Upload
bcm-institute
View
243
Download
3
Embed Size (px)
Citation preview
3
• Introduction
• About SingHealth
• Healthcare BCM Threats
• Importance of BCM in Healthcare
• SingHealth Cluster BCM Framework
• Key Challenges in implementing BCM
Scope
4
Vision
Defining Tomorrow’s Medicine
Mission
Care to Heal
Educate to Empower
Innovate to Advance
Our Triple Mission puts us on course to be the
Leader in Academic Medicine
Our Shared Vision and Mission
About SingHealth
5
Our Common Purpose is
something each one of us
can own as our personal
mission in our everyday
work.
Our roles may be different
but all of us within the
SingHealth family contribute
to making possible the
promise of providing
excellent care to patients.
21,962 staff*
One Commitment
* Source: SingHealth Duke-NUS Academic Medical Centre Annual Overview 2015
Our Common Purpose
8
Our Full Continuum of Care – 42 Specialties
Secondary, Tertiary, Quaternary Care
FMC
CHC GP
Network
Source: SingHealth Duke-NUS Academic Medical Centre Annual Overview 2015
Each Year……
• 163,225
Inpatient Admissions
• 755,489
Patient Days
• 4.6 days
ALOS
• 72,603
Inpatient Surgeries
• 113,991
Day Surgeries
• 1.9 million
Specialist Outpatient Clinic
Attendances
• 318,953
A & E Attendances
• 1.78 million
Polyclinic Attendances
• 223,617
Dental Attendances
Secondary,
Tertiary,
Quaternary
Care
Primary
Care
Continuing Care
9
SingHealth SGH Campus
Singapore General Hospital
National Heart
Centre
Singapore
National Cancer
Centre
Singapore
Singapore
National Eye
Centre
National
Dental Centre
Singapore
National
Neuroscience
Institute (SGH
Campus) *Beds in service comprising 1,597 for SGH & 185 for NHCS
Largest Concentration of Medical Services & Facilities
Beds: 1,782*
Admissions: 88,083*
Doctors: 1,446
Dentists: 101
Nurses: 6,050
SOC visits: 1,232,604
Surgeries: 138,852
Staff Strength: 12,508
10
Types of Threats
• Natural
– Heavy Rain
– Floods
– Fire
– Haze
• Man-made
– Terrorist Attacks
– Power Outages
– Cyber Attacks
• Healthcare
– Diseases
– Infections
BCM Threats
11
• A fire on level 2 of the Sultanah Aminah Hospital (Johor Baru’s largest hospital ICU)
started at around 8.55am on Tuesday (25 Oct 2016), resulting in death of 6 patients
and 11 people injured
• Cause: burnt capacitor in one of the ceiling lights and flammable materials placed
under the lighting, causing the fire to spread quickly
• Another fire broke out the following day on the level below the ICU
• Follow Up: a special squad from the Health Ministry to review the safety and crisis
management procedures in all of Malaysia’s 145 public hospitals
• In Singapore, MOH also called for a review of fire emergency plans in our hospitals
and institutions
Fire at Johor Baru Hospital
13
• For healthcare service providers, outbreak of infectious diseases is one of our main and imminent threats.
• However, treating infection outbreaks in the community is not BCM but a business function.
• Examples:
• Pandemics such as SARS (2003) and H1N1 (2009) have presented valuable experience for formulating BC plans.
Healthcare BCM Threats
14
• Business Continuity is not only about recovering critical
functions from a disaster but also ensuring that critical functions
continue promptly in the event of a disruption
• It is the capability of the organization to continue delivery of
products or services at acceptable predefined levels following a
disruptive incident
• Aims to safeguard the interests of an organization and its key
stakeholders by protecting its critical business functions against
predetermined disruptions
Importance of BCM
15
• Saves Lives – may include evacuation from wards during a fire incident or
the prevention of spread of diseases by patients
• Retrieval of Patient Records – having an effective Business Continuity
Plan (BCP) ensures that medical professionals would have patients’ critical
data restored, allowing them to continue to provide vital care to the patients
• Protects Sensitive Data – patient’s electronic data is often accessed from
multiple sources, and while secured, information can still be at risk when a
disaster strikes. In the event of a disaster, BCP addressing this can let
organisations to continue to access clean and uncompromised data
• Maintains Efficiency – loss or corruption of data can be extremely costly
especially when recovery of system failure or data takes days or weeks.
Employees will not be able to preform their jobs efficiently which will impact
operating costs. Having a BCP will reduce the downtime and maintain
operational efficiency after a disaster
Importance of BCM in Healthcare
16
Chairman
Coordinator
Organisation Structure of Cluster BCM Workgroup
Senior Management
(CEO, DY CEO & CMB)
Chairman BCM Manager
(COO)
Department BCM
Coordinators
Damage
Assessment Team
(DAT)
Alt BCM Manager
(COO, Ambulatory)
BCM Secretariat
(PRD)
Division HODs
BC
M S
teerin
g C
om
mitte
e
A typical Hospital and Institution BCM structure
Role/Functions of Cluster BCM Framework
• Coordination – to coordinate BCM
related activities eg. Cross-Institution
Internal Audit
• Standardisation – to commonalise Risk
Assessment rating and threats as most
intuition’s admin office and Call-center
share the same building
SingHealth Cluster BCM Framework
17
• SingHealth HQ and most institutions are BCM-certified under the ISO 22301:2012
Standard since 2015
• Previously on TR19 and SS:540 Standards
• In 2016, seven institutions underwent the ISO 22301:2012 External Surveillance
Audits for BCM with no major finding
Defined BCMS Policy and
Scope
Established Minimum
Business Continuity
Objectives (MBCOs) for
SingHealth HQ
Formed SingHealth HQ
BCM Steering Committee
and Cluster BCM
Workgroup
Identified SingHealth HQ
depts with Critical
Business Functions
(CBFs)
Depts’ business
objectives to be in line
with MBCOs
eg. Managing external
relationships
Providing corporate services
supporting cluster’s operations.
eg. External communications
(media relations and social
media management)
Execute procurement for
unplanned critical bulk items
requested by institutions
SingHealth HQ BCM Framework
18
• The 6 key components in the BCMS standard
Risk Assessment
(RA)
Business Impact
Analysis (BIA)
Business Continuity Strategies
Business Continuity Plan (BCP)
Test and Exercise
Programme Management
SingHealth HQ BCM Framework
19
• SingHealth HQ’s framework alignment to ISO 22301 Standard
Conduct Risk Assessments
(RA) and Business Impact
Analysis (BIA)
Formulate Business Continuity Strategies;
Develop Business Continuity
Plans (BCP)
Validate BCPs through Tests and Exercises
Programme Management
and Audits
Continual Improvement
SingHealth HQ BCM Framework
20
• SingHealth HQ BCM Response Teams
Crisis Management Team (comprises of Senior Management)
Led by: Crisis Declaration Officer
Emergency
Response Team
Damage
Assessment Team
(DAT)
Emergency Ops
Centre (EOC) Set-
up Team
Recovery Team (comprises of BCM reps
from affected department)
SingHealth HQ BCM
Steering Committee
SingHealth HQ BCM Framework
21
• Process of Risk Identification, Risk Analysis and Risk Evaluation
• Covers the following categories:
- Policies
- Processes
- People
- Infrastructure - Risk associated to individual BU
External Threats Internal Threats
Loss of Staff/Absenteesm
Business Processes
Office facilities & premises
Communication networks
Applications/Data/Cyber-attacks
Power failure/outage
Public infrastructure
Political, Social-economic, Economic
climate
Natural eg. heavy rain, flood, fire
Man-made
Evaluate
Analyse
Identify disruptive incidents
• What may happen
and why?
• Consequences?
• Likelihood
• How to mitigate
consequences or
reduce likelihood?
Risk Assessment (RA)
22
Purpose
• Seek to understand the organisation’s Critical Business Functions
(CBFs), the priority of each and the timeframes for resumption
• Obtain the resource information (Minimum Operating Requirement)
from which an appropriate recovery strategy can be
determined/recommended
How will the organisation be affected?
Disruptions
from
uncontrolled
events
• Adverse effects on staff or
public well being?
• Consequences of
breaching regulatory
requirements?
• Damage to reputation?
• Reduced financial
viability?
• Deterioration of public or
service quality?
• Environmental damage?
Business Impact Analysis (BIA)
23
• SingHealth HQ Depts assigned minimally required staff to alternate
sites for key functions while others to work from home
• Minimum Operating Requirements eg. laptops, computer software
programmes, office support, have to be listed
• Various strategies to adopt for denial of
access >24 hours:
- Activity relocation
- Resource relocation
- Resource re-allocation
- Alternate processes and spare capacity
- Resource and skills replacement
- Temporary work-round
RA
BIA
Strategy
Business Continuity Strategy
24
BCP
Strategy
BIA
RA Recovery Objectives
from BIA
BC Procedures to manage a disruptive incident and continue its activities
• For documentation purposes, a typical BC Plan includes:
- Emergency Response
- Emergency Evacuation
Procedures
- Critical Items List
- Incident Escalation
- Emergency Operations Centre
(EOC)
- Qualification Factors for EOC
- Recovery and Resumption of
CBF
- Restore and Return to Normal
- People
- Crisis Communication
- Contact List
- BC Plan Distribution
Business Continuity Plan (BCP)
25
• Validate BCPs through Tests and Exercises
Call-Tree Exercise Conduct Annual Call-Tree
exercises to validate staff
contractibility and response time
Table-Top Exercise (TTX)
Conduct Table-Top Exercises for
departments to validate their
BCPs
Simulation Exercise
Conduct Simulation Exercises at
alternate sites to validate activity
and resource relocation
Validation of BCPs
26
Ensure BCMS is aligned with Management’s expectations and
ISO 22301 Requirements
Monitoring, Measurement, Analysis and Evaluation
Management Review
Top management shall review the
organisation’s BCMS
Audit
Internal audits at planned intervals
Programme Management
27
Continue to maintain Operations and
Administration Support to the hospital and
institutions eg. IT, HR and Finance, etc.
Provide manpower support to Hospital
Decontamination Station in the event of
civil emergencies with mass causalities
Continue to maintain Internal and External
Communications as well as provide Legal
Support to hospitals and institutions
SingHealth HQ’s Support to Hospitals and Institutions
28
1. Alignment of BCM Framework across cluster
Challenge : Different BCM scopes across SingHealth cluster.
Response : Through the cluster BCM Workgroup, the hospitals and
institutions BCM representatives meets every quarter to share best
practices and commonalise Risk Assessment rating and threats.
Chairman
Coordinator
Cluster BCM Workgroup
Key Challenges in implementing BCM
29
2. Ensure robust IT support across cluster
Challenge: Inadequate IT support by IHiS (due to other priorities)
Response: Raise the level of IT support by ensuring redundancies,
providing multiple servers at alternate sites, ensuing fast data back up
and recovery response by IHiS.
3. Staff response during activation of BCP
Challenge: Staff’s unfamiliarity during crisis situations
Response : Encourage maximum participation during test and
exercises eg. fire drills, Call-Tree Exercise, Table-Top and Simulation
Exercise
Key Challenges in implementing BCM
30
• While having a framework is important, the key lies in the
staff knowing what to do when BCP is activated
• Requires buy-in and active participation by both
management and staff in test and exercises
Conclusion