1、Designation: E 2682 09Standard Guide forDeveloping a Disaster Recovery Plan for MedicalTranscription Departments and Businesses1This standard is issued under the fixed designation E 2682; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revis
2、ion, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide applies across multiple medical transcriptionsettings in which healthcare documents are ge
3、nerated andstored: medical transcription departments, home offices, andmedical transcription service organizations (MTSOs). Cur-rently there is no standard disaster recovery plan in the medicaltranscription industry to provide guidelines for individuals,departments, and businesses to use for designi
4、ng a disasterrecovery plan for their medical transcription environment.1.2 A disaster is when a sudden event brings great damage,loss, destruction, or interruption of critical services. Theseguidelines could assist in developing an organized response toreduce the time for loss of services, maintain
5、continuity ofworkflow, and speed the overall business recovery process.1.3 This guide supports the HIPAA Security Rule forensuring data integrity with a contingency plan to include adata backup plan, a disaster recovery plan, and an emergencymode operational plan.21.4 This guide is consistent with t
6、he requirement for disasterplanning and recovery procedures as stated in Guide E 1959.1.5 This guide is not intended as a disaster recovery plan forHealth Information Management Departments or for an entirehealthcare facility.2. Referenced Documents2.1 ASTM Standards:3E 1869 Guide for Confidentialit
7、y, Privacy,Access, and DataSecurity Principles for Health Information Including Elec-tronic Health RecordsE 1959 Guide for Requests for Proposals Regarding Medi-cal Transcription Services for Healthcare Institutions2.2 Other Documents:Public Law 104-191 Health Insurance Portability and Ac-countabili
8、ty Act of 1996 (HIPAA)245 CFR Part 142 Security and Electronic Signature Stan-dards43. Terminology3.1 Definitions:3.1.1 author, nthe person originating content for a health-care document.3.1.2 backups, nretrievable, exact copies of data. Theprimary method for ensuring that organizations can recoverf
9、rom a system crash or disaster.53.1.3 confidential, adjstatus accorded to data or informa-tion indicating that it is sensitive for some reason, andtherefore, it needs to be protected against theft, disclosure, orimproper use, or a combination thereof, and must be dissemi-nated only to authorized ind
10、ividuals or organizations with aneed to know. E 18693.1.4 confidentiality, nthe property that information is notmade available or disclosed to unauthorized individuals, enti-ties, or processes. 45 CFR Part 1423.1.5 contingency plan, nan alternate way of doing busi-ness when established routines are
11、disrupted.53.1.6 disaster, na sudden event bringing great damage,loss, destruction or interruption of critical services.3.1.7 individually identifiable health information, nanyinformation, including demographic information collectedfrom an individual, that (1) is created or received by a healthcare
12、provider, health plan, employer, or health care clearing-house; and (2) relates to the past, present, or future physical ormental health or condition of an individual, the provision ofhealth care to an individual, or the past, present, or futurepayment for the provision of health care to an individu
13、al, and(i) identifies the individual, or (ii) with respect to which thereis a reasonable basis to believe that the information can be usedto identify the individual. Public Law 104-191,Section 1171 (6)3.1.8 privacy, nthe right of an individual to be left aloneand to be protected against physical or
14、psychological invasion1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.15 on HealthcareInformation Capture and Documentation.Current edition approved April 1, 2009. Published May 2009.2Available from U.S. Govern
15、ment Printing Office Superintendent of Documents,732 N. Capitol St., NW, Mail Stop: SDE, Washington, DC 20401. See alsohttp:/aspe.hhs.gov/admnsimp.3For referenced ASTM standards, visit the ASTM website, www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandard
16、s volume information, refer to the standards Document Summary page onthe ASTM website.4Available from the U.S. Department of Health it includes a professionally licensedpractitioner who is authorized to operate a healthcare deliverysystem. E 18693.1.10 secure environment, nfree from access by unau-t
17、horized persons and from unauthorized or accidental alter-ation.3.1.11 security, nencompasses all of the safeguards in aninformation system, including hardware, software, personnelpolicies, information practice policies, disaster preparedness,and the oversight of all these areas. The purpose is to p
18、rotectboth the system and the information it contains from unautho-rized access from without and from misuse from within.45 CFR Part 1423.2 Acronyms:3.2.1 HIPAAHealth Insurance Portability and Account-ability Act3.2.2 MTmedical transcriptionist3.2.3 MTSOmedical transcription service organization4. S
19、ignificance and Use4.1 This guide acknowledges the importance of a well-designed disaster recovery plan that will protect health infor-mation and business information from damage, minimizedisruption, ensure integrity of data, and provide for orderlyrecovery.4.2 This guide suggests methods to protect
20、 the confidenti-ality and security of healthcare documentation during a disas-ter.4.3 It is intended that this guide will contribute to compli-ance with laws and regulations to improve protection of healthinformation documentation and data integrity with the devel-opment of the contingency plan requ
21、irement.4.4 This guide will explain key points to include in prepar-ing a disaster recovery plan to resume operations and minimizelosses due to unscheduled interruption of critical services if adisaster would occur.4.5 This guide is intended to assist in the development ofappropriate policies and pr
22、ocedures that provide protection forindividually identifiable health information in a secure envi-ronment in the event of a disaster.5. Elements of Disaster Recovery PlanningNOTE 1Disaster recovery planning includes the identification of keycomponents of a disaster recovery plan, gathering the neces
23、sary informa-tion to provide the details to tailor the plan to meet the organizationsneeds, formalization and approval of the disaster recovery plan, annualtesting of the implementation of the requisite disaster recovery action, andformal review and necessary revision of the disaster recovery plan.5
24、.1 Activation of Response Plan:65.1.1 Policy Statement:5.1.1.1 To ensure that the plan is effective and that allinvolved understand its purpose, there must be a clearlydefined policy statement. This statement should define thescope and overall objectives of the plan.5.1.2 Table of Contents.5.1.3 Int
25、roduction:5.1.3.1 Use of the document.5.1.3.2 How it is to be revised.5.1.3.3 Training requirements.5.1.3.4 Exercise and testing schedules.5.1.3.5 Plan maintenance schedule.5.1.3.6 Roles and responsibilities.5.1.3.7 General information about the facility.5.1.3.8 Compliance with federal, state, local
26、, and healthregulatory agencies.5.1.4 Emergency Information Sheet:5.1.4.1 Fire/police departments.5.1.4.2 Hospitals.5.1.4.3 Emergency shut-off.5.1.4.4 Utility companies.5.1.4.5 Other agencies needed for an emergency.5.1.4.6 Telephone/reporting tree.5.1.4.7 List of assistance/equipment vendors.5.1.5
27、Resource Priorities:5.1.5.1 Personnel.5.1.5.2 Records.5.1.5.3 Technology.5.1.6 Plan Activation with Response Outline:5.1.6.1 Lead personnel responsibilities.5.1.6.2 Assessing the situation.5.1.6.3 Organizing/prioritizing efforts.5.1.6.4 Establishing a command post.5.1.6.5 Eliminating hazards.5.1.6.6
28、 Controlling the environment.5.1.6.7 Dealing with media.5.1.6.8 Obtaining emergency services/supplies.5.1.6.9 Providing security.5.1.6.10 Providing personnel needs.5.1.7 Activation of Recovery Procedures:75.1.7.1 Obtaining authorization to access damaged facilitiesor geographic areas or both.5.1.7.2
29、 Notifying personnel.5.1.7.3 Notifying utilities and other agencies required forresuming business.5.1.7.4 Obtaining supplies needed for business.5.1.7.5 Obtaining and installing necessary hardware com-ponents.5.1.7.6 Obtaining and loading backup media.5.1.7.7 Restoring critical operating system and
30、applicationsoftware.5.1.7.8 Restoring system data.5.1.7.9 Testing system functionality including security con-trols.5.1.7.10 Connecting system to network or other externalsystems.6The U.S. National Archives consider remote access for critical applications.5.9.2 Here is an example of contingency plan
31、ning foralternative office space:Facility CapacityEach ShiftEstimateMinimum StaffSupplies/Equipment NeededABC 4 spaces 1 clerical3MTEmployee identification, keys orprivate access code, phone, inter-net, computer, printer, backupdrives, fax, etc.XYZ 6 spaces 1 clerical5MTEmployee identification, keys
32、 orprivate access code, phone, inter-net, computer, printer, backupdrives, fax, etc.5.9.3 Establish a contingency plan for the following impor-tant items:5.9.3.1 Privacy and security of individually protected healthinformation, voice and text, digital and paper.5.9.3.2 Ongoing transcription being pe
33、rformed by remotestaff not affected by the disaster.5.9.3.3 Provision of needed transcription support services.(1) Evaluation of needs for remote or onsite medicaltranscriptionists and other staff.5.9.3.4 Preservation of data integrity.5.9.3.5 Quality assurance for ongoing transcription.(1) Evaluati
34、on of needs for remote or onsite qualityassurance editors.5.9.3.6 Turn-around time for transcribed documents.5.9.3.7 Dictation services for authors.5.9.3.8 Dictation (voice file) access support for medicaltranscriptionists or clients or both.5.9.3.9 Transmission or transportation or both of confiden
35、-tial healthcare documentation (paper or electronic or both) toall involved parties.5.9.3.10 Procedures for handling any material that has beendamaged and needs to be recovered or restored, i.e., wetdocuments, wet or burned hard drives, etc.5.9.3.11 Procedure to reset passwords in case of systemfail
36、ure.5.9.3.12 Security services for personnel and facility protec-tion.6. Organization of Key Business Information andDocuments6.1 Know where the organizations information is so that ifstaff is displaced from the office, steps can be taken to resumebusiness operations. See Table 1.E26820956.2 Personn
37、el InformationList all names, home ad-dresses, phone numbers, email addresses, emergency contacts,etc. (see 5.7.5 for more details).Onsite contingency plan; dictation; disaster;individually identifiable health information; medical transcrip-tion; recovery plan; securityASTM International takes no po
38、sition respecting the validity of any patent rights asserted in connection with any item mentionedin this standard. Users of this standard are expressly advised that determination of the validity of any such patent rights, and the riskof infringement of such rights, are entirely their own responsibi
39、lity.This standard is subject to revision at any time by the responsible technical committee and must be reviewed every five years andif not revised, either reapproved or withdrawn. Your comments are invited either for revision of this standard or for additional standardsand should be addressed to A
40、STM International Headquarters. Your comments will receive careful consideration at a meeting of theresponsible technical committee, which you may attend. If you feel that your comments have not received a fair hearing you shouldmake your views known to the ASTM Committee on Standards, at the addres
41、s shown below.This standard is copyrighted by ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959,United States. Individual reprints (single or multiple copies) of this standard may be obtained by contacting ASTM at the aboveaddress or at 610-832-9585 (phone), 610-832-9555 (fax), or serviceastm.org (e-mail); or through the ASTM website(www.astm.org).11Disasters Come in All Sizes, Stremple and Martone, March 2000. InfoPro.www.arma.org.12Ibid.E2682098
