Hurricane Sandy tests organization’s HIPAA availability requirements