ecfirst Home | Press | Contact Us
HIPAAacademy.net Home
 
ecfirst is available to assist your enterprise HIPAA Contingency Planning project and initiatives.
Please contact HIPAAShield™ toll free at 877.899.9974 x17 or x22 for more information and consulting costs.

HIPAA Contingency Planning and BIA

.

Contingency planning, also referred to as Business Continuity Planning (BCP), is about a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. One of the critical steps in contingency planning is Business Impact Analysis (BIA). BIA helps to identify and prioritize critical Information Technology (IT) systems and components. IT systems may have numerous components, interfaces and processes. BIA enables a complete characterization of:

  • System requirements
  • Processes
  • Interdependencies

As part of the BIA process, information is collected, analyzed and interpreted. The information provides the basis for defining contingency requirements and priorities.

The contingency plan must be developed with the input and support of line-of-business managers and all key constituencies, since the plan will need to work across the organization. The plan must be based on
the risks faced by the organization as well as risks associated with partners, suppliers, and customers. All technology issues must be addressed in the context of business operations. The plan itself must
be tested regularly and refined as required. The core objectives of contingency planning include the capability to:

  • Restore operations at an alternate site (if necessary)
  • Recover operations using alternate equipment (if necessary)

  • Perform some or all of the affected business processes using other means

HIPAA Security Standard and Contingency Planning

Contingency plan is a HIPAA Security standard. The objective of the contingency plan standard is to establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

Contingency plan related requirements are also identified as implementation specifications in the Physical Safeguards section of the HIPAA Rule as well as the Technical Safeguards section.

The BizShieldTM Contingency Plan document specifically addresses the following critical components:

  • Data Backup Plan (Administrative safeguard)
  • Disaster Recovery Plan (Administrative safeguard)
  • Emergency Mode Operation Plan (Administrative safeguard)
  • Testing and Revision Procedure (Administrative safeguard)
  • Applications and Data Criticality Analysis (Administrative safeguard)
  • Contingency Operations (Physical safeguard)

  • Data Backup and Storage (Physical safeguard)

  • Emergency Access Procedures (Technical safeguard)

Key Deliverable: The HIPAAShield™ Contingency Plan Document

A BizShield™ Contingency Plan document is created based on our review and analysis of information collected from your organization. This BizShield™ Contingency Plan addresses the following areas:

.

  • Data Backup Plan

  • Disaster Recovery Plan

  • Emergency Mode Operation Plan

  • Testing and Revision Procedures

  • Applications and Data Criticality Analysis
  • Contingency Operations

  • Emergency Access Procedure

Invite to respond RFP

For more information about HIPAA Academy’s HIPAA Security Compliance services, please contact Lorna Waggoner at (877)899-9974 x17 or Lorna.Waggoner@ecfirst.com.

Testimonial

"The HIPAA Academy developed a comprehensive Business Impact Analysis (BIA) and Contingency Plan documents that met HIPAA Security Rule specifications and exceeded our stringent requirements. The work was executed professionally and their templates were detailed to capture small, yet critical information to establish recovery priorities."

David P. Walsh
HCF Management, Inc.

 

Last updated: November 26, 2004