Protect Your Business from Disaster with HIPAA

10 years ago Hurricane Katrina destroyed southern Louisiana and Mississippi.

Annual hurricane season is just cranking up here on the east coast, and we’ve already seen a fair amount of activity in the Atlantic and Pacific.

Wildfires are raging in the west. At last count, 8.2 Million acres have burned with no real end in sight.

Why am I blogging about disasters? Well, I assure you it’s not to scare you or fear-mongering, but it is intended to emphasize how important your HIPAA Disaster Recovery Plan is! (Also, it is REQUIRED!)¹

Your Plan is a blueprint that will help you through a minor inconvenience, like a printer failing, or a major disaster, like losing your office to a flood or fire. Your plan will help you get your business back up and running quickly, while also protecting your employees’ and clients’ health information!

HIPAA Disaster Recovery Plan Checklist

1. Designate Your Primary Crisis Managers

Who is in charge if there is an emergency? You should already have team leaders designated, and know who is backing them up, so they can hit the ground running and implement your Plan as smoothly as possible.

2. List Your Employees and Their Emergency Contact Information

This allows you to communicate with employees and families with updates.

3. Identify Major Clients with Contact Information

In the event of a prolonged shutdown, you want to keep clients informed and let them know when and where your business will be up and running again.

4. Keep a Record of Vital Financial Relationships

Maintain a current list of account numbers and contact information for banking, payroll, insurance and other financial resources. Your company needs access to these resources to function. Notify financial resources as needed depending on the crisis.

5. Inventory Your Devices

A list with serial numbers will come in handy if a device fails, is stolen, or is destroyed. It also helps when it comes time to file an insurance claim.

6. Design an Evacuation Plan Based on Disaster Type

Some examples of disasters you may want to have a plan for are fire, tornado, flooding, and earthquake. This plan will guide your employees on what to do, how to get out of the building, and where to meet in case they need to vacate the premises.

7. Determine Who’s in Charge of Restoring the Network

We are in a day and age where we cannot live without an internet connection and the data we store on our servers. It is important that you know who’s in charge of getting the network back up and running, where you business information is backed up, and that you have practiced reestablishing your network.

8. Create a Potential Purchase List

This is a list of key items you would need to purchase to get your office back up and running as quickly as possible; including where you can buy these items; i.e., power strips, vital software, computers, network cables, office furniture, etc. You need to think about items you can’t live without and make sure they are added to the list.

9. Disaster Recovery Time Estimates

You need to have tested your policies and procedures to see how long it takes to get your systems back up and running. Practice how you are going to do this until it becomes routine.

Hopefully, you will never need to enact your Disaster Recovery plan, but there is nothing worse than having an incident, and not having a means to resolve it quickly and efficiently!

Not sure where to start with creating a HIPAA Disaster Recovery Plan? We have a template in our comprehensive Do-It-Yourself Compliance Document Plan, or we can help you customize your plan using our Turn-Key Solution.

1. Contingency Plan – § 164.308(a)(7) “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrences (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.”

Sharing is caring!