If you're in the healthcare arena, you've been impacted by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). While this legislation is aimed more at the protection of privacy than the protection of data, the mandates of HIPAA include segments that deal with disaster recovery.
HIPAA requires that organizations falling under its regulations take "reasonable" measures to provide DR solutions. HIPAA doesn't spell out what these measures are, but it does note that failure to adequately recover from a disaster could lead to noncompliance. Failure to comply inevitably exposes officers of the organization to repercussions, such as fines or jail time.
Since these organizations must provide DR as part of their HIPAA compliance, the finance department is no longer able to yank the DR budget without coming up with a stellar reason. HIPAA will allow healthcare-related companies to implement new projects, find new technologies, and even upgrade systems that have been lacking the power they need.
Keep in mind that the main gist of HIPAA is to properly track and protect personally identifiable patient data. This means you need to know where the data is, how it gets there, and who can and can't see it. It also requires that security and encryption are maintained on that vital data at all times. This means that a large budget must be allocated--if it isn't already--to bring your systems into compliance.
Since DR projects can be rolled into a much larger HIPAA compliance project plan, there's even the possibility of putting the DR budget into the overall picture, thereby minimizing the impact of the cost of the DR technology. Compared to the total project cost, the price of DR will have relatively minimal impact, which means you might not even have to fight for the cash you'll need.
Make sure project planners are aware that DR must be a part of the final solution that's put into place. This will allow you to get the DR solutions you require to protect personal data, while the project planners figure out how to protect the people themselves.
TechRepublic originally published this article on 8 December 2003.