Have you been keeping up with our HIPAA Readiness Series? We have been exploring why HIPAA is back in the news, what to do if you experience a HIPAA breach, and the fact that you, as a Pharmacy Owner, are responsible for your employees actions if they violate HIPAA. Let’s continue exploring the importance of HIPAA Readiness by using this REAL LIFE situation that happened to my company.
#4 Preparing for the Deluge: Risk Analysis/Disaster Recovery Plan
It can happen to anyone, and it happened to PRS last week! On a dark, deserted Saturday night, a major water pipe on the top floor of our 19th century building burst. Motion detectors triggered the alarm, but by the time the water flow was under control, the three occupied floors were a wet mess. Some computers survived, others were a complete loss, but our server was back in business by Tuesday afternoon.
We hadn’t expected a deluge from above, but we created our Disaster Recovery Plan / Contingency Plan years ago and when the flood occurred it was implemented. We understood our operations and our needs based on our risk analysis we had performed. In the Risk Analysis we were able to identify our critical systems and identified all of the threats and vulnerability that existed to our operations. This allowed us to ensure we had the proper policies, technical safeguards and an effective Disaster Recovery Plan / Contingency Plan to protect the important data stored on our computers. Performing a detailed, well-considered risk analysis is a requirement of HIPAA. Every covered entity is responsible for the confidentiality, integrity, and availability of the electronic protected health information (ePHI) it holds. You must imagine what might endanger your ePHI and put safety measures in place.
PRS was hit with a flood; you might be hit by computer hackers. Every situation must be considered. And because new computer products continually come on the market, new employees join your staff, new malware is invented by hackers, you need to review your risks and solutions periodically. Additionally, whenever you make a change to your pharmacy such as remodeling your interior space, buying new hardware, altering your procedures or your employees’ job descriptions – think about how that might impact your risk analysis and your Disaster Recovery Plan.
It’s the law and it’s good business. A periodic review of your risk analysis is an essential insurance policy against loss, theft, or corruption of your ePHI files.
For more information about HIPAA and other pharmacy compliance solutions for your pharmacy, call PRS at 1-800-338-3688 and speak with one of the Specialists. Please visit the Blog for additional posts on compliance issues and what you need to know as a pharmacy owner.