Sorry, the language specified is not available for this page
    featured-image-blog-hanys-1000x667

    Keeping Members In The Know To Support Their Mission

    Overview

    logo-case-study-hanys-200x100

    Whether advocating for healthcare reform or capturing, analyzing and reporting data used to improve patient care, a collocated, SOC 2 Sungard AS data centre helps HANYS protect the confidentiality of patient information for its customers. Sungard AS consultants identified potential risks and created well-defined, documented processes for maintaining continuity. If disruption occurs, disaster recovery and crisis management plans are now in place to respond quickly and communicate with stakeholders and customers.

    Solutions

    • Colocation Services
    • Business Impact Analysis
    • Business Continuity Planning
    • Crisis Management Consulting
    • Disaster Recovery Planning

    Results

    • Colocation provides a cost-effective approach to IT and business resilience
    • Impact analysis identifies continuity and security risks and gaps
    • Continuity and disaster recovery planning prepares organisations for faster recovery
    • Crisis management processes aid in communicating recovery response to executives and stakeholders
    • 100%, SLA-backed availability
    • SOC 2 and ISO 27001 compliance assures data protection, attracts new members

    About the Company

    The Healthcare Association of New York State, Inc. (HANYS) is a statewide hospital and continuing care association, representing nonprofit and public hospitals, nursing homes, home care agencies and other healthcare organisations. HANYS is a nonprofit organisation whose mission is to advance the health of individuals and communities by providing leadership, representation and service to healthcare providers and systems across the entire continuum of care.

    We have a great relationship with Sungard AS. They are a really good fit for us. Across the board, whether it’s having to do with the data centre facility itself or the business continuity, disaster recovery and incident crisis management services they deliver, Sungard AS keeps the lines of communication open to update us on what’s happening. They’re able to adapt to the ebb and flow that occurs to keep the solutions relevant to what our mission and goals are.

    Director, IS Operations, Healthcare Association of New York State, Inc

    Challenge

    Serving security-conscious customers

    Today, New York state hospitals and other healthcare organisations must do more than deliver patient care. They must stay on top of the biggest trends and topics that face the industry, while staying in the know about federal regulations, statewide issues and their own impact on their local communities.

    That’s why HANYS’ membership base relies on the association’s federal and state advocacy agendas, data-informed approaches and educational events to meet the healthcare needs of the more than 19 million New Yorkers they serve.

    While championing healthcare reform and providing learning opportunities are critical to its members, HANYS’ research and analytic services arm them with the knowledge needed to drive new initiatives and take actions to improve patient care.

    From totaling the number of open-heart surgeries with complications year-over-year to tracking the incidence of pressure injuries, HANYS captures, consolidates and reports on data gathered and analyzed at the local, regional and state levels. DataGen, a HANYS subsidiary, goes even further by providing advanced analytics on a national basis.

    Data protection and business continuity are critical to meeting the company’s service commitments to members, as well as to keeping HANYS’ own operations flowing.

    Fortifying compliance and continuity

    According to Fred Halley, HANYS’ director of IS operations, HANYS is continuously looking for ways to heighten security levels. Halley noted that leveraging a SOC 2 compliant data centre built to ensure a safe operating environment for storing and managing sensitive patient data seemed like the next logical step for enhancing HANYS’ resiliency and security profile.

    When it came to maintaining business continuity for the organisation, Halley advised that having a fully redundant hot site was very appealing, especially for HANYS’ critical applications and business processes. However, as a highly complex organisation, HANYS’ business continuity plan and approach needed to be updated to include a hot site.

    “From a department-to-department standpoint, we have very different requirements for continuity that a hot site could positively impact,” confirms Halley. “Since many of these departments were now going to be able to incorporate a hot site, we needed to update our business continuity plans for meeting ISO 27001 security standards around how we obtain, store and handle data and how we recover our operations after a disruption. It was important that every department’s plan now incorporated our hot site, which is why we reached out to Sungard Availability Services and their business continuity consultants for help.”

    Data protection and business continuity are critical to meeting the company’s service commitments to members, as well as to keeping HANYS’ own operations flowing.

    Solution

    Colocation for high availability, certified security

    Sungard AS has hosted HANYS’ websites since 2005. In 2018, HANYS extended its contract with Sungard AS to include colocation services.

    “The other facilities we looked at weren’t as impressive, and we had no previous relationships with the other providers we considered,” Halley says. Proximity was also a decision factor. “From our front door to our data center is only a two-hour ride. It is close enough if we need to get there, but far enough away to not be impacted by local weather or other events happening near
    our headquarters.”

    Shortly after the contract was signed, Halley and his team moved their systems into the Sungard AS data centre. The facility provides the space, power and network access needed for a fully redundant, high-performance environment supported by 24/7 operations. Built for continuity, it delivers SLA-backed availability with the security and data protection required for SOC 2 and ISO/IEC 27001 certifications.

    HANYS now has the ability to split IT operations between its own facility and the Sungard AS data centre, depending upon specific needs or enhanced security requirements. “We use the Sungard AS facility to host our primary applications and data and for customers requiring us to process and store patient data in a SOC 2 data center,” Halley says. “This has worked really well for us ever since we started in 2018. We add or remove equipment on our own, as needed, or we can rely on Sungard AS’ on-site ’smart hands’ support to do other work for us.”

    Defining business impacts and continuity plans

    Now that it had a new hot site capability, HANYS engaged Sungard AS consultants in mid-2019 to conduct an enhanced business impact analysis. By determining the critical business activities that keep operations flowing and the IT assets, applications, resources and services that support them, resilient HANYS could have a more fulsome understanding of the consequences of a business disruption. Using its new hot site capability, the association would be better prepared to avoid such disruptions in the future.

    To start with, consultants met with HANYS executives representing key business areas across the organisation — from finance, regulatory affairs, information systems and marketing to research, legal and member services, as well as its DataGen and HANYS Benefit Services subsidiary business units.

    Consultants were able to define the recovery time objectives and recovery point objectives for each business area, assess their current readiness to meet them, and identify gaps that could leave HANYS vulnerable to disruption or data security issues. Halley says it was a valuable learning experience for each team.

    “Our departments were asked to answer some very difficult and pointed questions,” he shares. “They had to define the data most important to them, as well as their tolerance for data loss and downtime. The consultants worked well with each department team to help them reach agreement on their departmental business continuity plans.”

    Armed with detailed information and insight from the business impact analysis, Sungard AS consultants prepared an enhanced business continuity plan, including recommendations for improving resiliency and enhancing compliance with regulatory and audit requirements.

    Preparing for disaster recovery and crisis management

    While a business continuity plan helps HANYS avoid disruptions, a disaster recovery plan helps them respond more quickly if they do encounter issues. In 2019, HANYS engaged Sungard AS to also update its disaster recovery plan to define how this new hot site ability enhances who does what, and when to get the infrastructure, applications and business processes back up and running with minimal impact on operations.

    Sungard AS consultants created a series of tabletop exercises for HANYS’ staff, including “what if” scenarios to prepare them for handling the different challenges that may occur with IT disruptions and what the decision-making, escalation and recovery processes should be. The consultants also completed a testing charter for HANYS, including documented processes to follow.

    “The exercises helped us define our disaster recovery plan and test it to make sure it works,” says Halley. “Testing will also help us prepare for our upcoming move to a new SOC 2 data center, which will replace our existing one near headquarters. We want to ensure we’re able to power down all the equipment and then power it back up successfully. The plan is to start failing over between the two SOC 2 data centres.”

    At HANYS’ request, Sungard AS also included a plan for incident crisis management as part of this engagement. If an incident occurs, HANYS’ incident crisis management team can now ramp up quickly using a well-defined playbook. This incident crisis team plan is designed to quickly address or mitigate issues effectively, and report details and a course of action to senior management and all impacted customers and stakeholders.

    Results

    Readiness for ISO 27001 certification

    As a result of the work with Sungard AS, HANYS was able to meet the security and compliance requirements needed to both maintain and win new business for the DataGen division.

    “We now have solidly written business continuity, disaster recovery and incident management plans in place that can be adjusted for our continually evolving needs. This has helped us in a number of ways, and is a key reason for our successful ISO 27001 implementation,” says Halley.

    HANYS recently completed the final phase of the three-part, three-year ISO 27001 audit. According to Halley, “There were zero findings and no corrective actions for us to take. That made our C-level executives very happy.”

    The company now has processes to keep its IT environment aligned with continuity, security and compliance demands.

    “Whether it’s business continuity, incident crisis management or disaster recovery, we have continued to review and enhance our policies and procedures to make sure we have a plan for everything we do,” Halley confirms. “When it comes to preparing for an ISO 27001 audit, we know what was last reviewed and what is up for review next. We have our security department monitoring that, and they update us as part of their regular process and agenda. To be successful at ISO 27001 requires the daily commitment of our entire organisation.”

    Adapting to change

    Having these well-defined plans in place well before the COVID-19 pandemic really helped HANYS successful navigate the challenges of working remotely. HANYS’ business continuity plan included recommendations on how to execute a work-from-home strategy if an event prevented employees from coming into the office. By the time the virus hit in March 2020, HANYS had already begun equipping employees with laptops to test access and bandwidth capabilities from a home setting.

    “Going through the planning process and enhancing our plans with Sungard AS helped us to be better prepared when the pandemic began,” says Halley.

    When it comes to adapting to new and changing situations, Halley says he appreciates the flexibility and open communication Sungard AS provides and advises other organisations to consider those qualities when choosing an IT partner.

    “We have a great relationship with Sungard AS and they are a really good fit for us,” he says. “Across the board, whether it’s having to do with the data center facility itself or the business continuity and incident crisis management services they deliver, Sungard AS keeps the lines of communication open to update us on what’s happening. They’re able to adapt to the ebb and flow that occurs to keep the solutions relevant to what our mission and goals are.”

    Halley advises other organisations looking for a new approach to IT and business resilience to do their due diligence, just as he did in choosing Sungard AS. “Ensure you really look at what your specific needs are, and make certain that whatever company you choose is flexible enough to fill them."

    Going through the planning process and enhancing our plans with Sungard AS helped us to be better prepared when the pandemic began,” says Halley.

    Whether it’s business continuity, incident crisis management or disaster recovery, we have continued to review and enhance our policies and procedures to make sure we have a plan for everything we do.

    Director, IS Operations, Healthcare Association of New York State, Inc.

     

    logo-case-study-hanys-200x100

    Whether advocating for healthcare reform or capturing, analyzing and reporting data used to improve patient care, a collocated, SOC 2 Sungard AS data centre helps HANYS protect the confidentiality of patient information for its customers. Sungard AS consultants identified potential risks and created well-defined, documented processes for maintaining continuity. If disruption occurs, disaster recovery and crisis management plans are now in place to respond quickly and communicate with stakeholders and customers.

    Solutions

    • Colocation Services
    • Business Impact Analysis
    • Business Continuity Planning
    • Crisis Management Consulting
    • Disaster Recovery Planning

    Results

    • Colocation provides a cost-effective approach to IT and business resilience
    • Impact analysis identifies continuity and security risks and gaps
    • Continuity and disaster recovery planning prepares organisations for faster recovery
    • Crisis management processes aid in communicating recovery response to executives and stakeholders
    • 100%, SLA-backed availability
    • SOC 2 and ISO 27001 compliance assures data protection, attracts new members

    About the Company

    The Healthcare Association of New York State, Inc. (HANYS) is a statewide hospital and continuing care association, representing nonprofit and public hospitals, nursing homes, home care agencies and other healthcare organisations. HANYS is a nonprofit organisation whose mission is to advance the health of individuals and communities by providing leadership, representation and service to healthcare providers and systems across the entire continuum of care.

    We have a great relationship with Sungard AS. They are a really good fit for us. Across the board, whether it’s having to do with the data centre facility itself or the business continuity, disaster recovery and incident crisis management services they deliver, Sungard AS keeps the lines of communication open to update us on what’s happening. They’re able to adapt to the ebb and flow that occurs to keep the solutions relevant to what our mission and goals are.

    Director, IS Operations, Healthcare Association of New York State, Inc

    Serving security-conscious customers

    Today, New York state hospitals and other healthcare organisations must do more than deliver patient care. They must stay on top of the biggest trends and topics that face the industry, while staying in the know about federal regulations, statewide issues and their own impact on their local communities.

    That’s why HANYS’ membership base relies on the association’s federal and state advocacy agendas, data-informed approaches and educational events to meet the healthcare needs of the more than 19 million New Yorkers they serve.

    While championing healthcare reform and providing learning opportunities are critical to its members, HANYS’ research and analytic services arm them with the knowledge needed to drive new initiatives and take actions to improve patient care.

    From totaling the number of open-heart surgeries with complications year-over-year to tracking the incidence of pressure injuries, HANYS captures, consolidates and reports on data gathered and analyzed at the local, regional and state levels. DataGen, a HANYS subsidiary, goes even further by providing advanced analytics on a national basis.

    Data protection and business continuity are critical to meeting the company’s service commitments to members, as well as to keeping HANYS’ own operations flowing.

    Fortifying compliance and continuity

    According to Fred Halley, HANYS’ director of IS operations, HANYS is continuously looking for ways to heighten security levels. Halley noted that leveraging a SOC 2 compliant data centre built to ensure a safe operating environment for storing and managing sensitive patient data seemed like the next logical step for enhancing HANYS’ resiliency and security profile.

    When it came to maintaining business continuity for the organisation, Halley advised that having a fully redundant hot site was very appealing, especially for HANYS’ critical applications and business processes. However, as a highly complex organisation, HANYS’ business continuity plan and approach needed to be updated to include a hot site.

    “From a department-to-department standpoint, we have very different requirements for continuity that a hot site could positively impact,” confirms Halley. “Since many of these departments were now going to be able to incorporate a hot site, we needed to update our business continuity plans for meeting ISO 27001 security standards around how we obtain, store and handle data and how we recover our operations after a disruption. It was important that every department’s plan now incorporated our hot site, which is why we reached out to Sungard Availability Services and their business continuity consultants for help.”

    Data protection and business continuity are critical to meeting the company’s service commitments to members, as well as to keeping HANYS’ own operations flowing.

    Colocation for high availability, certified security

    Sungard AS has hosted HANYS’ websites since 2005. In 2018, HANYS extended its contract with Sungard AS to include colocation services.

    “The other facilities we looked at weren’t as impressive, and we had no previous relationships with the other providers we considered,” Halley says. Proximity was also a decision factor. “From our front door to our data center is only a two-hour ride. It is close enough if we need to get there, but far enough away to not be impacted by local weather or other events happening near
    our headquarters.”

    Shortly after the contract was signed, Halley and his team moved their systems into the Sungard AS data centre. The facility provides the space, power and network access needed for a fully redundant, high-performance environment supported by 24/7 operations. Built for continuity, it delivers SLA-backed availability with the security and data protection required for SOC 2 and ISO/IEC 27001 certifications.

    HANYS now has the ability to split IT operations between its own facility and the Sungard AS data centre, depending upon specific needs or enhanced security requirements. “We use the Sungard AS facility to host our primary applications and data and for customers requiring us to process and store patient data in a SOC 2 data center,” Halley says. “This has worked really well for us ever since we started in 2018. We add or remove equipment on our own, as needed, or we can rely on Sungard AS’ on-site ’smart hands’ support to do other work for us.”

    Defining business impacts and continuity plans

    Now that it had a new hot site capability, HANYS engaged Sungard AS consultants in mid-2019 to conduct an enhanced business impact analysis. By determining the critical business activities that keep operations flowing and the IT assets, applications, resources and services that support them, resilient HANYS could have a more fulsome understanding of the consequences of a business disruption. Using its new hot site capability, the association would be better prepared to avoid such disruptions in the future.

    To start with, consultants met with HANYS executives representing key business areas across the organisation — from finance, regulatory affairs, information systems and marketing to research, legal and member services, as well as its DataGen and HANYS Benefit Services subsidiary business units.

    Consultants were able to define the recovery time objectives and recovery point objectives for each business area, assess their current readiness to meet them, and identify gaps that could leave HANYS vulnerable to disruption or data security issues. Halley says it was a valuable learning experience for each team.

    “Our departments were asked to answer some very difficult and pointed questions,” he shares. “They had to define the data most important to them, as well as their tolerance for data loss and downtime. The consultants worked well with each department team to help them reach agreement on their departmental business continuity plans.”

    Armed with detailed information and insight from the business impact analysis, Sungard AS consultants prepared an enhanced business continuity plan, including recommendations for improving resiliency and enhancing compliance with regulatory and audit requirements.

    Preparing for disaster recovery and crisis management

    While a business continuity plan helps HANYS avoid disruptions, a disaster recovery plan helps them respond more quickly if they do encounter issues. In 2019, HANYS engaged Sungard AS to also update its disaster recovery plan to define how this new hot site ability enhances who does what, and when to get the infrastructure, applications and business processes back up and running with minimal impact on operations.

    Sungard AS consultants created a series of tabletop exercises for HANYS’ staff, including “what if” scenarios to prepare them for handling the different challenges that may occur with IT disruptions and what the decision-making, escalation and recovery processes should be. The consultants also completed a testing charter for HANYS, including documented processes to follow.

    “The exercises helped us define our disaster recovery plan and test it to make sure it works,” says Halley. “Testing will also help us prepare for our upcoming move to a new SOC 2 data center, which will replace our existing one near headquarters. We want to ensure we’re able to power down all the equipment and then power it back up successfully. The plan is to start failing over between the two SOC 2 data centres.”

    At HANYS’ request, Sungard AS also included a plan for incident crisis management as part of this engagement. If an incident occurs, HANYS’ incident crisis management team can now ramp up quickly using a well-defined playbook. This incident crisis team plan is designed to quickly address or mitigate issues effectively, and report details and a course of action to senior management and all impacted customers and stakeholders.

    Readiness for ISO 27001 certification

    As a result of the work with Sungard AS, HANYS was able to meet the security and compliance requirements needed to both maintain and win new business for the DataGen division.

    “We now have solidly written business continuity, disaster recovery and incident management plans in place that can be adjusted for our continually evolving needs. This has helped us in a number of ways, and is a key reason for our successful ISO 27001 implementation,” says Halley.

    HANYS recently completed the final phase of the three-part, three-year ISO 27001 audit. According to Halley, “There were zero findings and no corrective actions for us to take. That made our C-level executives very happy.”

    The company now has processes to keep its IT environment aligned with continuity, security and compliance demands.

    “Whether it’s business continuity, incident crisis management or disaster recovery, we have continued to review and enhance our policies and procedures to make sure we have a plan for everything we do,” Halley confirms. “When it comes to preparing for an ISO 27001 audit, we know what was last reviewed and what is up for review next. We have our security department monitoring that, and they update us as part of their regular process and agenda. To be successful at ISO 27001 requires the daily commitment of our entire organisation.”

    Adapting to change

    Having these well-defined plans in place well before the COVID-19 pandemic really helped HANYS successful navigate the challenges of working remotely. HANYS’ business continuity plan included recommendations on how to execute a work-from-home strategy if an event prevented employees from coming into the office. By the time the virus hit in March 2020, HANYS had already begun equipping employees with laptops to test access and bandwidth capabilities from a home setting.

    “Going through the planning process and enhancing our plans with Sungard AS helped us to be better prepared when the pandemic began,” says Halley.

    When it comes to adapting to new and changing situations, Halley says he appreciates the flexibility and open communication Sungard AS provides and advises other organisations to consider those qualities when choosing an IT partner.

    “We have a great relationship with Sungard AS and they are a really good fit for us,” he says. “Across the board, whether it’s having to do with the data center facility itself or the business continuity and incident crisis management services they deliver, Sungard AS keeps the lines of communication open to update us on what’s happening. They’re able to adapt to the ebb and flow that occurs to keep the solutions relevant to what our mission and goals are.”

    Halley advises other organisations looking for a new approach to IT and business resilience to do their due diligence, just as he did in choosing Sungard AS. “Ensure you really look at what your specific needs are, and make certain that whatever company you choose is flexible enough to fill them."

    Going through the planning process and enhancing our plans with Sungard AS helped us to be better prepared when the pandemic began,” says Halley.

    Whether it’s business continuity, incident crisis management or disaster recovery, we have continued to review and enhance our policies and procedures to make sure we have a plan for everything we do.

    Director, IS Operations, Healthcare Association of New York State, Inc.