Disaster Recovery in Healthcare Organizations: The Impact of HIPAA Security

Healthcare organizations face many regulatory burdens, and the latest is HIPAA Security. One major aspect of HIPAA Security is the disaster recovery plan, which seeks to restore appropriate access to information after a major calamity. Disaster recovery has a place among other organizational security processes, including information security in general, physical security, and business continuity. Disaster recovery focuses on information, and within healthcare organizations, the focus of HIPAA disaster recovery is the electronic protected health information. This does mean that a strict HIPAA disaster recovery plan will be inadequate, since non-electronic information needs protection as well. The disaster recovery plan begins with modifying management practices to mitigate the effects of disaster, then documenting all elements of a distributed computing environment, including policies, procedures, infrastructure technology, and applications. The plan will address the requirements for a recovery location and a recovery environment and steps to take to set up the recovery environment and implement the applications. Finally, the plan will also include steps to return to the original location after reconstruction.