What is Required for HIPAA Compliant Disaster Recovery Planning?
Tue, Aug 13, 2019
By: Jim Beran
Every business in Florida knows the importance of planning for disaster recovery. In recent years, hurricane season has led to significant downtime for local companies. Proper planning is a must.
For businesses in the healthcare sector, there’s more to worry about. HIPAA compliant disaster recovery planning is more complex than typical recovery planning. In addition to preserving your important business records, you must also protect the healthcare records and information belonging to your patients and clients.
At Gilmore Services, we field a lot of questions about HIPAA compliance. Here’s what you need to know to create a disaster recovery plan that complies with HIPAA regulations and protects your patients’ confidentiality.
What is the Purpose of HIPAA Compliant Disaster Recovery Planning?
Let’s begin with the purpose of HIPAA compliant disaster recovery planning. When there’s a natural or man-made disaster, your company needs a plan to recover documents and data that may have been rendered inaccessible.
That may mean creating electronic images from your documents, allowing you to access them remotely even if paper copies have been destroyed. It may also mean storing your important documents in a secure location that’s hurricane proof and secure.
HIPAA compliance adds some additional requirements to the list. It’s not enough to have a plan to recover your essential data. You must also ensure that your data is stored in accordance with HIPAA regulations. No unauthorized person should be able to access your patients’ protected health information (PHI.)
Your HIPAA compliant disaster recovery plan must cover:
- On-premises hardware (including computers and medical equipment)
- On-premises storage
- Off-premises hardware and storage
- Paper documents
- Cloud-based databases
- Cloud-based applications
- Backup services
As you create your disaster recovery plan, make a comprehensive list of any location or device that stores PHI. Each one you identify must be included in your plan.
Build Redundancy into Your System
One of the best ways to maintain HIPAA compliance after a disaster is to build redundancy into your systems. That may mean:
- Choosing a hosting provider with backup servers that can pick up the slack if the main server is no longer working
- Choosing servers and backups in geographically diverse locations to minimize the risk of everything going down at the same time
- Having multiple backup systems in place to ensure you’ll be able to recover data after a disaster
Redundancy is one of the best ways to minimize the risk of losing PHI after a disaster.
Conduct Failover Testing
Once your HIPAA compliant recovery plan is in place, you should conduct failover testing to ensure everything works the way it should.
Failover testing runs your recovery plan to test for weaknesses. During testing, you can identify potential issues and fix them before you need your disaster recovery plan.
You’ll need the assistance of your hosting provider and other technical partners to conduct thorough failover testing.
Partner with an Expert in HIPAA Compliance
Arguably the most important thing to do as you develop your HIPAA compliant disaster recovery plan is to partner with a HIPAA expert like Gilmore Services.
We have extensive experience with HIPAA compliant document imaging, moving, and storage. We can help you assess your disaster recovery needs and develop a recovery plan that will ensure that your business (and your patients) have access to essential PHI as quickly as possible – even in the event of a large hurricane or man-made disaster.
The problem with disasters is that we never know when they’re coming. You might not be able to predict the next disaster, but HIPAA compliant disaster recovery planning will ensure that your company can get back to work quickly – and provide your patients and clients with the services they need.
Ready to choose a HIPAA expert as your disaster planning partner? Click here to learn how Gilmore Services can help!