Access your Pro+ Content below.
Tip: Developing a HIPAA-compliant storage plan
This article is part of the August 2012 issue of Health IT
An important part of establishing and maintaining HIPAA compliance is the creation of a storage plan. Although the HIPAA regulations do not specifically require a storage plan, HIPAA Part 164.308(a)(7)(i)does require your organization to develop a contingency plan. Specifically, this regulation states: Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. Part ii outlines the implementation specifications for this regulation. HIPAA requires the creation of five separate documents as outlined below: (ii) Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data....
Features in this issue
Establishing HIPAA-compliant storage plans requires a three-pronged approach to meet disaster recovery, data backup and emergency operations criteria.
The HIPAA Security Rule requires all covered entities to create a disaster recovery plan but says little about what should go into such a plan. This tip fills in the gaps.
Last month's tornado in Missouri left one hospital destroyed and others scrambling to treat patients. A new EHR system, fast vendor support and operational WAN all helped.