Running head: Disaster Planning and Patient Data Security 1
Disaster Planning and Patient Data Security
The appropriate response to any disaster is to ensure that a plan is already in place that ensures all members of the organization understand their role in response to the disaster and the rules to follow if a disaster takes place. The rules should be set forth by Management and should describe the responsibility from the top-down, including each department, unit, and person. The Management strategy in a disaster should be easy to apply and understand as it should be based on daily procedures and routines that are already in place. In the case of a major hurricane destroying patient information, the first step in responding to this situation would be to adequately train the staff on the policies and procedures to follow to ensure that damage is minimized and patient data is secured and protected (Ruter, 2006). Then the organization must implement the Management strategy so that when a disaster takes place, the organization can put into place the policies and procedures that will best protect the patient data and expose it to the smallest amount of risk.
HIPAA will play a major role in the training of employees as the importance of ensuring that even data appearing to be destroyed must be protected is made known. The organization should conduct a thorough review of the records storage area to ensure that records will be contained even if they are damaged or destroyed. In an ideal scenario, the organization would not have any physical records on the premises. A pre-emptive measure to a disaster such as a flood would be to scan all patient documentation into a document storage system that can be accessed through the network. This would avoid from the physical records of patients being spread around the disaster area where a clear violation of HIPAA could occur. Many organizations do not save any physical records for...