Thanks for printing!  Don't forget to come back to Healthcare Compliance Pros for fresh articles!

Developing A Good “Plan B.” A Contingency Plan in a Nutshell

A contingency plan should help an organization return to its daily operations as quickly as possible following an unforeseen event. The contingency plan should protect resources while minimizing inconveniences for patients, customers and the organization.

Contingency Plans are Critical

According to recent suggestions from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), contingency plans are critical to protecting the security of data. Contingency plans should consider not only how to respond to disasters such as fires and floods, but also cyberattacks. software such as ransomware may render an organization™s data unusable. In the event data is compromised due to a cyberattack, restoring the data from backups may be the only option to recover the data. The guidance discusses what is required for a HIPAA contingency plan, including:

  • Disaster Recovery Plan:  Emphasized on restoring an organization™s protected health data.
  • Emergency Mode Operation Plan :  Focused on maintaining and protecting critical functions that protect the security of protected health data. 
  • Data Backup Plan:  Established on regularly copying protected health data to ensure it can be restored in the event of a loss or disruption.

The Key Steps of Contingency Planning Include:

Make it Policy:  A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

Pinpoint what is Critical:  Knowing what systems and data are critical to operations will help prioritize contingency planning and minimize losses.

Identify Risks, Threats and Preventative Controls:  Perform a risk analysis to find the risks that your business may face. What has the potential to harm your operations and data?

Create Contingency Procedures:  Set up the specific guidelines, conditions, and procedures when creating the contingency plan.

o   The goal is to maintain critical operations and minimize loss.

o   Define time periods " What must be done during the first hour, day, or week?

o   Establish Plan Activation " Which event(s) will cause the activation of the contingency plan?  Who can activate it?

o   Use plain language " the plan should be understandable to all types of employees.

Operationalize & Maintain the Plan:  Add the plan into normal business operations.

o   Communicate and share the plan, roles and responsibilities with the organization. 

o   Create a testing schedule for the plan, to identify gaps and ensure updates for plan effectiveness.

o   Review the plan on a regular basis and situationally.

Did you know Healthcare Compliance Pros helps organizations with contingency planning efforts? Feel free to contact us if you have any questions about contingency plans or any of the contingency planning requirements discussed above. Please send us an email: [email protected] or contact us by phone: 855-427-0427.

Return to the Home Page