Disaster Recovery Plan

A disaster recovery plan (DRP) is a set of processes by which an organization aims to recover its information technology and other vital infrastructure resources in the event of partial or total failure due to man-made, natural, or environmental causes. DRPs should strive to ensure that essential resources are preserved in a disaster (i.e. patient data is backed up at off-site data center not directly vulnerable to same potential events as hopsital) , that procedures are in place for continuing operations while resources are down or limited (i.e. downtime forms are available if the clinical information system is inaccessible), and that a strategy exists to resume normal operations in a timely manner (i.e. return the clinical information system to full operational capability and enter clinical data that was generated during downtime). A DRP should be frequently reviewed, updated, and tested. ^[1].

HIPAA Requirement

A disaster recovery plan is a HIPAA requirement under the Administrative Safeguard Standard ^[2].

References:

1. ↑ Carol Gonzales, Sandra Senft, Frederick Gallegos, and Daniel P. Manson. Auerbach Publications (2004).Information Technology Control and Audit, Second Edition >
2. ↑ Jones, A. E. (n.d.). Contingency Plan: Disaster Recovery Plan-What to Do and How to Do It. http://www.hipaa.com/contingency-plan-disaster-recovery-plan-what-to-do-and-how-to-do-it/>

1. http://en.wikipedia.org/wiki/Disaster_recovery_plan

2. Information Technology Control and Audit, Second Edition. Carol Gonzales, Sandra Senft, Frederick Gallegos, and Daniel P. Manson. Auerbach Publications, 2004.