Why is disaster recovery a proposed security requirement?
HIPAA Weekly Advisor, November 21, 2001
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: The proposed HIPAA security requirements mention disaster recovery. I thought disaster recovery dealt with the aftermath of earthquakes or fires. Why is it a proposed requirement of HIPAA and what do we have to do to comply?
A: Disaster recovery is part of the business continuity process. Generally, businesses and health care organizations back up their data and computer systems and rarely lose sleep over it.
But every business should have a business continuity process in place for events more serious than a simple power outage. Not only are contingency plans and a process for disaster recovery part of the HIPAA security notice of proposed rules making (NPRM) under administrative procedures, but they simply make good business sense.
Disaster recovery includes a number of processes and components depending on the size and complexity of the information technology infrastructure.
Since the Administrative Simplification Act requires an increasing shift to the electronic processing of health records, health care organizations need to guarantee that the data and information systems are protected in the event of a disaster. Because of the potential destruction of vital patient and financial data, and the potential risk involved, organizations need to develop a disaster plan. It usually requires a data backup process and off-site data storage, mobile phone units, and remote workstations.
Some vendors even provide mirroring capability for your Web site or a hot site that operates when your central servers do not. Mirroring guarantees constant data access and integrity in the event of a disaster. For example, data storage company EMC2 (http://www.emc.com) replicates information as it is created and stores the data in multiple locations. Since it is protected off-site, it can be available in a system outage.
To read the rest of this answer, go to http://www.hipaapro.com/content.cfm?content_id=16093
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched