Select Page

Given the uptick in electronically stored data, disaster recovery planning has become imperative. More and more healthcare organizations are relying on electronic medical records (EMRs) as opposed to paper documentation. This has been propelled by the Medicare and Medicaid Incentive Programs (now called the Promoting Interoperability Programs) by the Centers for Medicare and Medicaid Services in 2011, which incentivizes eligible health facilities with federal payments for the adoption of electronic health systems. 

There are a number of scenarios in which a healthcare organization may experience data loss or data corruption. With a disaster recovery plan, these organizations can continue to function with minimal downtime by restoring medical data. Alternatively, a lack of a disaster recovery plan can cause significant delay or even failure within healthcare systems. 

Here are the things to consider when creating a disaster recovery plan. 

HIPAA Compliance

Title II of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 requires organizations to ensure that all medical information management maintains patient privacy. Violation of HIPAA mandates can result in financial and other federal penalties. Healthcare organizations must ensure that data backup and disaster recovery solutions account for these requirements and provide adequate protection and encryption to ensure the privacy of patient medical data. 

Data Backup Plan

Data backup is a critical consideration for disaster recovery planning. This should include documentation on which medical data needs to be backed up, how frequently data should be backed up, and how the data should be stored. Obviously, there are compliance considerations in play for both medical and payments data. 

For those leveraging cloud solutions, many providers are constantly updating the cloud environment to ensure PCI and HIPAA compliance as well as to meet auditing and industry standards. This is a huge benefit to smaller institutions that may struggle to find the employee bandwidth to manage compliance standards across the board. 

Disaster Recovery Planning for Payments

An effective disaster recovery plan will include accommodations for payments, including contingency payments solutions. During a disaster situation, there are a number of payments considerations for which to account: paying suppliers, receiving customer payments, stabilizing cash flow, etc. Losing the ability to process payments can significantly — and negatively — impact an entire healthcare system’s operation. On the supplier side alone, one late payment could negatively impact your organization’s credit rating and damage supply chain relationships. 

There are other key factors to take into account when determining your backup plan for payments. For healthcare organizations that rely on bank portals to submit payments, consider what happens if a hack prevents you from accessing your bank portal. The only alternative might be telephone banking. 

Leveraging payments automation and straight-through processing as an alternative can add a measure of predictability (and speed) to your payments. Not only do you not have to manually push payments through, but transaction speed can increase substantially. 


There are many areas to cover when it comes to disaster recovery planning. Ensuring your bases are covered is mandatory, but that doesn’t mean you need to go it alone. Arrow Payments specializes in helping organizations across various industries — including healthcare — optimize their payments operations for disaster recovery scenarios. We have extensive experience across compliance requirements, regulations, and other key considerations. Reach out for a free consultation today. 

Thought Leadership

Recent Insights

Check out the latest trends and reports from Arrow Payments.

What to Know During the PCI DSS v4.0 Transition

What to Know During the PCI DSS v4.0 Transition

The Payment Card Industry Data Security Standard (PCI DSS) is focused on protecting cardholder data. As fraud and cybercriminals evolve, so must the standards by which organizations secure data, which is why we're in a phase of PCI DSS v4.0 Transition. The aim of the...

Understanding Real-Time Payments for Higher Ed

Understanding Real-Time Payments for Higher Ed

Real-time payments continue to gain momentum in 2022, especially as a new economic environment spurs the need for faster payments. As cross-border payments continue to gain steam, real-time payments show promise to aid those capabilities, too. The focus has long been...

What’s New in Treasury Tech?

What’s New in Treasury Tech?

Treasury departments hold a critical role in driving success for companies. Between financial planning, managing payments, and mitigating future risk, treasury departments must stay apprised of the latest technology developments to manage these responsibilities well. ...

Gain Visibility into Your Higher Education Payment Systems

Find out what’s happening in every department and start building solutions that address fundamental needs.

Start My Discovery