HIPAA Contingency Plan
Encyclopedia : H : HI : HIP : HIPAA Contingency Plan
- 1 HIPAA Contingency Plan
- 1.1 Who needs HIPAA Contingency Plan
- 1.2 Definition and Scope of HIPAA Contingency plan
- 1.3 Definition of HIPAA Security Contingency Plan
- 1.3.1 Data Backup Plan (Required)
- 1.3.2 Emergency Mode Operation Plan (Required)
- 1.3.3 Testing and Revision Procedures (Addressable)
- 1.3.4 Applications and Data Criticality Analysis (Addressable)
- 1.3.5 Contingency Operations (Addressable)
- 1.3.6 Emergency Access Procedure (Required)
- 2 External links
- 3 Templates
HIPAA Contingency Plan
The HIPAA Security Rule 164.308(a)(7)(i) identifies Contingency Plan as a standard under Administrative Safeguards. Contingency plans address the “availability” security principle. The availability principle addresses threats related to business disruption –so that authorized individuals have access to vital systems and information when required.
Who needs HIPAA Contingency Plan
All covered entities like Hospitals, Insurers, Long Term Care/Skilled Nursing Facilities, Ambulatory Surgery Centers, Assisted Living/Intermediate Care Facilities, Clinical Laboratories, Clinics, Dialysis Providers, Employer Plans, HMOs, Home Health Agencies, Hospices, Pharmacies, Physicians, PPOs, Rehabilitation Facilities and other payees & providers have to create the Contingency Plan as per HIPAA regulation reguirements.Definition and Scope of HIPAA Contingency plan
Contingency Plan is created by having multiple projects like Business Impact Analysis (BIA), Business Continuity Planning (BCP), Disaster Recovery program (DRP), Emergency mode Operation Plan (EMOP) etc. Business Continuity Planning (BCP) is about a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. Business Continuity Planning (BCP) is the overall process of developing an approved set of arrangements and procedures to insure your business can respond to a disaster and resume its critical business functions within a required time frame objective. The primary objective is to reduce the level of risk and cost to you and the impact on your staff, customers and suppliers.A Business Impact Analysis (BIA) is performed at the beginning of disaster recovery and continuity planning to specifically identify the areas that would suffer the greatest financial or operational loss in the event of a disaster or disruption. A key objective is to identify all critical systems that are required for the continuity of the business. Further, a determination of the time it would take to recover such systems in the event of a loss.
Definition of HIPAA Security Contingency Plan
Contingency Plan standard is defined within the Administrative Safeguards section of the HIPAA Security regulation. Contingency plan related requirements are also identified as implementation specifications in the Physical Safeguards section of the HIPAA laws as well as the Technical Safeguards section.Data Backup Plan (Required)
The data backup plan is a required implementation specification defined within the Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule.Emergency Mode Operation Plan (Required)
An emergency mode operation plan is a required implementation specification defined within the Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule.Testing and Revision Procedures (Addressable)
Testing and revision procedures is an addressable implementation specification defined within the Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule.Applications and Data Criticality Analysis (Addressable)
Applications and data criticality analysis is an addressable implementation specification defined within the Contingency Plan standard in the Administrative Safeguards section of the HIPAA Security Rule.Contingency Operations (Addressable)
Contingency operations is an addressable implementation specification defined within the Facility Access Controls standard in the Physical Safeguards section of the HIPAA Security Rule.Data Backup and Storage (Addressable)
Data backup and storage is an addressable implementation specification defined within the Device and Media Controls standard in the Physical Safeguards section of the HIPAA Security Rule.Emergency Access Procedure (Required)
Emergency access procedure is a required implementation specification defined within the Access Control standard in the Technical Safeguards section of the HIPAA Security Rule.External links
[Contingency Planning Guide for Information Technology Systems by NIST]
Templates
[Other generic templates not customized for HIPAA]
From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.