Healthcare organizations are often unprepared for how to rebound so their data operations continue to run smoothly and securely in the wake of a crisis. Testing business continuity and disaster recovery plans periodically can help healthcare entities to be better prepared. Under HIPAA, entities are required to have a contingency plan that covers data backup, disaster recovery and emergency mode operations. For instance, plans should be evaluated “any time there is a management or employee change” or if there are new IT systems added or upgrades to an organization.”]
Source: https://www.careersinfosecurity.com/blogs/improving-crisis-preparedness-p-1704