There are 3 main components that make up HIPAA’s contingency plan requirement:

A Data Backup Plan. A Disaster Recovery Plan. And an Emergency Mode Operations Plan.

First, a Data Backup Plan. A Data Backup Plan identifies where all ePHI is stored and how its being backed up. This may include medical records, digital x-rays, test results or any other ePHI. What technology are you using to backup ePHI, and how often are the backups taking place? Although HIPAA does not specify how you backup ePHI, ideally, all of your ePHI, should be backed up offsite, and in an encrypted format.

Second, a Disaster Recovery Plan. Now that you have documented all your ePHI and how it will be backed up, you need to plan how your ePHI will be recovered after a disaster. It’s never about the backup, but it’s always about the restoration process. Who on your team will be responsible for restoring ePHI? What electronic systems will you need? The people involved, and the processes you take in responding to restoring your ePHI, is what will be included in your Disaster Recovery Plan. It makes sense, but it’s a safeguard that is often overlooked by many practices.

And finally, an Emergency Mode Operations Plan. This plan defines how your practice will function during an emergency. It clearly documents the policies and procedures to enable continuation of critical business functions for the protection of ePHI while operating in emergency mode. For example, what systems and information will be needed during an emergency? Who will be included on the emergency team? And how will your practice adequately protect ePHI during an emergency?

Easily Create a Contingency Plan and become HIPAA Compliant at: [ Ссылка ]

свернуть