Contingency Operations and

Disaster Plan

Is your Practice Ready for a


How to deal with a PHI Data Breach

Product Information

Like many things, a data breach is not something most think about, until they need it.

When you need it, you are behind.

When you need it, you don’t want to have to think about what needs to happen…you just want to know what to do.

Our Data Breach policy and procedure includes everything you need to know and need to do when you have a data breach, or even a suspected breach.

What You Get

First, you get comfort and confidence that you will have a continuation plan for your practice upon having a disaster.

Our goal it to get you producing revenue again, which means seeing patients ASAP.

After going though our process, you will have simple, straight forward checklist to follow upon the occurrence of a disaster.

We work from a worst-case situation, making anything less quite easy to deal with.

This is not something you want to do once you’ve had a disaster.

Medical Office Contingency Operations Plan
  • Company policy on how staff is to react to a known or suspected HIPAA PHI data breach…
  • PHI data breach checklist, the super simplified quick reaction process…
  • PHI data breach log

What The Reg Says

(i) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

(ii) Implementation specifications:

(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.

(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.

(C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.

(D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.

(E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.

(i) Contingency operations (Addressable). Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency.

Only $2700