HIMSS26: Understanding Clinical Care Resilience as an Ongoing Process

At the HIMSS Global Health Conference 2026, healthcare leaders emphasized that clinical care resilience is not a one-time project but an ongoing process that requires continuous planning, testing and improvement. Hospitals and healthcare organizations must be prepared to continue operations during both planned and unexpected system downtime, as downtime can affect patient care and also lead to significant financial losses.

One of the key discussions at the conference focused on what happens when electronic health record (EHR) systems become unavailable. Many healthcare organizations assume that switching to paper records is the best backup plan, but experts pointed out that many modern clinicians have never been trained to use paper charting systems. Without access to digital records, clinicians may not have complete patient history, medication details or other important health information, which can directly impact patient treatment and safety.

To address this issue, experts discussed the importance of having an Isolated Recovery Environment (IRE). An IRE is a separate and secure environment that can be used to restore critical systems and data during a cyberattack or system failure. Because cybercriminals now often target backup systems, healthcare organizations need a secure, isolated environment that allows them to recover systems more quickly and continue essential operations.

However, experts also clarified that an IRE should not replace disaster recovery or high-availability systems. Instead, it should act as a backup solution that helps organizations continue operations while the main systems are being restored. In simple terms, the IRE acts like a “lifeboat” that helps healthcare organizations continue functioning during a crisis.

Another important point discussed at the conference was the importance of a zero-trust security framework in recovery environments. Zero trust means that no user or device is automatically trusted, and access is granted only after proper verification. This approach helps protect sensitive healthcare data and ensures that only authorized users can access critical systems during downtime.

Healthcare organizations also need to ensure that clinicians can access recovery systems during downtime. One solution discussed was providing secure mobile device access so clinicians can access critical systems even if the main hospital network is unavailable. This ensures that patient care can continue even during major system outages.

Another topic discussed was disaster preparedness testing. Some healthcare organizations are now using chaos engineering techniques, where they intentionally shut down parts of their network to test how well their systems, staff and medical devices respond during an outage. These tests help organizations understand their weaknesses and improve their disaster recovery plans.

Healthcare organizations also need better visibility into their systems, especially because hospitals now use thousands of connected devices such as medical equipment, sensors and communication devices. By monitoring these devices and using automation tools, IT teams can detect problems early, improve network performance and ensure devices are working properly.