Management Plan for Security and Privacy2
Many times, disaster recovery planning fails to consider how diverse regulations and compliance issues will impact an organization after a natural disaster strikes (Talon, 2006). For instance, organizations regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), will discover that disaster recovery planning can be a complex web of potential pitfalls. For health care organizations and all other organizations regulated by the Health Insurance Portability and Accountability Act of 1996, there are three main things that must be proven in the event of a natural disaster: 1) A formal analysis of the risks to data has been conducted, which includes an assessment of the physical access and security in addition to technical threats; 2) a disaster recovery plan has been produced with policies and procedures in place that cover backup, storage, and recovery; and 3) the disaster recovery plan both reasonably and adequately addresses the risks addressed in the analysis (Talon, 2006). I have chosen scenario 2 for the natural disaster on the Gulf Coast. Though my patient files were destroyed from the hurricane, I am still responsible for having a system in place to secure patient information. Upon completion of reading this essay, one will discover that disaster recovery plan will state how operations will be conducted in an emergency, which workforce members are responsible for carrying out said operations, how data will be moved and retrieved without violating HIPAA standards for security and privacy, and how data will be safeguarded and restored (Rouse, 2010). In addition, my disaster recovery plan will include provision for staff training, a code of conduct, and implementation of my plan.
Management Plan for Security and Privacy3
Disaster Recovery Plan: Types of Disaster and Retrieval of Patient Information...