Experienced Cyber Security Professional
The Boy Scout motto is “be prepared.” It makes total sense, then, that the Emergency Preparedness merit badge is a requirement for all Scouts working to earn their Eagle rank – scouting’s highest achievement.
The Emergency Preparedness merit badge requires every Scout to understand five key aspects of emergency preparedness and planning. Those areas of focus challenge the Scout to 1) prepare for, 2) respond to, 3) recover from, 4) prevent, and 5) mitigate potential emergency and disaster situations. Each young Scout is presented with a list of “what if” scenarios ranging in scope and impact. Examples include a wide range of incidents, such as a kitchen fire, a boating accident – even a nuclear power plant emergency.
We should all have these kinds of plans for our home and our business. Not only is it a great idea that makes a lot of plain ol’ business sense – it also happens to be a HIPAA requirement (whoop, there it is!). Every dental practice should have a designated Contingency Plan Coordinator tasked with the completion of your practice’s Emergency Preparedness plan. Think of it like an office merit badge.
HIPAA’s emergency preparedness planning falls under the category of business continuity and is defined as your practice’s ability to provide uninterrupted emergency patient care and access to electronic protected health information (ePHI). It is up to each individual practice to define what emergency patient care means within the context of your respective practice and the services it provides.
How would your practice prepare for, respond to, recover from, prevent, and mitigate the following “what if” scenarios including: a computer dying in an operatory? A server crash? An office fire or flood? A prolonged Internet outage? A prolonged power outage? A key employee quitting or getting fired? What about natural or man-made disasters common to your area?
Continuity planning almost always comes down to implementing redundancies in systems, people, and processes - evaluating the costs of each of those components, and then weighing those costs against what your practice has deemed as acceptable downtime and/or loss. It’s a risk analysis that will differ for each and every practice. Remember that while HIPAA allows for downtime, the loss of or interruption of access to patient data is not acceptable.
Finally, to complete your Emergency Preparedness office merit badge you must document these plans, get your staff together, and talk through each scenario. To a person, your staff should be ready and able to implement your disaster recovery plan if the situation arises.
Whether we’re discussing emergency preparedness or business continuity, it all comes back to the Scout motto - be prepared!
If you missed our recent Bite-Size HIPAA: Business Continuity workshop – it is now available online and on demand at www.bitesizehipaa.com. ISDA Members can save $30.00 using the promo code ISDA18BMK. Promo code expires 3/31/18.
Copyright © 2018 Small Horse Technology for Dentists. Bite-Size HIPAA® is a registered trademark of Small Horse Technology for Dentists.