Disaster Recovery Planning is always something that is overlooked. I’m not sure if this is because of the time it takes to put it together, or because practices think a disaster will never happen to them. First off, what do you consider a disaster? A breach? Losing data? Some type of natural disaster? A disgruntled employee setting out to harm you? User ignorance? What really is considered a disaster? The short answer is all of them! Anything that puts your ePHI in jeopardy, I would consider a disaster. The best thing you can do is prepare for a disaster BEFORE it happens! Below I have listed 7 tips for disaster recovery planning.
7 Tips for Disaster Recovery Planning
- Do it! Put the document together. If you need a template, call Tier3MD and we can provide you with one free of charge.
- Think. Think of all the things that can hurt you. Think of all the ways you can be affected by a disaster. Think of exactly what would cause you to stop seeing patients. Once you have identified this information, document it, and come up with a plan for it.
- Get buy-in from the administration. It shouldn’t cost them any money, but it will cost them time being in the planning meetings with you.
- Review. Review everything you have in place right now, and decide if it is actually good enough. Will you be protected in the event of a cyberattack?
- Involve your IT people. Don’t think for a minute they are not a part of this. They are a huge part in helping you recover from ANY disaster.
- Test. Test your backups, test your policies, test your procedures. Think about what you have in place to protect you, and test it.
- Educate. Educate your users. Without letting them know what the plan is, it is useless. It is imperative that your staff is trained on what to do in the event of a real disaster.
Disaster recovery planning is not only required for HIPAA and business continuity, it is best practice. You have car insurance right? You have auto insurance. Why not protect your data in the same way? Make an effort to prepare for a disaster. Remember…when it happens, it’s too late to prepare.
For tips on what to include in your disaster recovery plan, click here.