The effects of Hurricane Harvey demonstrate why data backups, emergency access, and disaster recovery requirements in HIPAA are a must.

During Hurricane Harvey, many people were moved and evacuated before and during the hurricane.  Consequently, that meant some health care organizations shut down temporarily and moved patients to other facilities.  Additionally, many people still needed health care during the hurricane, whether that was preexisting conditions, events that occurred because of the hurricane or the regular occurrence of injuries and illnesses.

Because of all the movement of patients, having access to health care records was still vital in order to provide the right care to the right patients based on their medical histories and diagnoses. Even if certain areas of the country were completely shut down by the hurricane, it’s important to have other means for accessing patient information.

HIPAA specifically requires data backups, emergency access, and disaster recovery plans for these exact situations.  Health care never sleeps, and emergency access to records is vital for patient care.  All those patients that still needed health care during Hurricane Harvey had information in their records that was important to their care, such as information on medications, current diagnoses, and previous treatments or adverse reactions.  Even if a hospital was closed, the information was still needed where the patient was being treated.

Data backups are also a very necessary part of the disaster recovery process.  During and after this storm, many facilities experienced flooding.  While often the damage didn’t affect computer systems, this is the perfect time to think about what could have happened and what could be done to protect your organization in the future.  One facility implemented “submarine” doors after Tropical Storm Allison destroyed the campus in 2001.

Backups are useful if your systems no longer have electricity from downed power lines.  They are also useful if a server is flooded.  Backups should be stored offsite whenever possible. Oftentimes, EHRs provide this component as part of their contract.


For more information on disaster recovery plans and the HIPAA requirements, join HIPAAgps today.