The Disaster Recovery Plan is a required implementation, defined within the HIPAA Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule. The Rule calls for HIPAA-compliant organizations to anticipate how natural or man-made disasters could damage systems that contain electronic Protected Health Information (ePHI) and develop policies and procedures for responding to such situations.

A Disaster Recovery Plan must state how operations will be conducted in an emergency, and which workforce members are responsible for carrying out those operations. The Plan must also explain how data will be “moved” or transmitted and accessed without violating HIPAA standards for privacy and security, as well as safeguards for how the data will be restored, if necessary.

The Department of Health and Human Services (HHS) created the following to assist in writing a Disaster Recovery/Contingency Plan:

Contingency Plan Template

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!