Business Continuity and HIPAA Business Continuity Management in the Health Care Environment [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Business Continuity and HIPAA Business Continuity Management in the Health Care Environment [Electronic resources] - نسخه متنی

Jim Barnes

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Table of Contents

BackCover

Business Continuity and HIPAA-Business Continuity Management in the Health Care Environment

Preface

Foreword

Foreword by the Business Continuity Institute (BCI)

Foreword by the Disaster Recovery Institute International (DRII)

Foreword to the 2nd Edition

Introduction

Chapter 1: Business Continuity Planning and HIPAA

Chapter 2: Project Foundation

BUSINESS CONTINUITY PLANNING EVALUATION

SURVEYS

PRE-PROJECT QUESTIONNAIRE

POLICY STATEMENT

EMERGENCY CONDITIONS

BUSINESS CONTINUITY PLANNING

RESPONSIBILITIES OF MANAGMENT

MAJOR ELEMENTS OF A BUSINESS CONTINUITY PLAN

DATA REQUESTS

KICK-OFF MEETING

Chapter 3: Business Assessment

ASSESSING THE BUSINESS

BUSINESS IMPACT ANALYSIS (BIA)

BUSINESS IMPACT ANALYSIS QUESTIONNAIRE

Chapter 4: Strategy Selection

STRATEGY SELECTION

COMPUTER CENTER RECOVERY

" TRADITIONAL " STRATEGIES

DATA RECOVERY

OTHER COMPONENT RECOVERY

CONCEPTUAL COMPONENT BUSINESS MODEL

COMMUNICATIONS RECOVERY

DATA COMMUNICATIONS

FACILITIES RECOVERY

POWER

STAFF RECOVERY

VENDOR SELECTION

CUSTOMER RELATIONS

PATIENT SERVICES

PLAN STRATEGIES

PLAN FUNDING

Chapter 5: Plan Development

TEAMS

ACTION PLAN BY TEAM

SERVICES PRIORITY ORDER

PROCEDURES TASKS AND SCHEDULES

DAMAGE ASSESSMENT FORM

PUBLIC COMMUNICATIONS TEAM

PUBLIC COMMUNICATIONS TEAM SUCCESSION LIST

DAMAGE ASSESSMENT FORM

RESOURCE ITEM MATRIX

Chapter 6: Testing and Maintenance

MAINTENANCE

Appendix 1: Disaster Recovery Journal Survey Results http://www.Drj.Com

Appendix 2: Sample Bia Management Summary Report

STRENGTHS AND CONCERNS

Appendix 3: Request For Proposal-ABCD Company Request for Proposal

II PROPOSAL PREPARATION/SUBMISSION

III VENDOR INSTRUCTIONS

IV TECHNICAL SPECIFICATIONS AND REQUIREMENTS

Appendix 4: Vendor Listing

Appendix 5: Test Plan Example

II TEST OBJECTIVES

III TEST EXIT/POST TEST AUDIT

Appendix 6: Management Presentation

Glossary

B

C

D

E

F

G

H

I

J-K

L

M

N

O

P-Q

R

S

T

U

V

W

X-Z

List of Sidebars
توضیحات
افزودن یادداشت جدید







BUSINESS CONTINUITY PLANNING EVALUATION


Plan Management




Does this healthcare organization have a business continuity planning project plan or program?



Does the healthcare organization's business continuity planning address computer recovery issues as well as recovering other environmental components (facility, power, staff, etc.) that allow the business to function?



Does the business continuity planning program have a budget?



Is there a business continuity planning policy statement?



Have business continuity planning team member roles and responsibilities been assigned at an appropriate level of authority to carry out responsibilities?



Does the healthcare organization have Business Continuity Planners?



Do the business continuity plans address a worst-case scenario?




Business Impact Analysis




Has a Business Impact Analysis (BIA) been completed?



Does the BIA assess the dollar value and market share implications of the healthcare organization being out of service for a given amount of time?



Does the BIA identify critical processes and their dependencies?



Have threat avoidance and loss mitigation measures for critical assets been identified?



Have recovery time objectives (RTOs) been assigned to all critical components?



Have key vendors been contacted and arrangements made to provide critical goods and services in a timely manner in the event of an emergency?



Have minimum recovery resources items been identified?



Is the data backup procedure adequate to fulfill HIPAA requirements?




Recovery Strategies




Are there recovery strategies for all the critical components of production?



Are there provisions to safeguard data during recovery?



Is there a strategy for both temporary resumption of services and for full recovery of normal operations?



Has the configuration of critical Information Technology equipment been documented?



Have the requirements for a temporary facility been documented? Has a telecommunications inventory been produced? Does the inventory include:



Information about modems, communication lines, and switching equipment?



Information about voice and data lines to customers and other healthcare organizations?



Circuit identification numbers of communications channels?





Is there an inventory of critical systems software?

Does the inventory include:



Configurations;



Versions/releases and dates of last update;



Security software needed to ensure protection and control of data access paths throughout recovery?



Vendor identification and information?





Is the recovery of critical applications and data tested periodically?



Do all critical components have an automatic fail-over component available?




Plan Development




Does the business continuity plan contain:



Contact information for all team members;



Inventories of resources items;



Equipment specifications;



Vendor details;



Hot site configuration details (if a hot site is used);



Communications and equipment layout schematics.





Does the healthcare organization understand how long it would take to recover the Information Technology function?



Have procedures to address the recovery of data lost between the last backup and the time of disaster been developed and documented?



Does the plan contain procedures designed to react to cyber attacks?



Does the plan contain damage assessment procedures?



In the plan, do all resource categories have an associated recovery procedure?




Plan Maintenance




Are there procedures for maintaining the plan?



Have maintenance triggers been identified?



Are plans reviewed for their current status?




Plan Testing




Are the plans tested periodically?



Are test results compared against test criteria to determine the relative success of the test?



After the test, are outstanding issues identified?



Is the business continuity plan modified as a result of issues identified during testing?



Has the plan been exercised, via testing or actual recovery situations, and met its stated recovery time objectives?



I have used this questionnaire or a variant on many occasions. What always amazes me is the interest with which senior managers view the results. If you depict the results in a bar-chart with each bar representing a percentage of questions in a category being answered "yes", you will have a very powerful tool to use to get management's attention. The following is an analysis of a payer healthcare organization:


/ 90