A Disaster Recovery Plan or Contingency Plan is a requirement under the HIPAA Security Rule and the Medicare Quality Standards. Both regulations requires the healthcare provider to plan, safeguard, mitigate, and have a recovery or reconstitution of business plan in place.
The Disaster Recovery Plan has specific requirements, however using the National Institute of Standards and Technology (NIST) guide enables a fully functional Disaster Recovery Plan to be created. NIST guide also identifies when to begin the Disaster Recovery and in what sequence the recovery should be taken. Once completed, the plan needs to be tested to verify the accuracy of the information and periodically thereafter to maintain its currency.
When an earthquake, fire, flood, hurricane or some other natural or man-made disaster strikes your facility, the Compliance Officer and HIPAA Security Officer must be able to act to recover and re-establish the entire operation.
Now is the perfect time to review your Disaster Recovery Plan for your facility. When properly written, this plan is the guide for re-establishing your business with or without you being present. It will enable you and your staff to begin recovery actions.
Here are some things that you should have in your Disaster Recovery Plan
- Emergency Management Plan
- Equipment Inventory
- Business Impact Analysis
- Vendor Support Plans
- Occupant Evacuation Plan
- Continuity of Operations Plan
- Your State Board Regulations
A Disaster Recovery Plan is your most valuable asset when a disaster strikes and is also the cheapest insurance policy you can obtain.