Access your Pro+ Content below.
Meeting HIPAA disaster recovery requirements tough but possible
This article is part of the August 2012 issue of Health IT
Under federal law, HIPAA covered entities must implement procedures to protect and secure access to electronic protected health information (ePHI). What's more, such entities also had to supply a contingency plan to insure continued ePHI availability during emergencies or disasters. However, ePHI exists only in conjunction with data processing applications and, thus, can only be recovered together with those systems. Consequently, HIPAA disaster recovery requirements state the need for an ePHI data backup plan, along with disaster recovery and emergency mode operation plans. The intent of the data backup plan was to create systems that allowed for the restoration of all ePHI. The intent of the disaster recovery plan was to identify the processes and procedures needed to insure that ePHI data could be restored in the event of loss. Finally, the intent of the emergency mode operation plan was to describe how operations could continue to protect and secure ePHI during an emergency. In addition, HIPAA disaster recovery requirements...
Features in this issue
Establishing HIPAA-compliant storage plans requires a three-pronged approach to meet disaster recovery, data backup and emergency operations criteria.
The HIPAA Security Rule requires all covered entities to create a disaster recovery plan but says little about what should go into such a plan. This tip fills in the gaps.
Last month's tornado in Missouri left one hospital destroyed and others scrambling to treat patients. A new EHR system, fast vendor support and operational WAN all helped.