Planning for the unexpected is particularly important for healthcare organizations that need to both ensure electronic protected health information (ePHI) security and meet HIPAA compliance requirements. To help organizations fulfill requirement 164.308(a)(7) of creating a contingency plan, the Dept. of Health and Human Services (HHS) has provided an Information Technology (IT) Contingency Plan template to be customized per organizational needs.
Within the HIPAA-required contingency plan, requirements for a data backup plan, disaster recovery plan, emergency mode operation plan, testing and revision procedure, and applications and data criticality analysis plan are all essential subsections. A HIPAA contingency plan is to respond to business disruptions or disasters, not necessarily data breaches. To summarize the actual IT Contingency Plan document, here’s what you need to create a comprehensive, HIPAA compliant data recovery plan:
Introduction
Concept of Operations
Notification and Activation
Recovery Operations
Return to Normal Operations
References:
HHS Contingency Plan Template (Word Document)
Related Links:
Seeking a Disaster Recovery Solution? Five Questions to Ask Your DR Provider
Disaster recovery plans have become crucial for nearly every industry that relies on connectivity and uptime for business survival. According to the Forrester/Disaster Recovery Journal Business Continuity Preparedness Survey, a few of the top business drivers for creating an IT … Continue reading →
Business Continuity and Disaster Recovery
When considering business continuity and disaster recovery options, there’s really only one constant from business to business: it’s important to have. No matter how small or large your business, if something happens and there isn’t a plan, your company may … Continue reading →
HIPAA Breach Lessons Learned: Store PHI in HIPAA Compliant Data Centers; Not Locally
While no records were broken when it comes to number of health records disclosed per data breach, the top HIPAA breaches of last year still come with some hard lessons learned about technical and physical security. Learn from their mistakes … Continue reading →
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.