Topic Collection Cover Page

Continuity of Operations (COOP)/ Business Continuity Planning Topic Collection October 10, 2022

Topic Collection: Continuity of Operations (COOP)/ Business Continuity Planning

Disasters and public health emergencies can have a significant impact on healthcare personnel and facilities. Plans and mitigation efforts that allow medical facilities and providers to sustain their mission, core essential functions, and services for patients already receiving care, as well as respond to potential surges in patients with space, staffing (including leadership), and equipment/supply issues are required. The goal is to ensure continuity of operations and facilitate operational and financial recovery.

Continuity of Operations Planning (COOP) is the term favored by public and government entities for mitigation and planning strategies that create resilience and allow services to continue to be provided in the face of a range of challenges. Business Continuity Planning (BCP) is a similar term more often used in the private sector that focuses on both maintaining service delivery and receiving payment for those services provided. BCP in the past often referred to computer systems but now applies to all vulnerable resources. The resources that follow highlight selected plans and planning guidance, lessons learned, tools, and promising practices for healthcare facility BCP. Additional related resources may be found in the Hazard Vulnerability/Risk Assessment , Cybersecurity , Electronic Health Records , Recovery , and Utility Failures Topic Collections.

Each resource in this Topic Collection is placed into one or more of the following categories (click on the category name to be taken directly to that set of resources). Resources marked with an asterisk (*) appear in more than one category.

Sections Navigation

Section navigation.

Education and Training

Event-specific lessons learned, general information, guidance/guidelines, information technology (it) and utility issues.

Non-Hospital Setting Continuity Planning

Plans, tools, and templates.

Agencies and Organizations

This ASPR TRACIE Topic Collection was refreshed and comprehensively reviewed in August 2019 by the following subject matter experts (listed in alphabetical order): Eric Alberts , EM, CHS-V, FPEM, FPEM-HC, CDP-1, CHPP, CHEP, SEM, CFRP, FABCHS, Manager, Emergency Preparedness, Orlando Health, Inc. (Hospital System); Peter Brewster , U.S. Department of Veterans Affairs, Program Manager, Education and Training; John Hick , MD, HHS ASPR and Hennepin County Medical Center; Onora Lien , Executive Director, Northwest Healthcare Response Network; Mary Massey , BSN, MA, PHN, VP, Emergency Management, California Hospital Association; and Mary Russell , EdD, MSN, Healthcare Emergency Response Coalition, Palm Beach County Florida.

I t was comprehensively reviewed in August 2015 by the following subject matter experts (listed in alphabetical order): Eric Alberts , BS, FPEM, CHS-V, CDP-1, CHPP, CHEP, SEM, CFRP, FABCHS, Manager, Emergency Preparedness, Orlando Health, Inc. (Hospital System); Peter Brewster , U.S. Department of Veterans Affairs, Director, Education and Training; Benjamin Dauksewicz , MA, CEM, Mount Sinai St. Luke’s–Roosevelt; Natalie N. Grant , MPH, Program Analyst, HHS ASPR, Office of Emergency Management (OEM), Recovery, and Hurricane Sandy Health & Social Services Recovery Support Function Field Coordinator; John Hick , MD, U.S. Department of Health and Human Services, Office of the Assistant Secretary for Preparedness and Response (HHS ASPR) and Hennepin County Medical Center; Carol Jacobsen , RN, Director, Public Health Programs, Ohio Hospital Association; Bill Mangieri , CBCP, CHEP, Field Project Officer Region VI, National Healthcare Preparedness Program, HHS ASPR, OEM; Mary Russell , EdD, MSN, Emergency Services, Boca Raton Regional Hospital; and Matthew L. Smith , Chief, Continuity of Operations Branch, HHS ASPR, OEM, Division of Resilience.

Featured Resources

The Disaster Available Supplies in Hospitals (DASH) Tool

Monkeypox Resources

COVID-19 Resources Page

COVID-19 Workforce Virtual Toolkit

CDC's Coronavirus (COVID-19) Page

ASPR's 2019 Novel Coronavirus Disease Page

Subscribe to the ASPR TRACIE Listserv.

Enter your email address to receive important announcements and updates through the ASPR TRACIE Listserv.

The Ultimate Guide to Business Continuity in Healthcare

Everything you need to know about business continuity in the healthcare industry, including a blueprint to ensure a holistic hospital preparedness program.

hospital business continuity plan example

While hospitals are well-equipped to respond to certain disasters, oftentimes healthcare organizations are missing a critical ingredient in the recipe for preparedness: business continuity.

This guide looks at hospital preparedness in terms of what hospitals do well, what’s missing, and how to achieve a wholistic program to ensure hospitals can continue to perform critical functions (like saving lives!) in the face of any disruptive event.

Before we dive in, let’s define a few key terms that we will further explore in this article:

Requirements for Hospitals

The number one priority for hospitals is to provide continuous, superior care to patients, regardless of circumstance. This principle results in the need to invest time and resources in preparing for disruptive events. In addition, a number of external parties require hospitals to invest in preparedness measures, specifically the following:

To achieve these goals, most hospitals implement a Hospital Incident Command System (HICS).

Get The Business Continuity Business Case Template

Hospital Incident Command System (HICS)

What is a Hospital Incident Command System (HICS)? Per the HICS Guidebook (Fifth Edition, 2014),  HICS is an incident management system that can be used by any hospital to manage threats, planned events, or emergency incidents.  HICS is not a singular activity or plan; it is an overarching program or framework that helps to design, implement, maintain, and improve an emergency preparedness program. HICS is closely related to the National Incident Management System (NIMS) Incident Command System (ICS) mentioned above; however, HICS is specially adapted to meet the needs of hospitals, while ICS can be applied broadly to almost any public and private organization.

To implement HICS or find out more about the specific HICS framework and requirements, check out the HICS Guidebook and HICS forms. Per the HICS Guidebook, HICS forms are intended to “provide guidance for incident documentation, resource tracking, safety information, cost collection, and other critical activities within the Hospital Command Center.” The forms alone are not the solution to implement an emergency management program, but they are an excellent resource.

Most hospitals frequently use their HICS frameworks to effectively respond to emergency situations and continue delivering patient care. Ideally, HICS programs incorporate related disciplines, such as IT disaster recovery, information security, and business continuity. However, most organizations have implemented HICS with a focus on dealing with external disasters and mass casualty events, thus investing little time into planning for other events that could occur.

Increasing Focus on IT Disaster Recovery and Information Security

In addition to HICS, hospitals are focusing increasingly on IT disaster recovery capabilities and information security preparedness. Since hospitals are becoming more reliant on IT applications to store patients’ medical information, robust IT disaster recovery programs are needed to ensure applications are available to support medical professionals in treating patients. Technology is so engrained in providing patient care that oftentimes any amount of downtime for key systems would result in impacts to patient care. Therefore, hospitals focus on IT disaster recovery strategies to reduce downtime of systems and data loss. Furthermore, hospitals put in place “downtime procedures,” or manual workarounds, for critical systems where possible. This includes storing some patient information locally so that providers can access the information if the primary data source were unavailable. Additionally, hospitals have retained paper procedures, such as patient charting and ordering prescriptions, as backups to critical systems. Of note, although these workarounds are typically available at hospitals, oftentimes younger staff and day-shift staff are not adequately trained on these manual processes due to never having to use them. (Night-shift staff are typically required to use manual processes during system upgrades and older staff typically used the manual processes before the systems were installed.) Therefore, it is critical that hospitals’ IT disaster recovery programs encompass downtime procedure development  and training .

Hospitals and healthcare providers are also focusing heavily on information security for several reasons:

To address information security, most hospitals have established information security programs. These programs implement and manage preventative measures, such as policies, training, and “hardening” environments, and response plans.

What’s Missing?

Until recently, the focus of many hospitals has solely been on establishing and maintaining a robust HICS program. In the past several years, hospitals have put significant efforts towards IT disaster recovery and information security programs. With these programs in place, are hospitals fully prepared to respond to any type of disruption? Oftentimes not.

The gap in preparedness comes from hospitals tending to use a narrow lens when considering the areas that should be in scope for preparedness efforts and the types of disruptions that could occur. HICS does a great job preparing for natural disasters and other community-wide events. IT disaster recovery and information security both reduce downtime of technology and prepare to respond and recover from these events. So, what’s missing?

Current hospital preparedness efforts neglect a few key disruptions that could occur. For example, HICS plans typically do not address strategies for a loss of third-party suppliers. The typical hospital preparedness measures and programs also tend to focus exclusively on patient care departments and neglect back-office or support departments. In doing so, support departments, such as Call Centers, Payroll, and Accounts Receivable, may have significant risks of downtime with no plans to recover. Sometimes these departments, if unavailable, can impact patient care. For example, downtime of the Call Center could prevent patients from scheduling appointments.

To address these gaps and ensure a complete preparedness program, hospitals implement a business continuity program that is integrated with existing efforts. The business continuity program should focus on:

The HICS framework is flexible and can incorporate business continuity program elements, while serving as the overarching incident response framework. In fact, HICS has pre-defined roles for business continuity, which means integrating the two can be a natural evolution. The following section describes how to implement business continuity and integrate with current efforts to achieve a holistic hospital preparedness program.

How to Build Business Continuity in Healthcare

When creating your hospital’s business continuity program, ensure that it is properly integrated with existing HICS, IT disaster recovery, and information security planning processes by following the 6-step model below:

Create a Cross-Functional Steering Committee The first key to successfully implementing an integrated preparedness program is to create an integrated, cross-functional group of management (i.e. steering committee) to oversee the preparedness effort of the hospital. Typically, the emergency management program will already have a management group that it reports to, so it may make sense to first look at this group to oversee the overall preparedness program. However, it is important to keep in mind that this group should truly be cross-functional, meaning it should have representation from emergency management, business continuity (clinical and support areas), IT disaster recovery, and information security.

Set Program Scope and Objectives After the cross-functional steering committee is created, this group should set hospital-wide program objectives and priorities. These priorities may include:

Note: The priorities established by the steering committee can easily serve as the scoping mechanism for the business continuity business impact analysis (see next bullet).

Execute Business Impact Analysis After the steering committee determines the program’s scope and objectives, the business continuity team should perform a business impact analysis (BIA) and risk assessment for in-scope departments throughout the hospital (see  Ultimate Guide to the Business Impact Analysis   for more information on how to properly scope your BIA). The BIA and risk assessment determine the department’s critical activities and the impact of a disruption on them. In addition, the BIA identifies all dependencies relevant to critical activities, including technology, personnel, suppliers, equipment, and facilities. For all dependencies, the BIA/risk assessment identifies likely sources of risk, current-state controls to mitigate risk, and risk treatment options. The key outcome of the BIA is to set recovery time objectives for the resumption of critical activities to ensure the hospital’s capabilities align to requirements.

Develop Response and Recovery Strategies Following the BIA and risk assessment, all teams should determine/review capabilities and strategies that enable the hospital to recover its critical activities and resources (including technology) within the recovery time objectives identified in the BIA.

Develop and Update Plans Following the identification and implementation of strategies, all teams should use analysis outputs to develop/update emergency response, business continuity, IT disaster recovery, and information security plans. Together, these plans should ensure the hospital can respond and recover to the following scenarios:

Test and Exercise Plans After all plans have been developed/updated, an integrated method should be used to test the plans. Since there is likely already a testing cycle in place for the emergency management team/plan, a key success factor for breaking down the silos between the preparedness programs is to integrate the business continuity exercises into the existing emergency management exercises. If possible, the hospital should also consider including IT disaster recovery tests and information security exercises within the scope of the emergency management tests.

Hospitals are experts at planning for and responding to community and facility emergency events using the HICS framework. Additionally, in recent years, hospitals have built increasingly mature IT disaster recovery and information security programs. However, most hospitals and healthcare providers do not account for business continuity in their preparedness programs, which can be a recipe for disaster. To ensure a holistic hospital preparedness program inclusive of business continuity, healthcare providers should use the following recipe:

Blueprint For Preparedness


How to build a hospital business continuity program:

Develop and quantify your organization’s unique business case for investing in a business continuity and operational resilience capability. Worksheet included.

hospital business continuity plan example

Emergency Preparedness

Emergency Preparedness

Hospital continuity resources a toolkit for healthcare providers.

CHA Hospital Continuity Program Checklist

Business Continuity Planning Toolkit

VI. Appendixes

VII. Additional Example Plans/Resources

Other Continuity Resources


  1. Business Continuity Planning Process Diagram

    hospital business continuity plan example

  2. Conceptual framework for hospital business continuity planning (BCP)

    hospital business continuity plan example

  3. 40 Business Continuity Plan Sample

    hospital business continuity plan example

  4. 30 Hospital Emergency Preparedness Plan Template in 2020

    hospital business continuity plan example

  5. 8 Easy to Use Business Continuity Plan Template

    hospital business continuity plan example

  6. Business Continuity Plan Template in Word and Pdf formats

    hospital business continuity plan example


  1. D&V Philippines

  2. Part 5- Strategic Planning for Healthcare Reform


  4. How our Health Management Plan improves businesses bottom line

  5. #KitaSapotKita

  6. Planned Care Principles


  1. Continuity of Operations (COOP)/ Business Continuity Planning

    Hospital Continuity Planning Toolkit. (Accessed 7/9/2019.) This toolkit provides examples for hospitals to follow when developing their continuity plans. It is a companion document to the California Hospital Association's Hospital Continuity Program Checklist. Rate: Favorite: 3 Login to rate, favorite, and comment on the article Comments 0

  2. Hospital Business Continuity Templates

    These Business Continuity Plan (BCP) templates and instruction manuals are provided by the Los Angeles County Emergency Medical Services (EMS) Agency as a resource to assist healthcare facilities develop their business continuity plans and meet the Hospital Preparedness Program’s Healthcare Preparedness Capability 2: Healthcare System Recovery, …

  3. The Ultimate Guide to Business Continuity in Healthcare

    Business Continuity (BC) – responsible for developing and implementing department-specific recovery requirements, strategies, and plans in order to successfully respond to and recover from a disruptive event impacting required resources (facility, technology, supplier, personnel, equipment, etc.).


    The Business Continuity Plan is accessible in paper format via the EPLO for the Trust or electronically via the intranet. Figure 3. The Business Continuity Planning Process 1.7 Identify Critical services To develop a complete Business Continuity plan it is very important that the business is fully understood with an all-inclusive list of critical

  5. Hospital Continuity Resources

    Download Appendix G: Utilizing Your Business Continuity Plan (.ppt) VII. Additional Example Plans/Resources Download Sample Business Continuity Planning Presentation (.ppt) Good Samaritan Hospital: Sample Continuity Plan (.pdf) Other Continuity Resources How to Conduct a Hospital Business Impact Analysis (.pdf)

  6. Business Continuity Plan Example

    The purpose of the Business Continuity Plan is to assist the organization with ensuring that mission critical services and process are maintained, restored or augmented to meet the designated Recovery Time Objectives (RTO). Following the command/HICS structure, the Business Continuity Operations Branch will lead BCP activities to: a.