McKesson Partners With SunGard Availability Services to Offer Complete Disaster Recovery Solution for Hospitals

Market Wire, February, 2005

McKesson, the world's leading healthcare services and information technology company, today announced the industry's most comprehensive hospital clinical continuity and disaster recovery solution (CC/DR) for hospitals. The solution is designed to help healthcare organizations address two pressing issues: the April 2005 deadline for the final HIPAA security rule, which includes disaster recovery requirements, and greater awareness of the threat from catastrophic events such as extreme weather, earthquake and terrorist activities. To deliver this unique solution, McKesson has partnered with SunGard Availability Services, the pioneer and leader in disaster recovery and information availability services. For 25 years, SunGard has provided customers with uninterrupted access to mission critical data and systems. This partnership will allow McKesson to integrate SunGard's traditional business continuity and managed services with McKesson's consulting and technical services to provide a comprehensive solution for customers.

McKesson pioneered the business of providing integrated technology services for hospitals and continues to lead the industry in providing world-class, 24-hour support for life-critical applications. Today, more than 300 hospitals rely on McKesson to keep more than 750 critical systems up and running. McKesson's CC/DR solutions help ensure that those applications are operational in the shortest time possible in the event of either planned maintenance downtime or natural disasters.

"We have made business continuity a top priority, not just to comply with the April HIPAA deadline, but also because we have become so dependent on our electronic health records and related systems that even a short period of downtime can have a serious impact on our business," said Cathie Brown, manager of information security and business continuity at Centra Health, Lynchburg, Va. "Our goal is to become 100 percent electronic in the near future. McKesson's CC/DR solution gave us a business impact assessment that is helping us design our application infrastructure to make it less vulnerable to interruption. We are also putting in place a comprehensive, fully-tested recovery plan to make sure we experience the minimum downtime in the event of an emergency."

In February 2003, the Department of Health and Human Services issued its Final Rule for Health Insurance Reform: Security Standards as part of its effort to implement the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Covered organizations are required to comply with the final HIPAA security rule by April 20, 2005, including the requirements for contingency planning. According to the rule, a contingency plan must be in effect for responding to system emergencies. The plan is to include an applications and data criticality analysis, a data backup plan, a disaster recovery plan, an emergency mode operation plan, and testing and revision procedures.(1)

"Most organizations are backing up data, but in the wake of a disaster, the real issue is getting the applications back up and running, and our experience is that the few organizations that have tested their ability to do so find significant problems," said Eric Ringwall, McKesson's vice president and general manager for technology services. "Developing and executing a disaster recovery plan that works is a complex process and requires the assistance of an HIS application expert. As part of our solution, we not only build a hospital-specific DR plan, we also execute simulated disaster recovery tests on a regular basis to ensure constant readiness. This level of documentation and testing not only lets organizations rest assured that they are ready to respond in the event of an emergency, it also positions them very well for HIPAA compliance."

McKesson's CC/DR offering is the broadest suite of products and services available to assess organizational vulnerability and plan, deploy, document and test a customized recovery program to satisfy HIPAA requirements and ensure continuous patient care in the event of an emergency. The McKesson CC/DR offering includes the following components:

--  Current State Assessment (CSA) - provides the customer with a third-
    party validation of its CC/DR program by comparing it with industry best
    practices.

--  Threat and Risk Assessment (TRA) - detects significant exposures that
    could adversely affect an organization's ability to perform critical
    business processes.

--  Business Impact Assessment (BIA) - provides a decision support tool to
    assist executive management in making sound business decisions to protect
    critical patient care processes.

--  Application Recovery and Testing (ART) - provides the capability for
    the recovery and testing support for critical hospital applications
    following a disaster or other significant application disruption.
    

Visitors to the Annual HIMSS Conference and Exhibition, Feb. 13 -17 in Dallas, can learn more about McKesson's clinical continuity and disaster recovery services for hospitals at the Success Center in McKesson's Booth 3011.