Getting Ready for Disaster Recovery

One of the important aspects of your Risk Mitigation Plan is you Disaster Recovery Plan. A recent article in Health IT News discusses disasters and some approaches to disaster recovery.
When we talk about HIPAA security there are three events we must protect against
• Breaches in Confidentiality of Data
• Lack of Availability of Data
• Damage to the integrity of Data
A Disaster can have significant impact on the Availability and Integrity of Defense. Protecting the Availability and Integrity of your data is just as important as protecting the Confidentiality of Patient Data. You can consider a disaster as a complete loss of all of your computer systems and associated data. In order to recover from a disaster the first thing that you need is a backup of your data. You will then utilize that backup, replace your computers, reinstall your EHR Software, and then restore the backup of your data. This process sounds simple but there are a number of things that need to in place for this to work. The first and most important item is an offsite backup, if your backup files are not available to you then you do not have the most necessary component to recover from a disaster.
This means you need to have an offsite backup. If you backup is in the same location that your primary systems were, it may mean that your backup just was destroyed by the same disaster that destroyed your office. This is why an offsite backup is extremely important.
Not only is an offsite backup important but you need to be sure that the backup you have can be used to restore your data. So you must test your backup on a regular basis to insure it can be utilized to restore if and when needed. The next step will be to obtain computers to use in order begin the restoration process. Once you have the computers you will need to first install your EHR software. You should know how to do this in advance so you will want to communicate with your vendor and get instructions on how this will be accomplished.
Once the computers have been configured you then restore your data and you are back up and running. You have completed your disaster recovery and are now up and running.
It sounds simple but without proper preparation you will not succeed in your disaster recovery. That is where your disaster recovery plan comes into play. Make sure that you are ready in case of a disaster in your practice.