Everything going on today with hurricanes and such makes it is a great time to talk about disaster recovery planning. We mention it all the time but this episode is going to be just about what DR/BC means and what you can do to be prepared in advance. So, this episode covers disaster recovery planning under HIPAA but any business can learn from our discussion!
A 5 star review is all we ask from our listeners.
Free HIPAA Training
Subscribe to the weekly email update from HMWH
What is DR/BC Planning?
- DR – how can we recover our operating assets and positions after a disaster of any kind.
- BC – how do we keep our business running while we recover
I have a backup so I am ok, right?
No
Who should do it?
- All businesses – micro to enterprise
- Family planning is a good idea too
Is this another big expense?
- You can have plans for very little money and very expensive ones
- Resources are available all over the place
- companies who help you do it or do it for you
- free templates and instructions – Ready.gov/business
- Plan to stay in business
What is involved in building and maintaining DR/BC plans?
- Write it down.
- Think of the unthinkable and work from that point backwards.
- Discuss it with everyone – you never know who might think of something or have a very helpful idea
- Test and review it if you don’t use it
- Review it and update it after tests and especially after you had to use it
General elements of Disaster Recovery Planning
-
Recovery priorities
- Protecting all of your assets during and after the disaster plus throughout the BC time periods
- Seeing patients
- Access to EHR
- Billing for the work being done during the disaster – are you going to have no income during that time?
- Helping your clients see patients and access EHR
- Setting up alternate sites
- Rebuilding or repairing damaged facilities
-
Plan objectives
- Minimize the impact to your patients, employees, clients, and your business
- Minimum requirements for all planning – HIPAA, etc.
- Disaster preparation strategy
- Response strategy
- Time frames for recovery of each area
- Maintaining business viability
-
Communication
- Written plan accessible to everyone before, during, and after the disaster
- How will you advise all parties from the alert and implementation throughout the process
- Who manages “command central” with all information
- Decisions made need immediate access to team and resources
- If everyone is evacuated how do you communicate with each other
- Call tree, password protected page on your website, etc.
-
Decision process or list
- Everyone is stressed, what do you want to be sure you think about all along the way
-
Roles for teams
- Who makes the decisions in different areas
- Execs and money folks down to people on the front lines
- What is the “org chart” in case of injuries or worse to members of the team who will step up
- Who will do damage analysis and evaluate where you are and what needs to be done.
- They will need to be the first on the scene so make sure they know how to make that happen
- Who will communicate with the media, public, patients, etc.
- Use your priorities and objectives and make someone in charge of knowing the details of those elements
- Someone to deal with the money – it isn’t like you will just get a check
- Someone assigned specifically to IT
- An IT plan with details should be built separately
- Where are the backups?
- Where can we co-locate
- Do you have a hot site or a plan to set up an alternate site
- Who makes the decisions in different areas
-
Preparation checklists
- Flashlights
- Batteries
- Charge EVERYTHING
- Generators
- Food and water supplies
- First aid supplies
- A “go bag” for each employee or each team
- Furniture, supplies, and equipment needed for temp site AND a rebuild
- Software that needs to be up and running in what order
-
Other plan elements
- Confirm contact names and numbers for FEMA, insurance provider, local medical and law enforcement hotlines as well as all employees
- Critical business vendors and contractors that you plan to rely on need to know that you are counting on them – maybe they aren’t planning to do that for you
- TRAINING
- Review with staff during regular training and meetings from time to time
- Desktop review with your team
- Time frames
- What needs to happen in the first 8 hours, next 8 hours, etc.
- Plan for being affected for 1 day, 5 days, 2 weeks, months, etc.
- Alternate site details and equipment plans
- Power
- Internet
- Communications
<strong>Links to relevant Information or Mentioned Episodes</strong>