Jim Barnes - Business Continuity and HIPAA
This book examines business continuity planning as adapted to encompass the requirements of The Health Care Portability and Accountability Act of 1996, or HIPAA. We examine the typical business continuity planning model and highlight how the special requirements of HIPAA have shifted the emphasis.
The layout of this book was designed to afford assistance, hints, and templates to the person charged with the task of implementing business continuity planning into a healthcare organization.
You will notice that this book does not address Emergency Management (building evacuations and other immediate response procedures) because this is outside the scope of the HIPAA regulations.
Upon reading and re-reading the HIPAA regulations and the "Comments and Responses" in the federal register, it becomes quite evident that the "Contingency Plan" (read Business Continuity Plan) requirements were written by those looking to protect health information data. That being said, many of the examples that I use in this book relate to information technology and disaster recovery (recovery of computer capabili-ties). What is also important, and that I try to emphasize throughout the book, is that recovering the com-puter systems of a health care organization will not necessarily get it operational again after a disaster; a multitude of other production components must be present in order to deliver services and products to customers/patients. Where appropriate, I have identified procedures and strategies that are unique to healthcare provider organizations. If not so indicated, it can be assumed that I am referring to healthcare organizations in general.