Overview:
Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operation in emergency mode.
Action Items:
1) Obtain and review procedures related to an emergency mode operation plan. Evaluate and determine whether procedures exist to enable continuation of critical business processes for the protection of the security of EPHI while operating in emergency mode.
2) Obtain and review documentation demonstrating the continuation of critical business processes for the protection of the security of EPHI while operating in emergency mode. Evaluate and determine if the process is appropriate and/or in accordance with related policies and procedures.
Related Documents:
1) Documented procedures related to an emergency mode operation plan.
2) Documentation demonstrating the continuation of critical business processes for the protection of the security of ePHI while operating in emergency mode.
Additional Guidance:
When a covered entity is operating in emergency mode due to a technical failure or power outage, security processes to protect EPHI must be maintained.
Sample questions for covered entities to consider:
- Does the organization’s plan balance the need to protect the data with the organization’s need to access the data?
- Will alternative security measures be used to protect the EPHI?
- Does the emergency mode operation plan include possible manual procedures for security protection that can be implemented as needed?
- Does the emergency mode operation plan include telephone numbers and contact names for all persons that must be notified in the event of a disaster, as well as roles and responsibilities of those people involved in the restoration process?
Article ID: 457
Created: September 28, 2022
Last Updated: September 28, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-emergency-mode-operation-plan-164-308-a-7-ii-c-457.html