Business Continuity Planning

Business Continuity Planning (BCP) is the process of developing advance arrangements and procedures that enable UTMB to respond to an interruption in such a manner that critical business functions continue with planned levels of interruption or essential change. In simpler terms, BCP is the strategic act of planning a method to prevent, if possible, and to minimize and manage the consequences of an event that interrupts critical business processes.

UTMB Policy 2.1.5 states that all departments must have a Business Continuity Management (BCM) Plan and ensure that all employees are familiar with their individual roles and responsibilities.

An effective Business Continuity Plan should address the following areas:

  1. Mission Critical Activities
  2. Risk Analysis/Business Impact Analysis
  3. Back-up, Recovery and Resumption Strategies (for those mission critical activities)
  4. Hurricane Preparedness Checklist
  5. Back-up Facilities
  6. Back-up Equipment
  7. Information Technology (IT) Systems
  8. Paper and/or Non-electronic Records
  9. Key Staff
  10. Emergency Contact Numbers
  11. Critical Supplies
  12. Critical Vendor
  13. Training
  14. Testing
  15. Maintenance
  16. Loss of Work Space/Alternate Sites

**Continuity Planning falls under (and is managed by) the department of Information Technology Services**

Clinical Continuity Planning

  • Disaster Recovery Tier List (Software & Applications)

    Information Technology Services (ITS) also manages UTMB's Tier Application List, which shows the order that software and applications will be restored/repaired after a catastrophic outage. For instance, work on restoring EPIC electronic medical record system will be prioritized over STATA statistical program. 

    The tiers are bulleted below. Also included are a few examples of each and the target recovery time (RTO) in red.

    • Persistent - UTMB's most critical communications and infrastructure systems (e.g., Epic, Microsoft Exchange & Teams, Corrigo/Onguard).These applications will be brought back online as soon as possible.
    • Tier 1 - Critical and/or institutionally significant applications and infrastructure systems (e.g., PeopleSoft, Kronos/Payroll, Citrix). RTO of no longer than 3 days.
    • Tier 2 - Systems that impact a significant number of customers, departments, or business processes (e.g., Blackboard, Zoom, Landesk). RTO of 3 days to 2 weeks.
    • Tier 3 - Remaining systems that do not require immediate recovery or that impact a small subset of users (e.g., STATA, Question Pro, Maximo). RTO of more than 2 weeks.

    This list factors in the criticality of each application on UTMB's operations, as well as the time/resources needed to restore each one (including the ITS manpower available to do so).

    It is important for every department to do the following:

    1. Ensure Information Technology Services and Information Security departments know what applications you are using. They can't help you diagnose or fix a problem if they don't know what software you have. If they don't know about your application, it won't be on their Tier List, therefore you'll be waiting weeks at the back of the line in terms of restoration.
    2. Know the disaster recovery tier of the software you use. There may be a discrepancy between how important you think the software is and what ITS deems it. Don't be caught thinking your applications will be restored earlier than they actually are.

Strategies to Manage Various Losses of Functionality

BCP - Loss of X

  • Loss of Workplace

    The hospital’s continuity of operations plan identifies in writing how and where it will continue to provide its essential business functions when the location of the essential or critical service has been compromised due to an emergency or disaster incident.

    • UTMB’s first option will be to consolidate critical healthcare and support functions in the existing 4 campus infrastructure
    • If necessary, Portfolio Management will be tasked with procuring additional space
    • Parking areas and the Main Campus athletic field is available for temporary facilities
    • Support functions may work from alternate locations, or from home.
    • The Health System hospitals may conduct a full or partial patient evacuation so that patient care can continue at locations that are safe.
    • If facilities are damaged in an incident or disaster, UTMB hospitals may conduct a post-incident evacuation.
    • A key healthcare continuity strategy for damage to the facility is to use alternate care facilities. UTMB may establish alternate care facilities. Texas Emergency Medical Task Force Region 6 maintains a portable 32 bed Mobile Medical Unit. This unit is one option available in establishing an alternate care site. (An 1135 Waiver will be requested for use of alternate care space)
    • Alternate care sites could be established on UTMB property or other locations as determined by the UTMB Command Center.
    • If resources are constrained or facilities are damaged, the Health System may relocate or consolidate services. This includes hospitals and clinic locations.
    • Support to establish an alternate care site may be requested through the Catastrophic Medical Operations Center.
    • The Texas Emergency Medical Task Force (EMTF) Region 6 has assets that may be of use for UTMB Healthcare Continuity including:
      • Ambus
      • Mobile Medical Unit
      • Ambulance Mobilization
      • Nurse Strike Team (25 member)
    • If additional resources are required, requests can be forwarded to other Texas EMTF regions
    • UTMB has an existing contract with the National Disaster Medical System (NDMS).
    • If required, UTMB could issue a request for NDMS support such as a Disaster Medical Assistance Team (DMAT) through the State of Texas.
  • Loss of Workforce
    • The Health System will take measure to protect the workforce from known disease agents. UTMB is a Strategic National Stockpile (SNS) Point of Dispensing. Prophylactic medications and supplies will be requested for staff, family members, patients, and students.
    • In business occupancies, social distancing strategies and telecommuting will be used where practical.
    • UTMB has a resource sharing plan with other University of Texas institutions. If staff members are available from those institutions, the existing interagency agreement will be used to arrange those services.
    • Use of temporary contract employees (staffing agencies) may be an additional option for staffing.

    Framework used to develop options during the Covid response staffing shortages:

    1. Review current mitigation efforts and assess sustainability of those efforts

    • Continue to cancel outside transfers
    • Continue to aggressively discharge patients
    • Continue to remain on saturation
    • Continue to cap unit capacity
    • Continue to allow emergency documentation
    • Continue to review/cancel all IP OR cases
    • Continue to engage management and non-bedside care RNs in bedside care
    • Continue to require higher nurse to patient ratios
    • Continue to closely manage paid time off (PTO)

    2. Evaluate additional options to sustain critical services and the health care mission.  Discussion to include feasibility and triggers 

    • Reallocate staff from across the UTMB institution to keep IP and EDs up and running, e.g.,
      • SON
      • SOM
      • Ambulatory Division
      • Procedural areas (PACU, ORs, etc)
    • Shut down services, e.g.,
      • ORs & procedural areas
      • Elective ancillaries
    • Rationalize services at select campuses, e.g.
      • Consolidate deliveries from ADC to CLC
    • Tighter admission criteria, e.g.,
      • Reduce observation
  • Loss of Technology
    • Cyber Threats are a significant risk to all organizations, including UTMB. Information Security provides the framework to defend UTMB’s information systems against cyber threats. Information systems are tier-rated and Information Services addresses the Disaster Recovery (DR) planning for UTMB’s information systems. The departmental Business Continuity Plans identify the information systems required to perform departmental business functions. Departmental down-time procedures are documented for planned and unplanned information systems outages, including cyber-attacks. Systems that have been attacked are restored to backed-up copies of the system. Information collected during the downtime following the departmental downtime procedures is entered after successfully restoring the software system.
    • Selection of the information to be collected during down time procedures should be carefully analyzed so that only essential information is collected. This will streamline the process to re-enter manually collected data once automated systems are restored.
    • UTMB conducts annual tabletop exercises to simulate situations that could occur related to cyber threats. In addition, most clinical systems are upgraded at least once per year and, in most cases, these upgrade events represent an opportunity to exercise our down-time and post down-time procedures.
    • All Health System departmental plans should include down-time procedures in case automated systems are down or not available.
    • For the Building Automation System – a plan to revert to manual control of utilities is in place.
    • Once systems are restored, additional staffing may be required to upload data to automated systems from the downtime records – while regular staff conduct normal operations.
    • UTMB has a robust information security program in place to help prevent incidents, as well as a response capability.
    • The University of Texas System maintains insurance for cyber incidents that will help to address the cost and effort of an incident response and recovery.
    • Vital Records – Paper records will not be stored in locations that are vulnerable to flooding. Required retention schedules should be followed closely so that scarce resources are not expended to safeguard or restore paper files that are not required.
  • Loss of Critical Utility
    • Backup power systems are in place as well as contingency plans for fuel.
    • Facilities can provide portable equipment.
    • For Main Campus, there is a single point of failure for delivery of water to the island. An extended failure might require evacuation.
    • All campus hospitals should have plans in place for loss of city water chlorination.
    • For outages that cannot be addressed by emergency or portable equipment, strategies for loss of workplace may need to be implemented such as relocation of patients, consolidation of services, up to and including partial or full evacuation.
  • Loss of Transportation / Access
    • Transport by high water vehicles or air may be requested to jurisdictional command centers.
    • UTMB Police has a high-water vehicle that will be managed by the UTMB Command Center.
    • Implement contingency plans for holiday weekends and special events.
    • If possible, develop backup staffing plans that make use of employees unaffected by the incident (e.g. road construction causing major traffic delays).
    • Ask staff to arrive earlier and/or stay later to ensure adequate staffing levels. Remember that staff should remain on-duty until relieved.
    • Arrange mass transit (e.g., carpool) from an unaffected location.
    • Think creatively to identify solutions (e.g., use of a ferry/boat to reach Galveston main Campus).
    • [Last Resort in life or death situations] Set a rally point at an unaffected location (e.g., League City Campus) where personnel can gather so that Campus Police can provide escort.
    • An Air Services contract is available to provide evacuation or patient transport support, along with transport of critical staff, supplies, and equipment.
    • Transportation support can be requested from the State of Texas if needed.
  • Loss or Shortage of Critical Medical Supplies or Equipment
    • Planning should include a risk assessment to identify any medications, medical supplies or equipment that are critical to the performance of a department’s healthcare mission. Given that resources are limited, contingency plans should first focus on the most critical items identified in the risk assessment. The probability of an incident raises with the frequency of occurrence, so the priority of a given class of medications or supplies may go up following an actual shortage.
    • Vendors and suppliers should be willing to provide information about their own medical supply chain continuity plans. Departments that procure critical supplies should carefully review vendor plans and determine if the plan demonstrates a competent ability to maintain supply despite disruptions.
    • The Strategic National Stockpile (SNS) maintains caches of critical medical supplies that would be needed in major health emergencies. For biological events such as an infectious disease outbreak, UTMB will request support from the SNS through the Catastrophic Medical Operations Center and through the Texas State Medical Operations Center.
    • SNS Chemical incident antidotes are pre-deployed to UTMB pharmacies in the form of a CHEMPACK. The CHEMPACK contains antidotes for nerve agent and organophosphate exposure (atropine sulfate, pralidoxime chloride, diazepam and other supplies). Consideration should be given to augmenting the CHEMPACK with local supplies for antidotes for the highest priority risk chemicals in our region, i.e., hydroxocobalamin (cyanokits) for hydrogen cyanide and sodium cyanide; calcium gluconate for hydrogen fluoride exposure; amyl nitrite for hydrogen sulfide exposure.
    • UTMB shares risk information with other area hospitals concerning chemical incident preparedness. Requests for medications related to a local incident can be submitted to the Healthcare Coalition members and can be processed with the assistance of the Catastrophic Medical Operations Center.
    • For Hydrogen Fluoride incidents specifically, local industry does maintain stockpiles of calcium gluconate. The Honeywell account representative for the region has agreed to make their best effort to request industry supplies if needed for a medical response.
    • The University of Texas System has an emergency resource sharing agreement in place that includes a pre-approved inter-agency agreement template. This template can be used to record the transfer. Assistance in contact with appropriate officials at other UT institutions is available through the UT Office of Risk Management.
    • Contingency suppliers should be identified and a streamlined emergency procurement processes should be in place in case UTMB’s existing vendors cannot supply UTMB requirements.
    • The Department of State Health Services has developed agreements with private pharmacies to support distribution of medications during an emergency. If the medication shortage involves patients not being able to fill their prescriptions due to closure of private pharmacies, a request for support can be put through the State Medical Operations Center to engage their private partners and e.g. establish pop-up pharmacies in the affected community.
    • The UTMB Command Center may be activated to assist in addressing the shortage.
    • If a shortage were to occur, the Health System would take steps to prioritize the use of the existing supply. This might involve central management of the supply and redistribution based on the priorities established.
    • UTMB would make use of the Healthcare Coalition and any purchasing alliances that it belongs to for contingent supplies.
    • Departments should include disruptions to the medical supply chain in their planning, training, and exercises.

    NOTE: Correctional Managed Care (CMC) will work in unison with UTMB and TDCJ Incident Commanders in deciding when to mobilize patients in the case of a disaster that is predicted to adversely affect UTMB’s operational infrastructure. TDCJ has a detailed operational timeline to mobilize patients to other locations in the case of a predictable disaster, such as a hurricane. The CMC Disaster Preparedness Plan includes those timelines as well as various other operational issues regarding logistics.

  • Loss of Standard Communications
    • UTMB’s telephone system and email application could go down for a variety of reasons including a cyber-attack that takes down the UTMB network. Therefore, departments should be prepared to provide healthcare and support services if normal telephone and email systems go down.
    • Departmental continuity plans should include a communications plan to be used in case IP phones or email go down. The communications plan with a hard copy backup file should include all key staff, and internal/ external partners contact information (including cell phone numbers) so that critical missions can continue.
    • 800 MHz Trunked Radios (Motorola APX 6000) are available at each campus Command Center that can be used for intercampus communications. All campuses are currently required to participate in a monthly radio check with the Catastrophic Medical Operations Center (CMOC) on Zone 78 Channel CMOC 3. Initial contact for Intercampus communications should take place on Zone A Channel UTMB 1. A standby radio communications plan should be implemented for all campuses so that radio operators will know when to monitor radios for traffic. Campuses should establish a monthly radio check to better assure familiarity with the radios and to confirm their functionality. Campuses should budget for radio maintenance, replacement, and batteries. The 800 MHz trunked radio system is a statewide system and can be used to communicate with local agencies including fire, police, emergency management, public health, other hospitals, and the Catastrophic Medical Operations Center in Houston.
    • UTMB IS Voice Services manages a Motorola XPR 3500 radio system. These radios have limited range but are supported by repeaters at Main Campus and Clear Lake Campus. If the UTMB network is up, intercampus communications may be possible. Voice Services maintains a limited cache of these radios on the second floor of the Administration Building that can be deployed by the Command Center. Departments that need radios to support their normal or emergency operations should contract IS Voice Services for information on procuring radio service.
    • If needed to maintain healthcare service, the Command Center, Logistics Section, Support Division (Human Resources) can organize a labor pool to provide runners for interdepartmental communications if all other systems are down.

“We stop for no storm.”

The University of Texas Medical Branch and its employees have braved many disasters - from the 1900 storm and the Texas City Disasters of 1947 to Hurricanes Carla in 1961, Alicia in 1983, Ike in 2008 and Harvey in 2017. In order to maintain our status as one of the leading health care institutions in the nation, we must continue to prepare for such and other potential disasters.

The Gulf Coast's vulnerability to natural disasters, coupled with the threat of homeland terrorism in the United States since 9/11, make it more essential than ever for UTMB to ensure that plans are in place, tested true and viable should situations develop - whether man-made or natural.

Therefore, in response to these challenges UTMB has established a Business Continuity Planning program.

The University of Texas stops for no storm...