Title of thesis: Disaster Recovery of Health Information Systems
The operation of a hospital is a particularly complicated process. A hospital’s efficient operation requires harmonization between Medicine and Economics, with the information system  materializing the policies that allow these disciplines to function at the predetermined blend of implementation. Once the information system has been developed, the hospital operations – quantitatively as well as qualitatively- will be covered more and more by it. Thus, the continuous use of the IS renders it an essential supporting tool for the operation of the hospital. Nowadays, a great number of hospitals base their operations upon their information system, exhibiting total dependence on it. Inefficiency of the information support of the hospital operations caused by any kind of disaster (natural, artificial, deliberate or out of neglect), will bring the hospital into a crisis situation. Thus, the anticipation of the management of the crisis that will result from the weakness of the information support of the hospital’s operations – regardless of the cause – becomes necessary. The advisable solution to manage this type of crisis is by planning ahead the recovery of the information system [2, 3].
The field work of the doctoral thesis began with the necessary steps of planning that a hospital should take in order to ensure the minimum resources for the recovery of its information system . This process revealed problems which could have been foreseen during the system design stage. Thus, the possibility of designing the system recovery in parallel with designing the system itself was identified. The theoretical investigation of the system design brought out directly another interrelated concern with regard to the development stage, after which an information system starts being in danger of disaster, with serious consequences for the hospital operation. However, remaining only on the above theoretical approaches would not have any particular value, unless their results were applied in practice. Following those two lines of thought, an approach to modify the systems design, incorporating an object of IS security in the first stages of the design was started.
The theoretical investigation of the classic System Development Life Cycle (SDLC) and the incorporation of Disaster Recovery Planning (DRP) actions would render the SDLC even more effective for the security of the system. The incorporation of system recovery planning into the system development life cycle was achieved through a hybrid method, according to which the actions pertinent to disaster recovery planning can be taking place along with the design actions for the first four phases, while in the remaining two phases their completion is a prerequisite. The most important benefit resulting from this incorporation is the possibility to forecast more suitable recovery strategies for the hospital, in contrast with the solutions applied under the pressure of a potential weakness of operation of the system or of a system that it functions 24/7 .
Nevertheless, one of the most well-known methods of analysis has been designed upon the system development life cycle: SSADM or Structured Systems Analysis and Design Method. The phases of the method were studied as to the results that they are designed to produce. On the other hand, the essential contents of recovery planning were compared with the designed results of the SSADM method, and then the points that could be studied simultaneously in some imminent designing of a new system were determined. Based on this result, the theoretical incorporation acquires its practical value. The most important benefits that a hospital obtains from improving the method with disaster recovery planning actions is the fact that the emergency operations system can be designed based on the same mindset of coverage and the same method, complete compatibility between the normal operations system and the emergency operations system, and also the capability to directly control the system down-time .
The practical value of the above considerations has direct application in the planning of the new system and, particularly, in two important points: the design of structured cabling and backup planning.
The common practice in structured cabling design allows for the creation of two different cabling routes, which reach the server room. This practice is a highly expensive solution since it doubles the cabling installation and maintenance cost in order to offer the required redundancy. We propose an alternative method of structured cabling planning, which offers the needed redundancy – security in case of a disaster in the server room. The fragmented form of an information system – nowadays found in most hospitals – consisting of a large number of smaller systems, bears the risk of data correlation across systems. Restoring data that has been backed up (concurrently or from one spot) from various smaller systems carries the potential risk to restore data into a system that does not face a problem in supporting the operation of a hospital. We propose a new backup method which takes into consideration not only data correlation across systems but also the autonomy of the systems. According to the proposed method, a (sub)system is considered as Central (Primary) –upon which the smooth functioning of all the other systems depends– and all the other (sub)systems are considered as Dependent (Secondary). The most important benefit emerging from the proposed backup method is the operation of any dependent system with the same or previous generation from the one used by the central system.
The recording of the state of affairs regarding hospital information systems in Greece was seen both as a concern about the existing information support in Greek hospitals, and as a research challenge, which in turn provided useful conclusions. The survey questionnaire consisted of 163 questions separated into two Sections, which consisted of three Thematic Areas. Perhaps the most important result of the survey is the fact that the strategy of information systems implementation has started to change, turning to unified systems that cover the entire structure and operation of a hospital.
In its clearly planning part, the dissertation defines five (5) important factors, each of which is able to activate on its own the recovery processes; it also proposes a method to evaluate the Activation Criteria of the Plan based upon their relative importance; it introduces the concept of MATRiES time as the maximum acceptable time point of exposure to total danger; and, finally, it specifies four factors as the most critical for the successful preparation and recovery of an information system. At the same time, the thesis introduces a new mindset with regard to the organisation and writing of a recovery plan against to the current practice that insists on predicting scenarios and finding a corresponding solution. According to the thesis, the subjects of recovery are seen as weaknesses of information support and the provided solution focuses on each particular subject – independently of the cause of the disaster (for instance, fire, earthquake, flood) – aiming at an as fast as possible, but also effective troubleshooting.Finally, in the context of the thesis, we designed and developed a method with the feature to maintain a "snapshot" of the structure and operation of a hospital information system. This snapshot is used as input to the three alternative strategies of the method. Each strategy is able to calculate a required-desired functionality that the hospital can have in case its information system is affected by a disaster. This functionality is expressed by defining a system that will be a miniature of the primary one, yet fully geared towards the requirements and specifications of the hospital for operation in emergency conditions.