HIPAA regulations state that healthcare facilities must have a disaster recovery plan in place. However, just because a plan is in place doesn’t mean it’s necessarily an effective plan or that it even plans for every circumstance. Mike Tyson once said that “everybody has a plan until they get punched in the mouth.” Fortunately for you, TOSS C3 is a HIPAA compliant cloud services provider and we can give you some solid advice for building a strong disaster recovery plan!

You Need Backup

Time is money, we all know that. Unfortunately when disaster strikes, whatever it may be, you will inevitably lose time. You need a contingency plan for the recovery period of getting your applications and data back.

Before disaster even strikes, you need to determine what the most crucial data your business holds. Typically for a healthcare organization this is patient records and HR data because it includes addresses and social security numbers. Obviously all data is important, but you need to create a prioritization list so your managed services provider knows exactly what to do.

Having a managed services provider in your corner is strongly recommended when it comes to disaster recovery because not only do they greatly lessen the chances of disasters from occurring in the first place, but if it does happen they should have backups of your data and applications on their machines ready to go.

With an MSP, the recovery process can take mere hours depending on the severity of the disaster. Even if your computers are destroyed from a fire or tornado, the provider can install everything onto computers at another location.

Not All MSPs are Created Equal

If you choose to work with a managed services provider, you must make sure they are HIPAA compliant and that they have experience in the healthcare industry. Not all MSPs are, and they certainly won’t tell you that if you don’t ask.

Moving around sensitive healthcare information is a very delicate procedure, legally speaking. There are many HIPAA security procedures that govern how this must be done in a way that’s not unsafe or compromising, so make sure you don’t leave your data in the hands of an unskilled provider.

Once you’ve chosen your MSP and have worked with them to create an internal communication and action plan, you need to create an external communication plan. Customers and stakeholders should be made aware if a disaster strikes and how quickly you are responding to it. After all that is set, work with your MSP to run some test drills to see really how quickly you would be able to recover from a disaster and to make sure you won’t panic when it’s go time.

If you are interested in working with a HIPAA compliant cloud services provider that currently works with healthcare organizations, give TOSS C3 a call at 1-888-884-8677 and ask about our services!