One of the many things we’ve learned from COVID-19 is the value of communication – between patients and doctors, cities and states, healthcare providers and public health organizations, community leaders and citizens. The importance of formulating and sharing accurate, timely information between these communities became more evident as the nation responded to the biggest public health challenge in more than a century.
When it comes to keeping those lines of communication open and secure for New York residents, The Healthcare Association of New York State, Inc. (HANYS) works tirelessly to advance the health of individuals and communities. By providing leadership, representation, and service to healthcare providers and systems across the continuum of care, HANYS helps New Yorkers address everything from COVID-19 to the opioid crisis, Medicaid funding, even cybersecurity. Their motto is “Always there for healthcare.”
Whether pursuing healthcare reform or capturing, analyzing, and reporting data used to improve patient care, a collocated, SOC 2 data center with Sungard Availability Services (Sungard AS) helps HANYS protect the confidentiality of patient information for all its customers. Sungard AS has hosted HANYS’ websites since 2005, and in 2018, HANYS extended its contract with Sungard AS to include colocation services.
Since then, Sungard AS consultants have identified potential risks and created well defined, documented processes for maintaining continuity. If any disruption occurs, disaster recovery and crisis management plans are now in place to respond quickly and connect with stakeholders and customers. The key to working together so effectively? Constant communication.
In addition to close collaboration with Sungard AS, data protection and business continuity are critical to meeting the company’s service commitments to members, as well as to keeping HANYS’ own operations flowing. According to Fred Halley, HANYS’ director of IS operations, HANYS is continuously looking for ways to heighten security levels. Halley noted that leveraging a SOC 2 compliant data center built to ensure a safe operating environment for storing and managing sensitive patient data seemed like the next logical step for enhancing HANYS’ resiliency and security profile.
When it came to maintaining business continuity for the organization, Halley advised that having a fully redundant hot site was very appealing, especially for HANYS’ critical applications and business processes. However, as a highly complex organization, HANYS’ business continuity plan and approach needed to be updated to include a hot site.
“From a department-to-department standpoint, we have very different requirements for continuity that a hot site could positively impact,” confirms Halley. “We needed to update our business continuity plans for meeting ISO 27001 security standards around how we obtain, store and handle data and how we recover our operations after a disruption. It was important that every department’s plan now incorporated our hot site, which is why we reached out to Sungard AS and their business continuity consultants for help.”
Shortly after the contract was signed, Halley and his team moved their systems into the Sungard AS data center. The facility provides the space, power and network access needed for a fully redundant, high-performance environment supported by 24/7 operations. Built for continuity, it delivers SLA-backed availability with the security and data protection required for SOC 2 and ISO/ IEC 27001 certifications.
To start with, consultants met with HANYS executives representing key business areas across the organization — from finance, regulatory affairs, information systems and marketing to research, legal and member services, as well as its DataGen and HANYS Benefit Services subsidiary business units.
Consultants were able to define the recovery time objectives and recovery point objectives for each business area, assess their current readiness to meet them, and identify gaps that could leave HANYS vulnerable to disruption or data security issues. Halley says it was a valuable learning experience for each team.
HANYS now has the ability to split IT operations between its own facility and the Sungard AS data center, depending upon specific needs or enhanced security requirements. “We use the Sungard AS facility to host our primary applications and data and for customers requiring us to process and store patient data in a SOC 2 data center,” Halley says. “This has worked really well for us ever since we started in 2018. We add or remove equipment on our own, as needed, or we can rely on Sungard AS’ on-site ’smart hands’ support to do other work for us.”
As a result of the work with Sungard AS, HANYS was able to meet the security and compliance requirements needed to both maintain and win new business for the DataGen division.
“We now have solidly written business continuity, disaster recovery and incident management plans in place that can be adjusted for our continually evolving needs. This has helped us in a number of ways and is a key reason for our successful ISO 27001 implementation,” says Halley. As their motto suggests, being always there for healthcare depends on Sungard AS being always there for resilience. Find out more about HANYS in our case study.