Over the past few years organizations have been well informed of the latest HIPAA rules. The HIPAA rules have included specifics around how to control privacy, security and overall patient safety related to electronic use of data. The newest rule, titled the Final Rule in the Administrative Protections section (164.308) has brought up some questions, and seems to be a bit open ended to providers; especially when it comes to system downtime.. Over the next few weeks we’ll be exploring this new rule’s effect on downtime procedures, why it’s a little more complex than it seems, and what it could mean for you. We’ll also be expanding upon how the HIPAA Final Rule has a direct correlation to Meaningful Use core objective 7.

For the HIPAA Final Rule (Administrative Protections 164.308) as you dig deeper into the specifics, the rule mandates all providers should have an established contingency plan for business continuity in the event of system failure, network failure and natural disaster. This plan should include policies and procedures for downtime that could damage systems containing electronic protected health information.

These contingency plans require specific implementation specifications*:

• (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
• (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.
• (C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.
• (D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.
• (E) Applicationsand data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.

Patient care is always a top priority at any hospital.  We are seeing no longer a trend but a necessity, the capturing and transmission of electronic data. These new rules have set the foundation to ensure all clinicians have access to critical patient data at all times to uphold and ensure patient safety.  Our priority at Summit Healthcare is making you able to care and provide for you patients at all times. Next piece – how will your organization adhere to the HIPAA Final Rule?

*U.S. Department of Health and Human Services: www.hhs.gov

 For more information, check out Summit Healthcare's Downtime Reporting System. 

Alexandra Casey is the Marketing Coordinator for Summit Healthcare, a sponsor of "The Floor Plan"on McKesson Social.