5 Must-Have Provisions in a Data Recovery Contract

When computers or other equipment used to store health data suffer flood, fire, or storm damage, an electronic data restoration company can often save the day. But to ensure they do so in a way that's compliant with privacy laws, the American Health Information Management Association says contracts should ensure the company:

1. Does not use or disclose information and uses safeguards to prevent use or disclosure of the information.
2. Reports any inappropriate use or disclosure of the information of which it becomes aware.
3. Ensures that subcontractors or agents with access to the information agree to the same terms.
4. Indemnifies the healthcare facility from loss due to unauthorized disclosure.
5. Returns the information at the termination of the contract or provision of a certificate of its destruction and assurance that the contractor retains no copies.

The contract should also detail what methods will be used to recover the data and how long it will take to return the information and/or equipment. And don't forget a termination clause that goes into effect if the business partner violates any material term of the contract.

Read more about health information disaster planning on AHIMA's web site.