13 Aug 2022

79

Grace University Hospital: Updated HIPAA Contingency Plan

Format: APA

Academic level: Master’s

Paper type: Term Paper

Words: 915

Pages: 4

Downloads: 0

Grace University Hospital 

HIPAA Policy 

Contingency Plan 

Effective Date: April 20, 2005  Reviewed/Updated Date: February 03, 2018 
Policy Owner: HIPAA Compliance Officer   

Scope and Application 

This contingency plan policy developed by Grace University Hospital's Compliance applies to Grace University Hospital systems that store and maintain ePHI. This policy applies to all hospital electronic systems with regard to storage and retrieval of the information. 

It’s time to jumpstart your paper!

Delegate your assignment to our experts and they will do the rest.

Get custom essay

Policy Statement: 

This policy will address response to downtime situations of the systems that Grace University Hospital uses for its daily operations regarding electronically protected hospital information ePHI. This contingency plan will be implemented in such times of emergency when caused by disasters like fire, vandalism or virus attack and also times of system failure when normal system procedures are unavailable. Data back up plans, emergency mode operations, data recovery and testing and revision are covered. 

Applications and Data Criticality Analysis: 

1. System IT manager with his team will determine the criticality of all applications and stored data to make decisions on the level of significance. 

2. They will also assess the effect of inaccessibility or unavailability of the data to the hospital’s operations. 

3. Then they will determine the readiness for disaster for all applications and systems to decide on the best components for disaster preparedness. 

4. They will assess the importance of each group of data entered into the system. 

Data Backup: 

1. ePHI for Grace University Hospital is stored on local servers. 

2. Information systems for electronic health records are stored in local server #1 and are backed up after every 24 hours to an unencrypted hard drive from a local service provider. 

3. Lab information systems are stored in local server #1 and backed up daily into the same off-site hard drive. 

4. Radiology information and file server are stored in local server #2 then backed up after every 24 hours in a different unencrypted hard drive stored in a local service provider. 

5. Diction system stored in local server #2 and backed up in an off-site unencrypted hard drive. 

6. Electronic collection systems are stored in a cloud-based system and back up in an off-site location. 

7. Records of backed up data will be stored in an off-site location. 

8. After every two weeks backed up data is copied to a flash drive by the IT manager and stored in a safe deposit both with the clear procedure of accessing. 

9. Data backup procedures to be reviewed annually. 

Data Recovery Plan: 

1. Restoration will be done from local servers. 

2. The IT manager and his team will be responsible for the recovery process. They will work in collaboration with the HIPAA security officer. 

3. The IT manager will document the cause of system failure 

4. The IT manager will provide the procedure for restoration. 

5. However, most important files which are the health records will be restored first followed by file server than others. 

6. Restored data will be analyzed for integrity. 

7. Data recovery to take at most six hours. 

8. A log of the recovery process should be kept including challenges of the process. 

9. The recovery procedures will be reviewed annually to assess their effectiveness and make improvements. 

Emergency Mode Operation Plan: 

1. If downtime occurs, the HIPAA security officer will take over emergency mode operations and lead the process. 

2. Proper communication to be done at this downtime by managers at all levels. 

3. Necessary and accurate documentation will be done on paper in such a situation and will be monitored by managers. 

4. The HIPAA security officer together with the IT team will work to protect ePHI during this time. 

5. The IT manager will do documentation of the cause of the downtime together with action for recovery. 

6. Patient appointments will only be done when their safety and care is assured. 

Testing and Revision Procedure

1. Contingency plans will be tested every 12 months determine their effectiveness. 

2. Weaknesses in the plan should cause it to be revised. 

3. Testing of the backup plan and components will be done every three months to assess their readability and inform decisions on whether to change them to protect the authenticity of restored data. 

4. Personnel in assessed on their understanding of the contingency plan and trained appropriately. 

5. Tests performed should be documented together with their results and measures that were taken to address them. 

6. Testing and revision of the contingency plan after every three years. 

Recommendations 

1. Local servers at the hospital need to have an off-site backup location. such locations also need to be secure and the stored data inaccessible to procedurally unidentified people. An offsite backup location is advantageous because data will be safe and accessible in the event of a disaster like fire at Grace University hospital. 

2. All ePHI systems at the hospital should have strong password encryption. All hospital personnel needs to be advised to choose strong passwords consisting of six or more characters to prevent unwarranted persons from accessing patient information. Such strong passwords also guard the system against hackers’ attacks. 

3. Both servers at the hospital store critical information. Additionally, they host email communication in the organization. The servers, therefore, need to be protected both from online attacks and physical tampering. Extra layers of security should be provided for the servers. The physical location of the servers should also remain unknown. 

4. The hospital management needs to explore the possibility of all the systems using a cloud-based storage system. This would protect provide a high level of protection against virus attacks that would cause downtime. Additionally, data recovery would be much easier and quicker with a cloud-based storage system. In addition to safety, such systems are cheaper than the outdated safe deposit boxes used by the hospital. 

5. Emergency mode operations can be made smooth with a backup auxiliary system that is hosted on a different server from the main activities. This system can be helpful in situations where the main system fails. It will also eliminate the need for tedious and unreliable paperwork. 

6. Improvements in the contingency plan may also be made in collaboration with other hospitals. The management of Grace University Hospital can benchmark at other facilities in order to eliminate weaknesses and improve their HIPAA policy contingency plan. 

References 

HIPAA. (2007). HIPAA Security series. Retrieved 3 February 2018, from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf. 

HIPAA. (2013). HIPAA Security Regulations. Retrieved 3 February 2018, from https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplification-201303.pdf 

HIPAA. (2016). HIPAA Audit Protocol. Retrieved 3 February 2018, from https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/protocol/index.html 

Illustration
Cite this page

Select style:

Reference

StudyBounty. (2023, September 15). Grace University Hospital: Updated HIPAA Contingency Plan.
https://studybounty.com/grace-university-hospital-updated-hipaa-contingency-plan-term-paper

illustration

Related essays

We post free essay examples for college on a regular basis. Stay in the know!

The 1931 Central China Flood

The country of China was a vibrant agricultural hub in the early 18th century. The agriculturists cultivated on every available fertile piece of land. Their activities disrupted wetlands and Nanyang trees were felled...

Words: 625

Pages: 2

Views: 143

2009 Washington DC Metro Train Collision

The 22 nd of June 2009 saw the collision of two southbound Red Line Washington Metro trains. The total number of casualties was nine with tens of others being injured. According to DC Metro, the cause of the accident...

Words: 554

Pages: 2

Views: 80

Comparing and Contrasting the Rural, Urban, and Insurgent Models of Terrorism

In the purest sense, the term terrorism refers to the application of intentional brutality and violence, in general against unarmed civilians, mainly for political reasons. The term was coined during the French...

Words: 325

Pages: 1

Views: 518

Understanding Response and Recovery

The emergency management system will have to change the response and recovery protocols for better response to an emergency. The changes in the system will entail new official organizations and primed plans for...

Words: 374

Pages: 1

Views: 209

Why Radicalization Fails: Barriers to Mass Casualty Terrorism

Radicalization is a concept that refers to the gradual social processes used to explain changes in behaviours or ideas. There is a clear distinction between behavioural and cognitive dimensions of...

Words: 1951

Pages: 7

Views: 134

Information Sharing and Collaboration: Department of Homeland Security

The Department of Homeland Security (DHS) has many intelligence agencies used for protecting American citizens. The various agencies should collaborate by sharing information to combat threats to Americans....

Words: 307

Pages: 1

Views: 62

illustration

Running out of time?

Entrust your assignment to proficient writers and receive TOP-quality paper before the deadline is over.

Illustration