Table Top exercise vs. Full Test HIPAA and HITRUST requirements

30 pts.
Tags:
Disaster Recovery
HIPAA
Are you aware of any requirements in HIPAA or HITRUST that require a company to perform a full DR Test or is a table top exercise sufficient?
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

HIPAA Does not seem to be prescriptive.

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Kevin Beaver
    You'll want to bounce this off of your legal counsel – if your procedures are well documented and your test is thorough, I don't see why a tabletop exercise couldn't be performed. That said, you never know what's going to happen in the real world so I definitely recommend performing failover and related tests to see how it's really going to happen at least every other time or once per year.
    27,510 pointsBadges:
    report
  • whfranklin
    Thanks Kevin, I agree. I usually perform a tabletop to review contact lists, step by step procedures, etc. I think it would be very difficult to say we met our RTO and RPO without having a real test. HIPAA is not prescriptive and HITRUST is a little more prescriptive but not much. Thanks again
    30 pointsBadges:
    report
  • Kevin Beaver
    You bet - good luck with everything!
    27,510 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: