ASTM_E_2682_-_09_2014.pdf

Designation:E268209(Reapproved 2014)Standard Guide forDeveloping a Disaster Recovery Plan for MedicalTranscription Departments and Businesses1This standard is issued under the fixed designation E2682;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This guide applies across multiple medical transcriptionsettings in which healthcare documents are generated andstored:medical transcription departments,home offices,andmedical transcription service organizations(MTSOs).Cur-rently there is no standard disaster recovery plan in the medicaltranscription industry to provide guidelines for individuals,departments,and businesses to use for designing a disasterrecovery plan for their medical transcription environment.1.2 A disaster is when a sudden event brings great damage,loss,destruction,or interruption of critical services.Theseguidelines could assist in developing an organized response toreduce the time for loss of services,maintain continuity ofworkflow,and speed the overall business recovery process.1.3 This guide supports the HIPAA Security Rule forensuring data integrity with a contingency plan to include adata backup plan,a disaster recovery plan,and an emergencymode operational plan.21.4 This guide is consistent with the requirement for disasterplanning and recovery procedures as stated in Guide E1959.1.5 This guide is not intended as a disaster recovery plan forHealth Information Management Departments or for an entirehealthcare facility.2.Referenced Documents2.1 ASTM Standards:3E1869 Guide for Confidentiality,Privacy,Access,and DataSecurity Principles for Health Information Including Elec-tronic Health RecordsE1959 Guide for Requests for Proposals Regarding MedicalTranscription Services for Healthcare Institutions2.2 Other Documents:Public Law 104-191 Health Insurance Portability and Ac-countability Act of 1996(HIPAA)245 CFR Part 142 Security and Electronic Signature Stan-dards43.Terminology3.1 Definitions:3.1.1 author,nthe person originating content for a health-care document.3.1.2 backups,nretrievable,exact copies of data.Theprimary method for ensuring that organizations can recoverfrom a system crash or disaster.53.1.3 confidential,adjstatus accorded to data or informa-tion indicating that it is sensitive for some reason,andtherefore,it needs to be protected against theft,disclosure,orimproper use,or a combination thereof,and must be dissemi-nated only to authorized individuals or organizations with aneed to know.E18693.1.4 confidentiality,nthe property that information is notmade available or disclosed to unauthorized individuals,entities,or processes.45 CFR Part 1423.1.5 contingency plan,nan alternate way of doing busi-ness when established routines are disrupted.53.1.6 disaster,na sudden event bringing great damage,loss,destruction or interruption of critical services.3.1.7 individually identifiable health information,nanyinformation,including demographic information collectedfrom an individual,that(1)is created or received by a healthcare provider,health plan,employer,or health care clearing-house;and(2)relates to the past,present,or future physical ormental health or condition of an individual,the provision ofhealth care to an individual,or the past,present,or futurepayment for the provision of health care to an individual,and1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.15 on HealthcareInformation Capture and Documentation.Current edition approved June 1,2014.Published July 2014.Originally approvedin 2009.Last previous edition approved in 2009 as E2682-09.DOI:10.1520/E2682-09R14.2Available from U.S.Government Printing Office Superintendent of Documents,732 N.Capitol St.,NW,Mail Stop:SDE,Washington,DC 20401.See alsohttp:/aspe.hhs.gov/admnsimp.3For referenced ASTM standards,visit the ASTM website,www.astm.org,orcontact ASTM Customer Service at serviceastm.org.For Annual Book of ASTMStandards volume information,refer to the standards Document Summary page onthe ASTM website.4Available from the U.S.Department of Health&Human Services,200Independence Avenue,S.W.,Washington,D.C.,20201,www.hhs.gov.5Medical Records Disaster Planning,A Health Information Managers SurvivalGuide,AHIMA,Chicago,IL.Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959.United States1(i)identifies the individual,or(ii)with respect to which thereis a reasonable basis to believe that the information can be usedto identify the individual.Public Law 104-191,Section 1171(6)3.1.8 privacy,nthe right of an individual to be left aloneand to be protected against physical or psychological invasionor misuse of their property.It includes freedom from intrusionor