Healthcare organizations continue to face increased regulatory burdens as well as internal and external threats to information security. The ability to restore access to information systems after a major calamity requires a comprehensive Disaster Recovery Plan (DRP). As the final in a three-part series, this research note will provide the framework for a DRP that meets HIPAA guidelines and ensures clinical continuity.
Although an information technology disaster may be obvious to all but a few observers, there is still a need to formally declare the disaster. Such a declaration should provide the signal for initiating the recovery procedures. Prior to declaration, certain protocols should be established that ensure effective communication. A central phone number, such as an emergency hotline, should be the starting point for reporting disasters. Backup numbers utilizing old fashioned copper phone lines should also be in place if the primary numbers are part of the disaster.