E-Guide

Planning for disaster recovery in a

health care setting

For hospitals, timely access to patient data is critical for maintaining

normal operations during a natural or man-made disaster. This Eguide

will help health care providers create and implement an effective

disaster recovery plan.

Sponsored By:

SearchHealthIT.com E-Guide

Planning for disaster recovery in a health care setting

Sponsored By: Page 2 of 7

E-Guide

Planning for disaster recovery in a

health care setting

Table of Contents

HIPAA disaster recovery plan

Disaster Recovery Planning for Health care organizations

Resources from Dell Compellent

SearchHealthIT.com E-Guide

Planning for disaster recovery in a health care setting

Sponsored By: Page 3 of 7

HIPAA disaster recovery plan

A HIPAA disaster recovery plan is a document that specifies the resources, actions,

personnel and data that are required to protect and reinstate healthcare information in the

event of a fire, vandalism, natural disaster or system failure.

The disaster recovery plan is a required implementation, defined within the HIPAA

Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security

Rule. The Rule calls for HIPAA-compliant organizations to anticipate how natural disasters

could damage systems that contain electronic health information and develop policies and

procedures for responding to such situations.

A HIPAA-compliant disaster recovery plan must state how operations will be conducted in an

emergency and which workforce members are responsible for carrying out those operations.

The plan must also explain how data will be moved without violating HIPAA standards for

privacy and security. It must also explain how confidential data and safeguards for that

data will be restored. Although HIPAA doesn't specify exactly how to do this, it does note

that failure to adequately recover from a disaster could lead to noncompliance. Failure to

comply exposes officers of the organization to repercussions, such as fines or jail t ime.

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

• • • • • • • • • • • • •

• •

• •

• •

• •

• • • • • • • • • •

See a Webinar on

Dell Compellent Storage

Solutions featuring

Fluid Data Technology E� cientVirtualStorage.com

Fluid Data storage helps you

save time and slash costs. data e� ciently

on a single platform

with a single tool

Manage Scale

Automate

• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

•• •• •• •• •••••• •• •• •• •• •• •• •• •• •• •• •• •• •• •• ••

• • • • • • • •• • • • • • • • • • • • • •• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

• ••••••••• • • • • • • • • • • • • • • • • • • • • •••• • • • • • • • • • • • • • • • • • • • • • • • • • • • • •

•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

••••••••

••••• ••••••••

••••

•••• •• ••• •• •• •• •• •• ••

Dell Compellent Storage

Technology E� cientVirtualStorage.com

with a single toolAutomate

Scan to see a snapshot

of customer success

with Dell Compellent

storage.

SearchHealthIT.com E-Guide

Planning for disaster recovery in a health care setting

Sponsored By: Page 5 of 7

Disaster Recovery Planning for Health care organizations

It seems like many health care providers have been so busy architecting their state HIEs,

regional health organizations and enterprise community platforms that they haven’t thought

through the architectural demands of resiliency. So they don’t have a good answer for the

question, “What happens if I lose all or part of my network in a disaster?”

In order to answer that question, you need to let your imagination run wild, factor in your

organization’s specific circumstances and explore a range of disaster recovery scenarios to

develop an effective set of responses.

Start by asking yourself the basics:

• What data do we have?

• What data can we store?

• What data can we transport easily?

• What data can we get to another location in the event of an emergency?

• What critical types of data are likely to be needed (i.e. medication lists, immunization

records for population subsets like children and medical records for those with

chronic conditions)?

Beyond the data itself, there’s the issue of access to the data. If you need to change

security rules in your data center, how do you do that? Which personnel need access to the

system (for instance, volunteers as well as trained professionals)? What type of IT people

would be most critical? Would the right business administrators be available to make rule

changes?

Granting security access is really important. To be able to grant new people access to a

large number of records, you’re going to have to make a massive change, perhaps even

relax security completely.

SearchHealthIT.com E-Guide

Planning for disaster recovery in a health care setting

Sponsored By: Page 6 of 7

And what about information flow under disaster conditions? Would you have a way to

throttle information in-flow to the rate of speed your system can consume? In emergency

situations, health care providers must often queue data so that the system can process it as

fast as possible without being overwhelmed by sheer volume. This is particularly important

if you’ve designed a real-time synchronous system.

Other potentially important questions to ask when exploring disaster recovery scenarios

include:

• 1. Would you have to move hundreds, or even thousands, of records in minutes or

hours, or would you have days to respond?

• 2. Does your network have the necessary bandwidth to handle big data moves?

• 3. Would people be able to access computer terminals remotely if your data center is

not in your building?

• 4. Is it possible that network lines feeding into your building could go down, so that

even if your data center is up and running, no one could acc ess the data?

Thinking through disaster recovery scenarios may seem daunting, but the process can be

invaluable. It can build team spirit and cross-departmental cooperation where it doesn’t

currently exist. It can give you insight into the limits of your capabilities. It can expose a

process or procedure gap. It can give you the tools to illustrate for management how your

modern health information exchange is going to respond in an emergency. Perhaps most

importantly, it can throw into stark relief the importance of granting secure access to the

first responder facing the most vital challenge of all: effectively ensuring the well-being of

the patient.

SearchHealthIT.com E-Guide

Planning for disaster recovery in a health care setting

Sponsored By: Page 7 of 7

Resources from Dell Compellent

7 Ways to Manage Rapid Patient Data Growth

Webcast: Better Care Through Better Storage

Graves-Gilbert Clinic: Accomodating and Protecting PACS files with Fluid Data

Technology

About Dell Compellent

Dell Compellent has created a revolutionary enterprise storage solution that automates the

movement and management of data at a more granular level. Dell Fluid Data technology

and built-in storage intelligence delivers significant efficiency, scalability and flexibility. Only

a Fluid Data architecture can actively, intelligently manage your data to cut cost, time, and

risk for your business.