal emergency, like a hurricane or a blizzard, you’re worried about getting staff physically to a location – it’s all hands on deck,” he says in an interview with Information Security Media Group. But during COVID-19, one of the top considerations The New Jewish Home had to make was limiting the number of staff it had onsite. “We had to enhance our communication in order to allow people to work remotely or from other sites,” he says.
“We had to make sure the iPhone, the iPad and Alexa [smart speakers] and other technologies we use were not in any way interfacing with our normal network. We already had a secondary wireless network that did not go anywhere near our business network.”
After a crisis, organizations need to consider “from a security perspective, how well was the information being protected through the … changes in communication,” says Gerry Blass, a former healthcare CISO who now heads the consultancy ComplyAssistant.
“There’s a lot of improvisation that goes on” in dealing with a sudden extreme emergency, Penny notes. And eventually those changes need to be documented for potential scrutiny by auditors and regulators, he adds.
In this interview (see audio link below photo) Penny and Blass also discuss:
- Other privacy and security challenges that emerged during the COVID-19 crisis;
- Tips for responding to a breakdown in normal communication methods during a crisis;
- Additional business continuity lessons emerging from dealing with the coronavirus outbreak that can be applied to other disaster situations.
Penny is chief compliance officer for The New Jewish Home in New York, which has three skilled nursing facilities and other units in the metropolitan area.
Blass, who has more than 35 years of experience in healthcare information technology, is president and CEO of the consultancy ComplyAssistant. He formerly was CISO at Meridian Health System in New Jersey.