Ascension Health HIPAA Web Site
Maintained by Don Stry, Information Services Division
(812) 228-2131 Email: dstry@ascensionhealth.org
Section: Contingency Planning & Disaster Recovery PlanningUpdated 03/18/02
A. Michigan State University Disaster Recovery Planning at http://drp.msu.edu/index.htm
Contents of website includes the following:
1. Digitized Disaster Recovery Planning Video available online
2. Presentations from the June 22, 2001 Seminar
3. A Planning Guide to assist in developing a Disaster Recovery Plan available in Word and
PDF formats
4. Quick Outline of Basic Steps to DRPB. Contingency Plan Components
HIPAA’s security standards require that all healthcare organizations have a contingency plan. The guidelines for the contingency plan can be found in the Act’s administrative procedures. It states the purpose is to guard data integrity, data confidentiality and data availability. Within these plans, auditors will look for critical components that are required for each business function, process and application.
Healthcare organizations must make sure that their contingency plans include the following basic elements:
<<Back
- Purpose and scope
- Emergency recovery organization
- Data center, network and systems configuration
- Business Unit Descriptions
- Data files and supplies availability
- Phone list for emergency contacts and vendors
- Commercial company contacts
- Inventory list of plan materials
- Medical procedures and first aid
- Alternate site description and contracts
- Step-by-step recovery procedures:
- Application and system restoration priorities
- Return home procedures (Note: This step includes the process of returning everyone back to the home base, bringing with them all the material and information used on the exercise and that was gathered during the process. Then analyzing the results of what they have learned, they need to update their plan and the supporting documentation and instructions that will be used on the next exercise. In some cases it may mean diagnosing problem areas that did not go well and developing revised procedures for next time.)