1

Dexter Chia

Director, GCOO’s Office

26 Apr 2017

Business Continuity

Management in Healthcare

3

• Introduction

• About SingHealth

• Healthcare BCM Threats

• Importance of BCM in Healthcare

• SingHealth Cluster BCM Framework

• Key Challenges in implementing BCM

Scope

4

Vision

Defining Tomorrow’s Medicine

Mission

Care to Heal

Educate to Empower

Innovate to Advance

Our Triple Mission puts us on course to be the

Leader in Academic Medicine

Our Shared Vision and Mission

About SingHealth

5

Our Common Purpose is

something each one of us

can own as our personal

mission in our everyday

work.

Our roles may be different

but all of us within the

SingHealth family contribute

to making possible the

promise of providing

excellent care to patients.

21,962 staff*

One Commitment

* Source: SingHealth Duke-NUS Academic Medical Centre Annual Overview 2015

Our Common Purpose

6

Healthcare Delivery Network

NHG

NHG & Alexandra Health

NUHS

6

NUHS & Jurong Health

8

Our Full Continuum of Care – 42 Specialties

Secondary, Tertiary, Quaternary Care

FMC

CHC GP

Network

Source: SingHealth Duke-NUS Academic Medical Centre Annual Overview 2015

Each Year……

• 163,225

Inpatient Admissions

• 755,489

Patient Days

• 4.6 days

ALOS

• 72,603

Inpatient Surgeries

• 113,991

Day Surgeries

• 1.9 million

Specialist Outpatient Clinic

Attendances

• 318,953

A & E Attendances

• 1.78 million

Polyclinic Attendances

• 223,617

Dental Attendances

Secondary,

Tertiary,

Quaternary

Care

Primary

Care

Continuing Care

9

SingHealth SGH Campus

Singapore General Hospital

National Heart

Centre

Singapore

National Cancer

Centre

Singapore

Singapore

National Eye

Centre

National

Dental Centre

Singapore

National

Neuroscience

Institute (SGH

Campus) *Beds in service comprising 1,597 for SGH & 185 for NHCS

Largest Concentration of Medical Services & Facilities

Beds: 1,782*

Admissions: 88,083*

Doctors: 1,446

Dentists: 101

Nurses: 6,050

SOC visits: 1,232,604

Surgeries: 138,852

Staff Strength: 12,508

10

Types of Threats

• Natural

– Heavy Rain

– Floods

– Fire

– Haze

• Man-made

– Terrorist Attacks

– Power Outages

– Cyber Attacks

• Healthcare

– Diseases

– Infections

BCM Threats

11

• A fire on level 2 of the Sultanah Aminah Hospital (Johor Baru’s largest hospital ICU)

started at around 8.55am on Tuesday (25 Oct 2016), resulting in death of 6 patients

and 11 people injured

• Cause: burnt capacitor in one of the ceiling lights and flammable materials placed

under the lighting, causing the fire to spread quickly

• Another fire broke out the following day on the level below the ICU

• Follow Up: a special squad from the Health Ministry to review the safety and crisis

management procedures in all of Malaysia’s 145 public hospitals

• In Singapore, MOH also called for a review of fire emergency plans in our hospitals

and institutions

Fire at Johor Baru Hospital

13

• For healthcare service providers, outbreak of infectious diseases is one of our main and imminent threats.

• However, treating infection outbreaks in the community is not BCM but a business function.

• Examples:

• Pandemics such as SARS (2003) and H1N1 (2009) have presented valuable experience for formulating BC plans.

Healthcare BCM Threats

14

• Business Continuity is not only about recovering critical

functions from a disaster but also ensuring that critical functions

continue promptly in the event of a disruption

• It is the capability of the organization to continue delivery of

products or services at acceptable predefined levels following a

disruptive incident

• Aims to safeguard the interests of an organization and its key

stakeholders by protecting its critical business functions against

predetermined disruptions

Importance of BCM

15

• Saves Lives – may include evacuation from wards during a fire incident or

the prevention of spread of diseases by patients

• Retrieval of Patient Records – having an effective Business Continuity

Plan (BCP) ensures that medical professionals would have patients’ critical

data restored, allowing them to continue to provide vital care to the patients

• Protects Sensitive Data – patient’s electronic data is often accessed from

multiple sources, and while secured, information can still be at risk when a

disaster strikes. In the event of a disaster, BCP addressing this can let

organisations to continue to access clean and uncompromised data

• Maintains Efficiency – loss or corruption of data can be extremely costly

especially when recovery of system failure or data takes days or weeks.

Employees will not be able to preform their jobs efficiently which will impact

operating costs. Having a BCP will reduce the downtime and maintain

operational efficiency after a disaster

Importance of BCM in Healthcare

16

Chairman

Coordinator

Organisation Structure of Cluster BCM Workgroup

Senior Management

(CEO, DY CEO & CMB)

Chairman BCM Manager

(COO)

Department BCM

Coordinators

Damage

Assessment Team

(DAT)

Alt BCM Manager

(COO, Ambulatory)

BCM Secretariat

(PRD)

Division HODs

BC

M S

teerin

g C

om

mitte

e

A typical Hospital and Institution BCM structure

Role/Functions of Cluster BCM Framework

• Coordination – to coordinate BCM

related activities eg. Cross-Institution

Internal Audit

• Standardisation – to commonalise Risk

Assessment rating and threats as most

intuition’s admin office and Call-center

share the same building

SingHealth Cluster BCM Framework

17

• SingHealth HQ and most institutions are BCM-certified under the ISO 22301:2012

Standard since 2015

• Previously on TR19 and SS:540 Standards

• In 2016, seven institutions underwent the ISO 22301:2012 External Surveillance

Audits for BCM with no major finding

Defined BCMS Policy and

Scope

Established Minimum

Business Continuity

Objectives (MBCOs) for

SingHealth HQ

Formed SingHealth HQ

BCM Steering Committee

and Cluster BCM

Workgroup

Identified SingHealth HQ

depts with Critical

Business Functions

(CBFs)

Depts’ business

objectives to be in line

with MBCOs

eg. Managing external

relationships

Providing corporate services

supporting cluster’s operations.

eg. External communications

(media relations and social

media management)

Execute procurement for

unplanned critical bulk items

requested by institutions

SingHealth HQ BCM Framework

18

• The 6 key components in the BCMS standard

Risk Assessment

(RA)

Business Impact

Analysis (BIA)

Business Continuity Strategies

Business Continuity Plan (BCP)

Test and Exercise

Programme Management

SingHealth HQ BCM Framework

19

• SingHealth HQ’s framework alignment to ISO 22301 Standard

Conduct Risk Assessments

(RA) and Business Impact

Analysis (BIA)

Formulate Business Continuity Strategies;

Develop Business Continuity

Plans (BCP)

Validate BCPs through Tests and Exercises

Programme Management

and Audits

Continual Improvement

SingHealth HQ BCM Framework

20

• SingHealth HQ BCM Response Teams

Crisis Management Team (comprises of Senior Management)

Led by: Crisis Declaration Officer

Emergency

Response Team

Damage

Assessment Team

(DAT)

Emergency Ops

Centre (EOC) Set-

up Team

Recovery Team (comprises of BCM reps

from affected department)

SingHealth HQ BCM

Steering Committee

SingHealth HQ BCM Framework

21

• Process of Risk Identification, Risk Analysis and Risk Evaluation

• Covers the following categories:

- Policies

- Processes

- People

- Infrastructure - Risk associated to individual BU

External Threats Internal Threats

Loss of Staff/Absenteesm

Business Processes

Office facilities & premises

Communication networks

Applications/Data/Cyber-attacks

Power failure/outage

Public infrastructure

Political, Social-economic, Economic

climate

Natural eg. heavy rain, flood, fire

Man-made

Evaluate

Analyse

Identify disruptive incidents

• What may happen

and why?

• Consequences?

• Likelihood

• How to mitigate

consequences or

reduce likelihood?

Risk Assessment (RA)

22

Purpose

• Seek to understand the organisation’s Critical Business Functions

(CBFs), the priority of each and the timeframes for resumption

• Obtain the resource information (Minimum Operating Requirement)

from which an appropriate recovery strategy can be

determined/recommended

How will the organisation be affected?

Disruptions

from

uncontrolled

events

• Adverse effects on staff or

public well being?

• Consequences of

breaching regulatory

requirements?

• Damage to reputation?

• Reduced financial

viability?

• Deterioration of public or

service quality?

• Environmental damage?

Business Impact Analysis (BIA)

23

• SingHealth HQ Depts assigned minimally required staff to alternate

sites for key functions while others to work from home

• Minimum Operating Requirements eg. laptops, computer software

programmes, office support, have to be listed

• Various strategies to adopt for denial of

access >24 hours:

- Activity relocation

- Resource relocation

- Resource re-allocation

- Alternate processes and spare capacity

- Resource and skills replacement

- Temporary work-round

RA

BIA

Strategy

Business Continuity Strategy

24

BCP

Strategy

BIA

RA Recovery Objectives

from BIA

BC Procedures to manage a disruptive incident and continue its activities

• For documentation purposes, a typical BC Plan includes:

- Emergency Response

- Emergency Evacuation

Procedures

- Critical Items List

- Incident Escalation

- Emergency Operations Centre

(EOC)

- Qualification Factors for EOC

- Recovery and Resumption of

CBF

- Restore and Return to Normal

- People

- Crisis Communication

- Contact List

- BC Plan Distribution

Business Continuity Plan (BCP)

25

• Validate BCPs through Tests and Exercises

Call-Tree Exercise Conduct Annual Call-Tree

exercises to validate staff

contractibility and response time

Table-Top Exercise (TTX)

Conduct Table-Top Exercises for

departments to validate their

BCPs

Simulation Exercise

Conduct Simulation Exercises at

alternate sites to validate activity

and resource relocation

Validation of BCPs

26

Ensure BCMS is aligned with Management’s expectations and

ISO 22301 Requirements

Monitoring, Measurement, Analysis and Evaluation

Management Review

Top management shall review the

organisation’s BCMS

Audit

Internal audits at planned intervals

Programme Management

27

Continue to maintain Operations and

Administration Support to the hospital and

institutions eg. IT, HR and Finance, etc.

Provide manpower support to Hospital

Decontamination Station in the event of

civil emergencies with mass causalities

Continue to maintain Internal and External

Communications as well as provide Legal

Support to hospitals and institutions

SingHealth HQ’s Support to Hospitals and Institutions

28

1. Alignment of BCM Framework across cluster

Challenge : Different BCM scopes across SingHealth cluster.

Response : Through the cluster BCM Workgroup, the hospitals and

institutions BCM representatives meets every quarter to share best

practices and commonalise Risk Assessment rating and threats.

Chairman

Coordinator

Cluster BCM Workgroup

Key Challenges in implementing BCM

29

2. Ensure robust IT support across cluster

Challenge: Inadequate IT support by IHiS (due to other priorities)

Response: Raise the level of IT support by ensuring redundancies,

providing multiple servers at alternate sites, ensuing fast data back up

and recovery response by IHiS.

3. Staff response during activation of BCP

Challenge: Staff’s unfamiliarity during crisis situations

Response : Encourage maximum participation during test and

exercises eg. fire drills, Call-Tree Exercise, Table-Top and Simulation

Exercise

Key Challenges in implementing BCM

30

• While having a framework is important, the key lies in the

staff knowing what to do when BCP is activated

• Requires buy-in and active participation by both

management and staff in test and exercises

Conclusion

Q&A