Disaster recovery plan for HIPAA

HIPAA compliance is a requirement for every covered entity and business associate in the healthcare industry. All the healthcare organizations and service providers who come under HIPAA compliance are expected to meet the requirements and ensure compliance. The data privacy regulation is about securing the protected health information (PHI) through its outlined Security and Privacy rules. There are many aspects to meeting the requirements and achieving HIPAA compliance. Among all the requirements, the HIPAA Security Rule highlights the need to secure PHI data. The HIPAA Security Rule 164.308(a)(7) identifies the contingency plan[1] as a standard under HIPAA’s Administrative Safeguards.

The contingency plan addresses the availability security principle related to recovering any kind of business disruption. This could be in terms of having access to information and critical systems when required. The contingency plan requires the implementation of measures that are aligned with HIPAA security and privacy standards. The disaster recovery plan—which comes under the ambit of a contingency plan—is the key element of HIPAA compliance, especially from the availability security principal perspective. This article will review the value and the various aspects of a disaster recovery plan under the HIPAA compliance requirements.[2]

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field