IT Employment

General discussion


Learn how HIPAA can impact DR planning

By debate ·
How have you addressed the requirements of the Health Insurance Portability and Accountability Act (HIPAA) in your organization's disaster recovery plan? How much does HIPAA affect your organization? Share your comments about incorporating HIPAA requirements in your DR planning, as discussed in the April 20 Disaster Recovery e-newsletter.

If you haven't subscribed to our free Disaster Recovery e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

HIPAA Security Rule DR Requirement

by msprn3 In reply to Learn how HIPAA can impac ...

The HIPAA Security (Final) Rule requires a "System Emergency Response (contigency)Plan" that includes a "Data Backup Plan", a "Disaster Recovery Plan", and an "Emergency Mode Operation Plan" [45 CFR 164.308(a)(7)]. The rule doesn't specify how to create these plans, as the DHHS wants industry professionals impliment "best practices". These plans are to be based upon the "Data Security Risk Analysis" (required), Information System Activity Review" (required), and "Applications and Data Criticality Analysis" (addressable) evaluations detailed by 45 CFR 164.308(a)(1) and updated on a periodical bases as part of the required "Periodic Evaluation" process 45 CFR 164.308(a)(.

In the same process, a "Facility Security Plan" must be addressed regarding maintaining the physical security of the network system that the provider or clearinghouse administers (45 CFR 164.310(a)(1).

All of these evaluations and plans must be documented in either hardcopy or electronic form. Since most health care providers are required by state licensing agencies to maintain "Policy and Procedure Manuals", these documents should be incorperated into the appropriate manuals. It may also be worth considering creating a seperate manual for network security.

I am a student at Montana Tech of the University of Montana majoring in "Information Technology and Design". My background includes being a computer technician (before the advent of chips) followed by 25 years in health care as an EMT and RN. I am obtaining my Bacholor of Science Degree in May of this year, and as part of my Senior Internship project have done an in-depth study of the HIPAA Security Rule relating to network security.

Collapse -

Client Help

by SgtRock63 In reply to Learn how HIPAA can impac ...

I am working with a new client that handles both the billing side and collections side of EMT/Paramedic services in the state of Wisconsin. Quite frankly there is no disaster recovery plan to speak of and it has been painfully slow picking the brain of the owner to move forward with this planning. He has been resolved to the use of Lawyers who are supposingly experst in this area, (HIPAA that is) but I am really wondering in they really understand the Technology side of this formula. I am now searching for the Federal HIPAA Guidelines so I can find the answers he needs.

Related Discussions

Related Forums