Management Plan for Security and Privacy 2
Many times, disaster recovery planning fails to consider how diverse regulations and compliance issues will impact an organization after a natural disaster strikes (Talon, 2006). For instance, organizations regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will discover that disaster recovery planning can be a complex web of potential pitfalls.
For health care organizations and all other organizations regulated by the Health Insurance Portability and Accountability Act of 1996, there are three main things that must be proven in the event of a natural disaster: 1) A formal analysis …show more content…
Management Plan for Security and Privacy 4
Relocating Patient Health Information
In the event that the facility is completely uninhabitable, all patient health information shall be transported to a sister healthcare facility. Patients shall be notified of transition, and shall be transitioned to the sister healthcare facility with consideration and patience from healthcare staff.
In the event that records have been destroyed or damaged by a natural disaster, and the facility is unable to recover electronic patient health information, data recovery companies shall be contacted and contracts for damage restoration services will be performed (Cunningham, 2010). All services shall be performed in accordance with HIPAA privacy and security rules. All contracts will specify the method of recovery; nonuse or further disclosure of information other than what is permitted by the contract; use of appropriate safeguards; reporting to the facility any inappropriate use or disclosure of information; and indemnification of the facility from loss due to unauthorized disclosure (Cunningham, 2010).
Staff Response and Contact List
It is the responsibility of the Human Resources manager, to be followed up by the office manager and the quality assurance data control operator, to perform the following tasks before, during and after a natural