The HIPAA security rule under the Administrative Safeguards section requires that all HIPAA-compliant organizations be prepared for how natural disasters could harm their electronic health information. The recovery plan is required to show how the operations will be carried on during the disaster and who will be responsible for them.
We all know what a disaster recovery plan is and why it is needed. This goes back to our days in elementary school when we were required to march outside for fire drills or sit under a desk for weather warnings. We have all put together our disaster recovery plans, and we know how important they are. The questions are: have we tested them, and are we prepared to find alternative solutions in case our plan doesn’t work?
A friend of mine moved up into the mountains of Washington last year to be near family. I have seen pictures, and it is a lovely place. Fast forward a year later, and she is living in mountains that are now on fire. he knew a week ahead that a possible evacuation was imminent and made a plan and prepared to evacuate if needed. She followed the directions and had all her important items packed and ready to go. She even followed the instructions for her animals. She took them to a shelter with food, as she was requested to do, when she was required to move into a local evacuation shelter.
Everything was going well with the plan until they had to leave the area. she was told only a few hours before she needed to leave that her animals could not go with the group due to their size. All of her planning was now thrown out the window, and she needed to quickly come up with a new plan.
The story ends well as she was able to safely evacuate with her animals, her house was spared and she has been able to return home.She did, however, realize that she needed a new plan for the future, and she put it into place while she was being evacuated. She now has a plan, A, B and C to get down from the mountain.
Have you checked your disaster recovery plan lately? How about doing testing or trial runs of different areas? Are all the employees assigned to specific areas still employed with your facility? After watching my friend go through this ordeal, I have realized that making sure our plans are up-to-date and tested as much as possible is critical. I also realized that we need to be able to quickly move to a backup plan in case there is a snag with the first one.
HIPAA doesn’t tell us how we must recover from a disaster, but it does tell us that if we don’t adequately recover, it could lead to non-compliance. Let’s all be reminded in both our HIPAA compliance lives and our personal lives how important disaster recovery is and that we need to be prepared with alternative ways to handle unexpected situations.
No related posts.