HIPAA and Harvey: Prepare for When Disaster Strikes

HIPAA requires Covered Entities (CEs) and Business Associates (BAs) protect patient privacy and follow a specific set of standards to disclose protected health information (PHI). But what happens in an emergency situation? Does HIPAA still apply?

The recent visibility and impacts of the hurricanes Harvey, Irma and now others have caused healthcare organizations to pause and question — Are we ready for an emergency situation like this?

Emergencies can vary in size – from a simple power outage as the result of a storm, to a total loss disaster situation as the result of a tornado, hurricane or fire. Disaster can strike at any time, and healthcare organizations know they need to be prepared. However, their level of preparedness and the soundness of their disaster planning can vary as widely as the emergency itself. Moreover, organizations often don’t know the quality and accuracy of their plan until it’s tested in a real-life emergency.

As part of the Security Risk Analysis process, organizations assess and prepare for contingency plans, which include both emergencies and disasters.  For instance, inclement weather could warrant an organization kicking off their Emergency Mode Operations Plan, but a fire could create a need for an organization to implement their Disaster Recovery Plan to restore and safeguard PHI.

Even though organizations annually review and plan for both emergencies and disasters, executing the plans in real life reveal opportunities often overlooked in preparing for disasters. Practice Administrator Michelle Yarnell, of Pediatric Associates of Southwest MO, LLC, recounts while her organization did contingency planning, it was difficult to see elements missing from their planning until their office was destroyed by the 2011 EF5 tornado in Joplin, Missouri. “We certainly learned a lot,” Michelle said.  “We were operating in a temporary office setting for about two years – longer than we expected.”

Recent events including both hurricanes Harvey and Irma have sparked additional conversation regarding ways organizations can be prepared for situations when they need to utilize their contingency plans.  There are four opportunities healthcare organizations have to prepare for an emergency or disaster situation.

  • Network Now, Call in the Calvary Later
  • Store Retired Equipment
  • Maximize Where Your Data Is Stored
  • Deploy a Remote Team

Learn how DataFile can help you evaluate your current Security Risk Analysis and provide feedback on your emergency and disaster preparedness. You can also find out how to create efficiencies in your office and discover ways to maximize your staff for patient-facing activities – even when there’s not a disaster. Request a demo or a free cost analysis now.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *