How confident are you that all your electronic protected health information (ePHI) is safeguarded in a disaster scenario?
We’ve helped hundreds of practices just like yours create or improve an Emergency Mode Operations Plan.
The Emergency Mode Operation Plan contains the procedures, methods, and processes to keep PHI protected and available during a crisis. Beyond protecting data, the Emergency Mode Operation Plan also satisfies the PHI availability goal of the HIPAA security rule.
If you’ve never tested your disaster recovery solution; you should assume it doesn’t work…
Is your disaster recovery plan operational?
Even the best backup and recovery plans can fail if they haven’t been practiced. A full test means engaging directors and the management team in a realistic, simulated experience to rehearse the steps for executing the plan.
Path Forward partners with you to develop and fully implement an Emergency Mode Operations Plan, then confirms you know how to use in an emergency.
EHR Specific Data Recovery
- HIPAA Compliance Consulting: We apply our extensive understanding of the HIPAA technical criteria to confirm your plan meets every requirement.
- Vulnerability Detection: Step by step, we examine your plan against potential vulnerabilities using our proprietary process.
- Testing: Before your Emergency Mode Operations Plan can be considered final, we work with you to test it under realistic, simulated disaster circumstances.
- Address Risk Areas: We provide consulting and support to solve for any vulnerabilities.
- Annual Certification: Practices that sign on to our annual testing program can earn a Patient Shield certification. This is a visible way to underscore your commitment to protecting your patients’ privacy and safeguarding ePHI.
Do you know your RTO and RPO?
A key element of the Emergency Mode Operations Plan is declaring your Recovery Time Objective and this can be tricky. EHRs require a very prescriptive system of recovery steps that most data recovery providers don't accommodate because they don't understand healthcare. The Patient Shield team makes sure you are set up to meet your RTO and RPO goals.
Does your executive board sign off on your RPO and RTO? (they should!)
RTO = Recovery Time Objective
When an event happens, how much time will pass continuously until you have access to an alternative copy of the data?
Also referred to as Return to Operations -- this is critical for healthcare because it translates to how long you are unable to provide patient care following a disaster. Your executive board should be involved in signing off on what they determine is an acceptable RTO for your practice.
RPO = Recovery Point Objective
The span of time that has elapsed since the last data backup.
Most companies and healthcare practices put more emphasis on this instead of RTO. While setting frequent automatic data backups is important, making sure the data is backed up in a logical and secure way greatly impacts the ability to restore operations and your RTO.