Health Information Management

Tip: Update and practice your disaster plan with staff members

HIM-HIPAA Insider, November 10, 2008

Frequent practice is essential to protecting patient information, maintaining business operations, and remaining compliant during a disaster, says Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI.
Dry runs are necessary to ensure that plans are workable. They can be tedious, but they are also incredibly useful. “They show you holes in the plan,” says Herold, a privacy, security, and compliance consultant at Rebecca Herold & Associates, LLC, in Van Meter, IA.. “If you don’t test, people aren’t necessarily sure what to do. That can lead to some big problems.” She recommends at least one dry run annually, with more frequent drills if your organizational structure undergoes major changes.
Continually update your plan to document procedural, personnel, and software changes. Failure to maintain an accurate and updated plan is a big mistake, says Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR. “The bottom line is most organizations do not adequately plan for disasters, large or small. It is important for organizations to prepare for disasters taking into account more than just the computers. It is a whole organization activity,” he says.
Complete, tested disaster recovery and emergency mode operations plans and trained staff members who know how to respond appropriately can be the difference between staying in business and closing your doors after a disaster, says Apgar. They also can determine whether you have prepared staff members who are safe and productive during a disaster or untrained staff members in possible danger if a disaster occurs, he says.


0 comments on “Tip: Update and practice your disaster plan with staff members


Most Popular