Business Impact Analysis Survey

Objectives

Due to HIPAA Security Rule regulations, the organization must implement Contingency Planning Practices to ensure the protection of ePHI (electronic Protected Health Information). In order to accomplish this undertaking, there are several steps that the organization will be completed to identify critical business functions, processes, and applications that process ePHI and to understand the potential impact to the business if a disruptive event occurred.

The first step of implementing the Contingency Program for the organization is to conduct a Business Impact Analysis (BIA). This questionnaire will help each business unit identify their critical business functions and recovery requirements as well as estimating the impact of a disaster (or prolonged outage) on the business unit. Once the survey is completed, the BIA Project team will review the data, analyze and create a prioritized recovery strategy to present to senior management.

For the purpose of this BIA, answer each question based on the “worst-case scenario”. This means your workplace and all records; files and equipment in it are inaccessible. The priority of this questionnaire is to identify any business process or application that currently contains ePHI. However, please answer all questions regardless of ePHI status. By completing all questions to the best of your knowledge, a recovery strategy that best meets the need of the business can be established.

Some questions will be directly related to a specific process whereas other questions are of the business unit in general. Some sections contain an additional “Notes” area to amplify or explain your responses. While this is not a requirement, it can be useful in helping the Project Team understand the nature of your business unit operations.