In the last blog by K. Stripling, our readers learned how to back up their SOAPware data and why this is a crucial task. Maintaining data security and integrity is imperative in order to satisfy legislative criteria and to ensure the efficient operation of one’s practice in the case of unforeseen events. HIPPA mandates all healthcare facilities to establish data backup, disaster recovery, and emergency mode operation plans (Section 164.308 ,(7)(ii)(A-E)). Currently there is no comprehensive regulation to require how these plans are developed and implemented: The Joint Commission has set certain standards for hospitals, but none exist for other types of healthcare institutions. Even so, it is certainly in the best interest of private practices to follow HIPPA recommendations regarding this matter. For simplification purposes, we will refer to the “emergency mode operation plan” and the “disaster recovery plan” collectively as the disaster plan.
Drafting an effective disaster plans can be made relatively simple when given the right resources. The AHIMA recommends conducting a literature review on the subject, researching other organizations’ websites to see their disaster plans, collecting sample PHI disaster plans, talking to colleagues who have experienced disasters firsthand, and contacting fire, water, and storm damage restoration companies in your area to determine what services they offer. The organization also cites the Edwards Disaster Recovery Directory, as a reliable, nationwide source for restoration services. Finally, it is paramount to know what your current insurance policy includes. It may be possible for your insurance to cover part or all of the costs for moving health info, operating elsewhere, and recovering damaged data. Moreover, insurance companies may be an indispensable source of knowledge: many offer consultations and advice about disaster planning cost free or for a nominal price.
Tailoring a disaster plan to best work for your practice rests on several considerations. First, the type of disasters that are most likely to affect you, and, secondly, the different processes that take place within your office. Each department should have a “contingency plan” or disaster plan that takes into account their specific role and position within the overall work-flow of the practice. Hence, this task may require close collaboration among neighboring departments whose work depends upon one another. The finished draft of a disaster plan must be reviewed, implemented, and tested by all staff in order to be compliant and successful. Revisions should be based on deficiencies uncovered in the simulated disaster drills. Each employee should be required to demonstrate core competencies set for their department during these tests. Employee success can be increased by requiring disaster training as part of general staff orientation.
At SOAPware, we realize the importance of maintaining data security and integrity, even in the face of catastrophe. With this belief in mind, we have made system backup a simple task through the provision of our data manager. Furthermore, SOAPware offers the options of off-site backup and remote hosting of your entire service. This alleviates our clients of the headache caused by maintaining off site facilities for data storage.
However, the fact remains that in certain cases even the most meticulously constructed plan can buckle, resulting in loss of PHI. What then? Is the practice subject to penalty for violating HIPPA? Stay tuned for Part 2: Data Recovery and HIPPA
User Testimonials
Loading 