Overview:
Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
Action Items:
1) Obtain and review policies and procedures related to a formal contingency plan. Elements to review may include but are not limited to: Identification of workforce members’ roles and responsibilities in the contingency process; Workforce members or roles to which the contingency policies and procedures are to be disseminated; Management involvement in contingency plans; Coordination of contingency processes among business associates; Identification of what steps should be taken in a contingency plan; The frequency to review and update current contingency policies and procedures; How frequently the contingency plan is tested
2) Obtain and review documentation demonstrating that a contingency plan is implemented. Evaluate and determine that the response to an emergency or other occurrence that damages systems that contain EPHI include appropriate capabilities to recover access to EPHI.
Related Documents:
1) Polices and procedures related to a formal contingency plan.
2) Documentation demonstrating that a contingency plan is implemented.
Additional Guidance:
The purpose of contingency planning is to establish strategies for recovering access to EPHI should the organization experience an emergency or other occurrence, such as a power outage and/or disruption of critical business operations. The goal is to ensure that organizations have their EPHI available when it is needed.
Article ID: 454
Created: September 28, 2022
Last Updated: September 28, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-contingency-plan-164-308-a-7-i-454.html