Security Rule: Business Continuity Planning and Disaster Recovery*

The objectives of this chapter are as follows: ■

Understand the requirements for a business continuity and disaster recovery plan under the HIPAA Security Rule.

■

Understand requirements under the contingency plan.

■

Determine requirements for the data backup plan.

■

Determine requirements for the disaster recovery plan.

■

Understand requirements under the emergency mode operation plan.

■

Develop testing and revision procedures.

■

Understand requirements to conduct analysis on applications and data criticality.

■

Develop a plan to address both operational and regulatory requirements.