Forecast is for some snow tomorrow here in Columbus. One of my clients just last week shared it had taken a couple of months to get maintenance to test the back up generator. They finally went to fire it up to test that it worked and .... nothing. Tried again. Nothing. Their hardware vendor responded quickly. Turns out that the broken part was under warranty but was 48 hours away.
The test was conducted on one of those warm sunny days we had before Thanksgiving. We aren't supposed to get much snow tomorrow but you never know here in Ohio. Had the part failure not been found until it was actually needed the 48 hour shipping wait could have been catastrophic.
Our client did two things right:
1. They created a policy calendar. Policies should be formal statements of value supported by the routines (processes) that must be followed to meet the stated value. Most of the time though policies are dead documents that state something a client would like to do but doesn't get around to doing. My client's policy calendar lets them manage the normal routines of their "HIPAA year" which operationalizes their compliance.
2. They actually tested the process. The IT Director didn't take no for an answer as maintenance continued to put his test request off.
How are you doing?
Have you operationalized your HIPAA program?
Have you tested your generator, your back up processes and your contingency operations plan?