Healthcare organizations continue to face increased regulatory burdens as well as internal and external threats to information security. The ability to restore access to information systems after a major calamity requires a comprehensive disaster recovery plan (DRP). As the first in a series, this research note will provide the template for a DRP that meets Health Insurance Portability and Accountability Act (HIPAA) guidelines and ensures clinical continuity. 

Disaster Recovery: Laying the Foundation

First and foremost, disaster recovery should be focused on all organizational information resources. The primary function of a recovery plan is to regain access to vital information immediately after a business interruption event. Thus, information security defines the methods for protecting information resources (see Table 1). This includes the hardware and network infrastructure, the software configuration, the processes of administration and management, the practices of all users, and the documentation for all of the above.