Contingency Plan -- Emergency Mode Operation Plan

§164.308(a)(7)(ii)(C): Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.

Audit Inquiry

Does the entity have policies and procedures in place to enable the continuity of critical business processes for the protection of ePHI while operating in emergency mode?

Does the entity enable the continuity of critical business processes for the protection of ePHI while operating in emergency mode?

Obtain and review procedures related to an emergency mode operation plan. Evaluate and determine whether procedures exist to enable continuation of critical business processes for the protection of the security of ePHI while operating in emergency mode.

Obtain and review documentation demonstrating the continuation of critical business processes for the protection of the security of ePHI while operating in emergency mode. Evaluate and determine if the process is appropriate and/or in accordance with related policies and procedures.

Required/Addressable

Required

Contingency Plan — Emergency Mode Operation Plan