Make a Plan to Meet HIPAA Disaster Recovery Requirements
GET THE LOWDOWN ON GUARDING ELECTRONIC PROTECTED HEALTH INFORMATION
24
BY RAY LUCCHESI
Under federal law, HIPAA covered entities must implement procedures to protect and secure access to electronic protected health information (ePHI). What’s more, such entities also had to supply a contingency plan to insure continued ePHI availability during emergencies or disasters.
However, ePHI exists only in conjunction with data processing applications and, thus, can only be recovered together with those systems. Consequently, HIPAA disaster recovery requirements state the need for an ePHI data backup plan, along with disaster recovery (DR) and emergency mode operation plans.
Learn About the Requirements • The intent of the data backup plan was to create
systems that allowed for the restoration of all ePHI.
• The intent of the disaster recovery plan was to identify the processes and procedures needed to insure that ePHI data could be restored in the event of loss.
• Finally, the intent of the emergency mode operation plan was to describe how operations could continue to protect and secure ePHI during an emergency.
In addition, HIPAA disaster recovery requirements ask
that a test and revision procedure and an applications and data criticality analysis for ePHI be “addressable” by all covered entities. Addressable regulations such as these could be dismissed by demonstrating that they were not applicable. For example, these policies need only apply to large ePHI environments; smaller organizations could address them by documenting reasons why they were not relevant to their contingency plan.
Understand What You Need Ordinarily, many data centers provide for system
recovery by using data backups or mirroring/replication.
• Data backups can be written to removable media, such as tape DVDs or CDs, or they can be placed on alternate
CONNECTION
VOLUME 2 • ISSUE 1
©NYUL
©FENG YU
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36