Disaster Recovery Plan

From Clinfowiki
Revision as of 19:34, 16 November 2015 by Adri007 (Talk | contribs)

Jump to: navigation, search

A disaster recovery plan (DRP) is a set of processes by which an organization aims to recover its information technology and other vital infrastructure resources in the event of partial or total failure due to man-made, natural, or environmental causes. DRPs should strive to ensure that essential resources are preserved in a disaster (i.e. patient data is backed up at off-site data center not directly vulnerable to same potential events as hopsital) , that procedures are in place for continuing operations while resources are down or limited (i.e. downtime forms are available if the clinical information system is inaccessible), and that a strategy exists to resume normal operations in a timely manner (i.e. return the clinical information system to full operational capability and enter clinical data that was generated during downtime). A DRP should be frequently reviewed, updated, and tested. [1].

HIPAA Requirement

A disaster recovery plan is a HIPAA requirement under the Administrative Safeguard Standard [2].

HIPAA has identified the following information to be included in DRP:

  • Outcomes of the covered entity’s identification of vulnerabilities and potential threats in the risk analysis.
  • Safeguards adopted by the covered entity to mitigate risks associated with those vulnerabilities and threats.
  • Responsibilities of the covered entity’s key workforce members assigned by the Security Official to recover should a loss become a reality and a disaster occur.

Other requirement that must be taken into account:

  • Plan for restoring business operations and safeguarding electronic protected health information during loss of electricity.
  • Identify how natural disasters harm current systems that include electronic protected health information and create policies and procedures to address situation.
  • Include an emergency mode operation plan. Focus on how operations will be executed during an emergency and identify workforce members assigned to perform these tasks.

References:

  1. Carol Gonzales, Sandra Senft, Frederick Gallegos, and Daniel P. Manson. Auerbach Publications (2004).Information Technology Control and Audit, Second Edition >
  2. Jones, A. E. (n.d.). Contingency Plan: Disaster Recovery Plan-What to Do and How to Do It. http://www.hipaa.com/contingency-plan-disaster-recovery-plan-what-to-do-and-how-to-do-it/

1. http://en.wikipedia.org/wiki/Disaster_recovery_plan

2. Information Technology Control and Audit, Second Edition. Carol Gonzales, Sandra Senft, Frederick Gallegos, and Daniel P. Manson. Auerbach Publications, 2004.