There are many aspects of complying with HIPAA regulations, and all are equally important to avoid facing the stiff penalties that come as a result of any violations. In addition to technical and physical safeguards for your PHI, the administrative safeguards of the HIPAA Security Rule require a contingency plan. This is comprised of a data backup plan, disaster recovery plan, emergency mode operation plan, testing and revision procedures as well as application and data criticality analysis. We’ll discuss how critical a contingency plan is as it relates to HIPAA compliance.
Why is this particular component so important? If you’re in healthcare, you know HIPAA is the federal security standard that protects the availability, confidentiality and integrity of PHI. That availability, confidentiality and integrity is directly tied to the strength and reliability of your infrastructure, as everyone is required to have an electronic health record (EHR). Hospitals operate 24/7, so it is imperative that patient data always be accessible.
To that end, developing a contingency plan is important not just from a compliance perspective, but a practical one. If you suffer a system, network or hardware failure and lose access to your data (or even the data itself), it’s paramount to have a strong recovery plan to prevent as little downtime as possible. Think about how much more disastrous your situation would be if you had a medical emergency on top of your IT one. Therefore, it’s wise to be prepared for any kind of setback.
As part of your recovery plan, don’t forget to implement failover testing. Any problems that arise as a result can be fixed before an actual disaster happens, which will make for a smoother process when an emergency actually happens. If you outsource your disaster recovery or are thinking about doing so, make sure you work with your provider to utilize failover testing and make any procedure changes as necessary.
For more information, you can download our disaster recovery white paper, or view these helpful resources:
- Disaster recovery: Steps in a business continuity plan
- Offsite HIPAA Data Centers are Key to Health Organization Disaster Recovery
- Our disaster recovery blog feed
With everything else you need to be HIPAA compliant, it’s important you don’t neglect your disaster recovery. Ensuring you have an emergency plan for your most critical infrastructure and data will help keep your business running smoothly should the unexpected happen. If you’re ready to put together your own contingency plan, or want to check your current plan against HHS recommendations, download your template here (Word document).
For more information about HIPAA compliance, download our white paper on HIPAA compliant hosting, or check out these links: