HIPAA requires all covered entities to have a contingency plan to ensure that business operations can continue in the event of an interruption. HIPAA Help Center’s Contingency module provides users with directions on how to build a strategy to meet this compliancy component efficiently. The module also stores the plan within the application.
Key features of the Contingency module
One key feature of HIPAA Help Center’s Contingency module is the Emergency Response Team. Within the module, users can identify workforce members on the ERT and their specific roles. The module uses four basic building blocks for developing an effective contingency plan in the event of a power outage or loss of location. The feature targets critical assets, continuity partners, an activation kit and a review plan.
- Critical assets: In this section, HIPAA Help Center prompts users to list at least two computers that can be used to access ePHI from a cloud-based service provider in the event of an emergency. Users can add media from the Asset Inventory database.
- Continuity partners: Under HIPAA, covered entities must have a cloud-based service data backup system or provider to keep a copy of all critical data. The Contingency module provides a place to list this provider and even suggests a cloud-based data center if the covered entity does not have one. Finally, the module prompts the user to enter an offsite address where business can continue and offers guidelines on an appropriate location.
- Activation kit: The activation kit outlines all equipment and documents necessary to complete the contingency plan.
- Review plan: This final step of the Contingency module allows users to review all aspects of the plan before finalizing the strategy. The review plan includes a series of action steps and even identifies which member of the ERT is responsible for implementation.
Frequently asked questions about contingency plans:
What is an example of a scenario in which a covered entity would use a contingency plan?
Health care professionals design contingency plans to continue business if it is interrupted by an emergency or system failure. For example, covered entities must restore business operations in the event of a power outage, fire, theft or vandalism. It is important to understand what risks a business faces to ensure a contingency plan’s effectiveness.
Should covered entities practice their contingency plans?
HIPAA Help Center recommends that covered entities practice their contingency plans and even provides a method for application users to do so. Not only will this help ensure the efficiency of the continuity strategy, but auditors will appreciate seeing the effort.