eHealth

Secure Health Information Exchange: Preparing for a Disaster

onlinetech
onlinetech
5 Min Read
HIPAA Hosting Requirements: Disaster Recovery & Offsite Backup

The ONC (Office of the National Coordinator for Health) recently blogged about disaster preparedness and health information exchange (HIE), citing the recent Hurricane Isaac as a reason for concern about accessing and locating health records in another state. In the event of a natural disaster, many people are displaced in neighboring states and may need access to their health records.

The ONC (Office of the National Coordinator for Health) recently blogged about disaster preparedness and health information exchange (HIE), citing the recent Hurricane Isaac as a reason for concern about accessing and locating health records in another state. In the event of a natural disaster, many people are displaced in neighboring states and may need access to their health records.

To answer the question, are we ready? the ONC created a consortium with representatives from several Southeast states; the Southeast Regional HIT-HIE Collaboration (SERCH). Their recommendations for HIE between different states in the event of a disaster are as follows:

  • Review the state’s disaster response policies and laws. Connect with the state agency that is responsible for Emergency Support Function #8 (ESF) (Public Health and Medical Services) before a disaster strikes. ESF allows for coordinated federal assistance to supplement medical resources in an emergency.
  • One way to establish a waiver of liability for the release of records in the declaration of an emergency is to enact the Mutual Aid Memorandum of Understanding (MOU), a type of contract.
  • In the event of a disaster, this also allows the default of state privacy and security laws to the federal Health Insurance Portability and Accountability Act (HIPAA). This is helpful if one state has more stringent patient privacy and security laws than another. It ensures that if a patient is relocated away from the disaster site, they can still receive care and not be held up by state laws.
  • Consider using the Data Use and Reciprocal Support Agreement (DURSA)  to address patient privacy, security and data-sharing concerns. DURSA is a trust agreement between entities, organizations and federal agencies that choose to exchange electronic health information based on a set of national standards, services and policies. This ensures everyone is on the same page with security, and is useful in the event of a disaster when people are displaced.
  • Assess HIE resources and other available health data-sharing entities, and consider a phased approach when establishing interstate HIE:
  1. Phase 1 includes leveraging existing systems of storing and transmitting ePHI (electronic protected health information).
  2. Phase 2 includes implementing interstate directories to provide data across services in a disaster.
  3. Phase 3 includes leveraging a fully functioning state HIE that allows for integrated patient look-up and physician authentication services.
HIPAA Hosting Requirements: Disaster Recovery & Offsite Backup

HIPAA Hosting Requirements: Disaster Recovery & Offsite Backup

While preparing for HIE in the event of a disaster is key to providing quality care, preserving and ensuring the availability of patient records is a healthcare organization’s responsibility. The HIPAA Contingency Plan standard described in section 164.308(a)(7) mandates the use of a data backup plan, disaster recovery plan, emergency mode operation plan, testing and revision procedures, and application and data criticality analysis.

More Read

Can Big Data Spot Suicidal Attempts in the Military?
Why Dental Offices Need a Custom Mobile Application?
Social Media – Shoulder Surgery Decision Making
HIMSS 2013: Radiology IT Undergoing Radical Changes and Meaningful Use is Just the Beginning (Part II of II)
Social Media and Healthcare: Inbound vs. Outbound Marketing

Protecting healthcare data and ensuring its availability means putting procedures in place to mitigate disasters, and having a solid plan in-hand to activate when a disaster occurs. The infrastructure to do this is defined by two perspectives:

  1. Disaster Prevention – Putting all the tools in place to minimize the probability of an outage in the data center infrastructure, server hardware, software and network connectivity.
  2. Disaster Recovery – Assuring that the applications and data can be recovered and restored in a reasonable timeframe to continue running the business and making patient data available if a disaster occurs in the primary data center.

The use of HIE systems, including EHR (electronic health record) and EMR (electronic medical record) systems, requires data to be hosted in a secure, HIPAA compliant environment. To find out what components are necessary for a HIPAA compliant data center, including a full diagram and descriptions, read our HIPAA Compliant Hosting white paper.

References:
DURSA from the National eHealth Collaborative
Disaster Preparedness and Health Information Exchange
Emergency Support Function #8 – Public Health and Medical Services Annex (PDF)
Southeast Regional HIT-HIE Collaboration (SERCH) Final Report: Health Information Exchange in Disaster Preparedness and Response (PDF)

TAGGED:
Share This Article

Stay Connected

Latest News

The Backbone of Successful Trials: Clinical Data Management
Global Healthcare
The Role of Comprehensive Psychiatric Evaluations in Effective Mental Health Care
The Role of Comprehensive Psychiatric Evaluations in Effective Mental Health Care
Mental Health
Outdoor Containment Setup with Medical Personnel in Protective Gear Walking Towards Tent During Autumn Season in a Forest Environment
Engineering Temporary Hospitals for Extreme Weather
Health Hospital Administration
talk junkie mental health support
AI and Emotional Support_ How Talkie Lab is a Valuable Tool
Technology

You Might also Like