HIPAA’s “Security Guidelines” mandate that all healthcare organizations using healthcare data comply with its data security and business continuity standards, and the penalties and fines for noncompliance are substantial. A contingency plan for disaster recovery and business continuity is a key standard stipulated in the HIPAA Security Rules under the Administrative Safeguards Section, so you clearly need to have such a plan in place.
The contingency plan should address data availability and the risks a business disruption poses to that availability. The goal is to ensure that staff can still access vital systems and data in spite of the disruption. The contingency plan should also outline strategies for implementing various technical measures, procedures and plans to ensure the recovery of networking systems, data and operations in the event of a disruption and to ensure the hospital is able to resume to its normal functions in the event of a crisis, disaster or disruption.
As mentioned in our previous blog, “The Inevitable HCIS Downtime,” your healthcare information system (HCIS), which houses all your patient information, can be brought down for reasons that are planned (maintenance, upgrades, etc.), but unplanned downtimes can occur at any time due to a number of reasons, including a loss of power, network connectivity, natural disaster, or even a system failure. Network, system and power outages occur annually, and always at a cost and impact to your organization.
What goes up must come down. As healthcare processes have become more and more automated and healthcare organizations transferred to electronic health records to simplify patient data management, a new set of challenges has emerged. Security of electronic patient data is one, mainly due to HIPAA and other governmental regulations. Healthcare information system (HCIS) reliability is another challenge.
As you know, the “WannaCry” ransomware attack has impacted hundreds of thousands computers with Microsoft operating systems in more than 150 countries around the globe. Several hospital networks in the UK and other countries were included in the attack. We hope your hospital was not one of them.
By Brian Main, Lead Developer
As software developers, we’re always working on enhancing our technology. We aim to progress our solutions’ functionality to the leading edge rather than just keeping it up-to-date with the current trends. Applications are typically developed based on the latest operating systems and servers (currently Windows 2016), however the OS that our customers have installed and use can be older, such as Windows 2008 or even Windows 2003. We even have a couple of customer sites still using Windows 2000.