Difference between revisions of "Disaster Recovery Plan"
(→HIPAA Requirement) |
|||
| Line 2: | Line 2: | ||
==HIPAA Requirement== | ==HIPAA Requirement== | ||
| − | A disaster recovery plan is a HIPAA requirement under the Administrative Safeguard Standard <ref name="HIPAA"> Jones, A. E. (n.d.). Contingency Plan: Disaster Recovery Plan-What to Do and How to Do It. http://www.hipaa.com/contingency-plan-disaster-recovery-plan-what-to-do-and-how-to-do-it/ | + | A disaster recovery plan is a HIPAA requirement under the Administrative Safeguard Standard <ref name="HIPAA"> Jones, A. E. (n.d.). Contingency Plan: Disaster Recovery Plan-What to Do and How to Do It. http://www.hipaa.com/contingency-plan-disaster-recovery-plan-what-to-do-and-how-to-do-it/</ref>. |
| + | |||
| + | HIPAA has identified the following information to be included in DRP: | ||
| + | |||
| + | *Outcomes of the covered entity’s identification of vulnerabilities and potential threats in the risk analysis. | ||
| + | *Safeguards adopted by the covered entity to mitigate risks associated with those vulnerabilities and threats. | ||
| + | *Responsibilities of the covered entity’s key workforce members assigned by the Security Official to recover should a loss become a reality and a disaster occur. | ||
| + | |||
| + | Other requirement that must be taken into account: | ||
| + | *Plan for restoring business operations and safeguarding electronic protected health information during loss of electricity. | ||
| + | *Identify how natural disasters harm current systems that include electronic protected health information and create policies and procedures to address situation. | ||
| + | *Include an emergency mode operation plan. Focus on how operations will be executed during an emergency and identify workforce members assigned to perform these tasks. | ||
==References:== | ==References:== | ||
Revision as of 19:34, 16 November 2015
A disaster recovery plan (DRP) is a set of processes by which an organization aims to recover its information technology and other vital infrastructure resources in the event of partial or total failure due to man-made, natural, or environmental causes. DRPs should strive to ensure that essential resources are preserved in a disaster (i.e. patient data is backed up at off-site data center not directly vulnerable to same potential events as hopsital) , that procedures are in place for continuing operations while resources are down or limited (i.e. downtime forms are available if the clinical information system is inaccessible), and that a strategy exists to resume normal operations in a timely manner (i.e. return the clinical information system to full operational capability and enter clinical data that was generated during downtime). A DRP should be frequently reviewed, updated, and tested. [1].
HIPAA Requirement
A disaster recovery plan is a HIPAA requirement under the Administrative Safeguard Standard [2].
HIPAA has identified the following information to be included in DRP:
- Outcomes of the covered entity’s identification of vulnerabilities and potential threats in the risk analysis.
- Safeguards adopted by the covered entity to mitigate risks associated with those vulnerabilities and threats.
- Responsibilities of the covered entity’s key workforce members assigned by the Security Official to recover should a loss become a reality and a disaster occur.
Other requirement that must be taken into account:
- Plan for restoring business operations and safeguarding electronic protected health information during loss of electricity.
- Identify how natural disasters harm current systems that include electronic protected health information and create policies and procedures to address situation.
- Include an emergency mode operation plan. Focus on how operations will be executed during an emergency and identify workforce members assigned to perform these tasks.
References:
- ↑ Carol Gonzales, Sandra Senft, Frederick Gallegos, and Daniel P. Manson. Auerbach Publications (2004).Information Technology Control and Audit, Second Edition >
- ↑ Jones, A. E. (n.d.). Contingency Plan: Disaster Recovery Plan-What to Do and How to Do It. http://www.hipaa.com/contingency-plan-disaster-recovery-plan-what-to-do-and-how-to-do-it/
1. http://en.wikipedia.org/wiki/Disaster_recovery_plan
2. Information Technology Control and Audit, Second Edition. Carol Gonzales, Sandra Senft, Frederick Gallegos, and Daniel P. Manson. Auerbach Publications, 2004.
