Health Information Management

Tip: Disaster preparedness

HIM-HIPAA Insider, November 24, 2008

You can never be too prepared for a disaster at your facility – for not only tornados, earthquakes, hurricanes, and floods, but also things like crime, fire, and bioterrorism.

Chris Apgar, CISSP, president of Apgar & Associates in Portland, OR, offers the following recommendations for organizations that are designing or updating their disaster recovery plans:

  • Complete an inventory of assets (i.e., hardware, software, facilities, staff, data)
  • Prioritize assets from most to least important
  • Determine how long the organization can continue working without certain data or hardware
  • Be specific when determining what to recover first, who is responsible, and how it will occur
  • Determine the method of technical recovery
  • Locate and rent or list alternate sites for business operations during a disaster and afterward
  • Train staff members responsible for disaster recovery plan implementation (e.g., establish phone trees, identify leaders and coordinators)
  • Ensure that staff members have copies of the plan off-site; senior coordinators should have copies of the full plan and other staff members have copies of sections of the plan for which they have responsibility
  • Test the plan with both tabletop exercises and a full disaster drill
  • Update the inventory and the plan regularly, especially the list of responsible parties which will likely be the part of the plan that will change the most frequently

Editor’s note: This is an excerpt from a story in the November issue of HCPro, Inc.’s Briefings on HIPAA newsletter. To learn more about the newsletter, click here.


0 comments on “Tip: Disaster preparedness


Most Popular