Disaster Recovery PlanningEverything going on today with hurricanes and such makes it is a great time to talk about disaster recovery planning. We mention it all the time but this episode is going to be just about what DR/BC means and what you can do to be prepared in advance. So, this episode covers disaster recovery planning under HIPAA but any business can learn from our discussion!



A 5 star review is all we ask from our listeners. Really.
Free HIPAA Training
Delivered to your inbox every Friday

What is DR/BC Planning?

  • DR – how can we recover our operating assets and positions after a disaster of any kind.
  • BC – how do we keep our business running while we recover

I have a backup so I am ok, right?


Who should do it?

  • All businesses – micro to enterprise
  • Family planning is a good idea too

Is this another big expense?

  • You can have plans for very little money and very expensive ones
  • Resources are available all over the place
    • companies who help you do it or do it for you
    • free templates and instructions – Ready.gov/business
      • Plan to stay in business

What is involved in building and maintaining DR/BC plans?

  • Write it down.
  • Think of the unthinkable and work from that point backwards.
  • Discuss it with everyone – you never know who might think of something or have a very helpful idea
  • Test and review it if you don’t use it
  • Review it and update it after tests and especially after you had to use it

General elements of Disaster Recovery Planning

  • Recovery priorities

    • Protecting all of your assets during and after the disaster plus throughout the BC time periods
    • Seeing patients
    • Access to EHR
    • Billing for the work being done during the disaster – are you going to have no income during that time?
    • Helping your clients see patients and access EHR
    • Setting up alternate sites
    • Rebuilding or repairing damaged facilities
  • Plan objectives

    • Minimize the impact to your patients, employees, clients, and your business
    • Minimum requirements for all planning – HIPAA, etc.
    • Disaster preparation strategy
    • Response strategy
    • Time frames for recovery of each area
    • Maintaining business viability
  • Communication

    • Written plan accessible to everyone before, during, and after the disaster
    • How will you advise all parties from the alert and implementation throughout the process
    • Who manages “command central” with all information
    • Decisions made need immediate access to team and resources
    • If everyone is evacuated how do you communicate with each other
    • Call tree, password protected page on your website, etc.
  • Decision process or list

    • Everyone is stressed, what do you want to be sure you think about all along the way
  • Roles for teams

    • Who makes the decisions in different areas
      • Execs and money folks down to people on the front lines
      • What is the “org chart” in case of injuries or worse to members of the team who will step up
    • Who will do damage analysis and evaluate where you are and what needs to be done.
      • They will need to be the first on the scene so make sure they know how to make that happen
    • Who will communicate with the media, public, patients, etc.
    • Use your priorities and objectives and make someone in charge of knowing the details of those elements
    • Someone to deal with the money – it isn’t like you will just get a check
    • Someone assigned specifically to IT
      • An IT plan with details should be built separately
      • Where are the backups?
      • Where can we co-locate
      • Do you have a hot site or a plan to set up an alternate site
  • Preparation checklists

    • Flashlights
    • Batteries
    • Charge EVERYTHING
    • Generators
    • Food and water supplies
    • First aid supplies
    • A “go bag” for each employee or each team
    • Furniture, supplies, and equipment needed for temp site AND a rebuild
    • Software that needs to be up and running in what order
  • Other plan elements

    • Confirm contact names and numbers for FEMA, insurance provider, local medical and law enforcement hotlines as well as all employees
    • Critical business vendors and contractors that you plan to rely on need to know that you are counting on them – maybe they aren’t planning to do that for you
      • Review with staff during regular training and meetings from time to time
      • Desktop review with your team
    • Time frames
      • What needs to happen in the first 8 hours, next 8 hours, etc.
      • Plan for being affected for 1 day, 5 days, 2 weeks, months, etc.
    • Alternate site details and equipment plans
      • Power
      • Internet
      • Communications


Links to relevant Information or Mentioned Episodes
Share This
HIPAA Boot Camp