Data Recovery and HIPAA

Posted by on Jan 17, 2012 in Blog | 0 comments

Unfortunately, the most common types of disasters are not localized to a single healthcare institution and this means data is still susceptible to loss or damage in spite of one’s utmost planning. For once, the government actually understands your plight. Allowances are made for lost data, however, you will need to be aware of the HIPAA laws concerning data recovery in order to maintain compliance.

When acquiring damage restoration services, contracts will need to include the following:

1.Method of recovery

2. Extent of information disclosure

3. Use of safeguards to prevent inappropriate disclosure

4. Reporting to the contracting entity any known inappropriate disclosure

5. Documentation that others employed by the contractor agree to these terms

6.Indemnification of the healthcare facility in the case that loss occurs due to unauthorized disclosure

7.Return of the information once the contract ends (or proof of destruction of copies)

8.Time between acquisition and return of PHI

9.Authorization of contracting entity to break the contract if terms are violated.

Theoretically, several additional tasks can be undertaken in the event that restoration falls short. When possible, upload data from undamaged databases in different departments (transcription, admission, laboratory, etc.) Re-transcribing from your dictation system may also prove fruitful. Finally, contacting facilities and people who have received copies of documents in the past can be of help.

But post-disaster actuality is never ideal: Some data will inevitably be lost forever. Surprisingly, the government realizes this as well: HIPAA permits missing data as long as the omission is documented properly. Include the date, the information lost, and the precipitating event in each record affected. Each time the record is disclosed in the future, a copy of the entry documenting the loss must also be included.

Finally, a detailed record must be made regarding the disaster event as a whole. This must include a list of the patient records that were affected, recovery efforts used, and outcomes. As long as these steps are followed, your practice will operate in accord with HIPAA mandates. We sincerely hope you never have to use this advice except to provide peace of mind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Connect with Facebook

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>