You are watching the news on the television, and you are informed of a potentially dangerous Hurricane headed to your town. You are warned to evacuate the area for safety. What do you do? Do you feel you can withstand the force that is coming? Can your family withstand the elements? Where do you go? What do you bring with you? What about the pets? When is it coming, do I have time to get things in order? Do I board up the house? Where can I get materials and supplies to do it?
You decide to leave, packing the car with all you can fit in it. The pets are in the back seat, your tired after boarding up the house and locking the door. You worry about what will be left when you return but you have a long drive to get out of the way of the storm. The highways are filled with cars as far as the eye can see. Everyone has taken the advice and is moving out of the storm’s path. You have made a good decision and the family is proud of you.
After the ‘all clear’ and the storm has moved on past, you find that the storm has done it’s damage; trees down, electric out, buildings flattened, roads ripped apart, bridges weakened. You fear for your house, neighborhood and what you will be returning to.
You finally arrive home and find that water had flooded the first floor of your house, only a foot high, the roof is still intact, the boards had protected the windows. You finally feel relieved! But, Is the Disaster Over?
Where is the neighborhood? The stores are destroyed, your friends that had the house across the street, next door,… all gone. Where do you get food or gas? Is the electric still on? Did the water damage the electrical system? Did water get into the gas pipes? If so, they all have to be replaced. The disaster may just be setting in!
Do you still have a job? Is the office still in tact? How did the employees make out? Can I start up again? People are going to need my help more then ever, with all of the injuries that may have occurred. Where is your contingency plan—physically, where is it?
If there was a “Disaster Recovery Plan” established before any of this happened, you would not be asking many of the questions now. The plan would be in place and everyone involved would know what is to be done and when to do it. “Time” is your biggest enemy after a disaster strike! After a disaster is the wrong time to try to make a plan.
A disaster recovery plan is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster. Such a plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster.
Disaster recovery is an area of security planning that aims to protect an organization from the effects of significant negative events. Disaster recovery allows an organization to maintain or quickly resume mission-critical functions following a disaster.
The disaster recovery plan is a required implementation, defined within the HIPAA Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule. This plan supports compliance with the HIPAA requirement in §164.308 (a)(7)(ii)(B). At a base level, the proper policies, processes, and technologies must be put in place to ensure that electronic PHI is backed up regularly and can be restored (this supports compliance with the HIPAA requirement for a data backup plan in §164.308 (a)(7)(ii)(A)). Processes and solutions for good backup and recovery are well documented and should be standard procedure within IT departments.
The Rule calls for HIPAA-compliant organizations to anticipate how natural disasters could damage systems that contain electronic health information and develop policies and procedures for responding to such situations. A HIPAA-compliant disaster recovery plan must state how operations will be conducted in an emergency and which workforce members are responsible for carrying out those operations. The plan must also explain how data will be moved without violating HIPAA standards for privacy and security. It must also explain how confidential data and safeguards for that data will be restored.
If you need help with this or any HIPAA Service please give us a call at 914-698-1040.
J A Brown Consultants are ready and willing to help.