We all think it can’t happen to us . . . until it does. A natural disaster occurs, be it a flood, hurricane, or fire. These have certainly taken center stage recently. Some may experience the latest plague on the internet: ransomware. Your computer system gets infected by some outside program that holds all your files hostage until you pay the ransom in the form of electronic gift cards or Bitcoin. These are but a few of the disasters that healthcare providers have to contend with.
Current HIPAA rules call for compliant offices to anticipate how disasters such as these could impact their ability to safeguard protected health information (PHI). A HIPAA-compliant disaster recovery plan must state how operations will be conducted in an emergency and which team members are responsible for carrying out those operations. The plan must also explain how data will be moved without violating HIPAA standards for privacy and security. It must also explain how confidential data and safeguards for that data will be restored. Although HIPAA doesn't specify exactly how to do this, it does note that failure to adequately recover from a disaster could lead to noncompliance.
If your practice does not have an adequate plan in place, now would be a great time to start. Our team at KMC University can assist you and direct you to the tools and resources needed to get this in place. Call our Solutions Specialists at 855-832-6562 or visit https://www.kmcuniversity.com/compliance