1、Designation: E2682 09 (Reapproved 2014)Standard Guide forDeveloping a Disaster Recovery Plan for MedicalTranscription Departments and Businesses1This standard is issued under the fixed designation E2682; the number immediately following the designation indicates the year oforiginal adoption or, in t
2、he case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide applies across multiple medical transcriptionsettings in which healthcare
3、documents are generated andstored: medical transcription departments, home offices, andmedical transcription service organizations (MTSOs). Cur-rently there is no standard disaster recovery plan in the medicaltranscription industry to provide guidelines for individuals,departments, and businesses to
4、 use for designing a disasterrecovery plan for their medical transcription environment.1.2 A disaster is when a sudden event brings great damage,loss, destruction, or interruption of critical services. Theseguidelines could assist in developing an organized response toreduce the time for loss of ser
5、vices, maintain continuity ofworkflow, and speed the overall business recovery process.1.3 This guide supports the HIPAA Security Rule forensuring data integrity with a contingency plan to include adata backup plan, a disaster recovery plan, and an emergencymode operational plan.21.4 This guide is c
6、onsistent with the requirement for disasterplanning and recovery procedures as stated in Guide E1959.1.5 This guide is not intended as a disaster recovery plan forHealth Information Management Departments or for an entirehealthcare facility.2. Referenced Documents2.1 ASTM Standards:3E1869 Guide for
7、Confidentiality, Privacy, Access, and DataSecurity Principles for Health Information Including Elec-tronic Health RecordsE1959 Guide for Requests for Proposals Regarding MedicalTranscription Services for Healthcare Institutions2.2 Other Documents:Public Law 104-191 Health Insurance Portability and A
8、c-countability Act of 1996 (HIPAA)245 CFR Part 142 Security and Electronic Signature Stan-dards43. Terminology3.1 Definitions:3.1.1 author, nthe person originating content for a health-care document.3.1.2 backups, nretrievable, exact copies of data. Theprimary method for ensuring that organizations
9、can recoverfrom a system crash or disaster.53.1.3 confidential, adjstatus accorded to data or informa-tion indicating that it is sensitive for some reason, andtherefore, it needs to be protected against theft, disclosure, orimproper use, or a combination thereof, and must be dissemi-nated only to au
10、thorized individuals or organizations with aneed to know. E18693.1.4 confidentiality, nthe property that information is notmade available or disclosed to unauthorized individuals,entities, or processes. 45 CFR Part 1423.1.5 contingency plan, nan alternate way of doing busi-ness when established rout
11、ines are disrupted.53.1.6 disaster, na sudden event bringing great damage,loss, destruction or interruption of critical services.3.1.7 individually identifiable health information, nanyinformation, including demographic information collectedfrom an individual, that (1) is created or received by a he
12、althcare provider, health plan, employer, or health care clearing-house; and (2) relates to the past, present, or future physical ormental health or condition of an individual, the provision ofhealth care to an individual, or the past, present, or futurepayment for the provision of health care to an
13、 individual, and1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.15 on HealthcareInformation Capture and Documentation.Current edition approved June 1, 2014. Published July 2014. Originally approvedin 2009. Last
14、 previous edition approved in 2009 as E2682- 09. DOI: 10.1520/E2682-09R14.2Available from U.S. Government Printing Office Superintendent of Documents,732 N. Capitol St., NW, Mail Stop: SDE, Washington, DC 20401. See alsohttp:/aspe.hhs.gov/admnsimp.3For referenced ASTM standards, visit the ASTM websi
15、te, www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.4Available from the U.S. Department of Health it includes a professionally licensedpractitioner who is authorized
16、 to operate a healthcare deliverysystem. E18693.1.10 secure environment, nfree from access by unau-thorized persons and from unauthorized or accidental altera-tion.3.1.11 security, nencompasses all of the safeguards in aninformation system, including hardware, software, personnelpolicies, informatio
17、n practice policies, disaster preparedness,and the oversight of all these areas. The purpose is to protectboth the system and the information it contains from unauthor-ized access from without and from misuse from within.45 CFR Part 1423.2 Acronyms:3.2.1 HIPAAHealth Insurance Portability and Account
18、-ability Act3.2.2 MTmedical transcriptionist3.2.3 MTSOmedical transcription service organization4. Significance and Use4.1 This guide acknowledges the importance of a well-designed disaster recovery plan that will protect health infor-mation and business information from damage, minimizedisruption,
19、ensure integrity of data, and provide for orderlyrecovery.4.2 This guide suggests methods to protect the confidenti-ality and security of healthcare documentation during a disas-ter.4.3 It is intended that this guide will contribute to compli-ance with laws and regulations to improve protection of h
20、ealthinformation documentation and data integrity with the devel-opment of the contingency plan requirement.4.4 This guide will explain key points to include in prepar-ing a disaster recovery plan to resume operations and minimizelosses due to unscheduled interruption of critical services if adisast
21、er would occur.4.5 This guide is intended to assist in the development ofappropriate policies and procedures that provide protection forindividually identifiable health information in a secure envi-ronment in the event of a disaster.5. Elements of Disaster Recovery PlanningNOTE 1Disaster recovery pl
22、anning includes the identification of keycomponents of a disaster recovery plan, gathering the necessary informa-tion to provide the details to tailor the plan to meet the organizationsneeds, formalization and approval of the disaster recovery plan, annualtesting of the implementation of the requisi
23、te disaster recovery action, andformal review and necessary revision of the disaster recovery plan.5.1 Activation of Response Plan:65.1.1 Policy Statement:5.1.1.1 To ensure that the plan is effective and that allinvolved understand its purpose, there must be a clearlydefined policy statement. This s
24、tatement should define thescope and overall objectives of the plan.5.1.2 Table of Contents.5.1.3 Introduction:5.1.3.1 Use of the document.5.1.3.2 How it is to be revised.5.1.3.3 Training requirements.5.1.3.4 Exercise and testing schedules.5.1.3.5 Plan maintenance schedule.5.1.3.6 Roles and responsib
25、ilities.5.1.3.7 General information about the facility.5.1.3.8 Compliance with federal, state, local, and healthregulatory agencies.5.1.4 Emergency Information Sheet:5.1.4.1 Fire/police departments.5.1.4.2 Hospitals.5.1.4.3 Emergency shut-off.5.1.4.4 Utility companies.5.1.4.5 Other agencies needed f
26、or an emergency.5.1.4.6 Telephone/reporting tree.5.1.4.7 List of assistance/equipment vendors.5.1.5 Resource Priorities:5.1.5.1 Personnel.5.1.5.2 Records.5.1.5.3 Technology.5.1.6 Plan Activation with Response Outline:5.1.6.1 Lead personnel responsibilities.5.1.6.2 Assessing the situation.5.1.6.3 Org
27、anizing/prioritizing efforts.5.1.6.4 Establishing a command post.5.1.6.5 Eliminating hazards.5.1.6.6 Controlling the environment.5.1.6.7 Dealing with media.5.1.6.8 Obtaining emergency services/supplies.5.1.6.9 Providing security.5.1.6.10 Providing personnel needs.5.1.7 Activation of Recovery Procedu
28、res:75.1.7.1 Obtaining authorization to access damaged facilitiesor geographic areas or both.5.1.7.2 Notifying personnel.5.1.7.3 Notifying utilities and other agencies required forresuming business.5.1.7.4 Obtaining supplies needed for business.5.1.7.5 Obtaining and installing necessary hardware com
29、-ponents.5.1.7.6 Obtaining and loading backup media.6The U.S. National Archives consider remote access for critical applications.5.9.2 Here is an example of contingency planning foralternative office space:Facility CapacityEach ShiftEstimateMinimum StaffSupplies/EquipmentNeededABC 4 spaces 1 clerica
30、l3MTEmployee identification,keys or private accesscode, phone, internet,computer, printer, backupdrives, fax, etc.XYZ 6 spaces 1 clerical5MTEmployee identification,keys or private accesscode, phone, internet,computer, printer, backupdrives, fax, etc.5.9.3 Establish a contingency plan for the followi
31、ng impor-tant items:5.9.3.1 Privacy and security of individually protected healthinformation, voice and text, digital and paper.5.9.3.2 Ongoing transcription being performed by remotestaff not affected by the disaster.5.9.3.3 Provision of needed transcription support services.(1) Evaluation of needs
32、 for remote or onsite medicaltranscriptionists and other staff.5.9.3.4 Preservation of data integrity.5.9.3.5 Quality assurance for ongoing transcription.(1) Evaluation of needs for remote or onsite quality assur-ance editors.5.9.3.6 Turn-around time for transcribed documents.5.9.3.7 Dictation servi
33、ces for authors.5.9.3.8 Dictation (voice file) access support for medicaltranscriptionists or clients or both.5.9.3.9 Transmission or transportation or both of confiden-tial healthcare documentation (paper or electronic or both) toall involved parties.E2682 09 (2014)55.9.3.10 Procedures for handling
34、 any material that has beendamaged and needs to be recovered or restored, i.e., wetdocuments, wet or burned hard drives, etc.5.9.3.11 Procedure to reset passwords in case of systemfailure.5.9.3.12 Security services for personnel and facility protec-tion.6. Organization of Key Business Information an
35、dDocuments6.1 Know where the organizations information is so that ifstaff is displaced from the office, steps can be taken to resumebusiness operations. See Table 1.6.2 Personnel InformationList all names, home addresses,phone numbers, email addresses, emergency contacts, etc. (see5.7.5 for more det
36、ails).Onsite contingency plan; dictation; disaster;individually identifiable health information; medical transcrip-tion; recovery plan; security11Disasters Come in All Sizes, Stremple and Martone, March 2000. InfoPro.www.arma.org.12Ibid.E2682 09 (2014)8ASTM International takes no position respecting
37、 the validity of any patent rights asserted in connection with any item mentionedin this standard. Users of this standard are expressly advised that determination of the validity of any such patent rights, and the riskof infringement of such rights, are entirely their own responsibility.This standar
38、d is subject to revision at any time by the responsible technical committee and must be reviewed every five years andif not revised, either reapproved or withdrawn. Your comments are invited either for revision of this standard or for additional standardsand should be addressed to ASTM International
39、 Headquarters. Your comments will receive careful consideration at a meeting of theresponsible technical committee, which you may attend. If you feel that your comments have not received a fair hearing you shouldmake your views known to the ASTM Committee on Standards, at the address shown below.Thi
40、s standard is copyrighted by ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959,United States. Individual reprints (single or multiple copies) of this standard may be obtained by contacting ASTM at the aboveaddress or at 610-832-9585 (phone), 610-832-9555 (fax), or serviceastm.org (e-mail); or through the ASTM website(www.astm.org). Permission rights to photocopy the standard may also be secured from the ASTM website (www.astm.org/COPYRIGHT/).E2682 09 (2014)9
