• E-mail
• Print
• RSS

Tip: Disaster preparedness

HIPAA Weekly Advisor, November 24, 2008

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

You can never be too prepared for a disaster at your facility – for not only tornados, earthquakes, hurricanes, and floods, but also things like crime, fire, and bioterrorism.

Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR, offers the following recommendations for organizations that are designing or updating their disaster recovery plans:

• Complete an inventory of assets (i.e., hardware, software, facilities, staff, data)
• Prioritize assets from most to least important
• Determine how long the organization can continue working without certain data or hardware
• Be specific when determining what to recover first, who is responsible, and how it will occur
• Determine the method of technical recovery
• Locate and rent or list alternate sites for business operations during a disaster and afterward
• Train staff members responsible for disaster recovery plan implementation (e.g., establish phone trees, identify leaders and coordinators)
• Ensure that staff members have copies of the plan off-site; senior coordinators should have copies of the full plan and other staff members have copies of sections of the plan for which they have responsibility
• Test the plan with both tabletop exercises and a full disaster drill
• Update the inventory and the plan regularly, especially the list of responsible parties which will likely be the part of the plan that will change the most frequently

Editor’s note: This is an excerpt from a story in the November issue of HCPro, Inc.’s Briefings on HIPAA newsletter. To learn more about the newsletter, click here.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments