The Following Data Is Backed up Daily by a Remote Back-Up System

Practice Contingency Plan

Data Backup Plan

The following data is backed up daily by a remote back-up system:

1. .
2. .
3. .
4. .

Copies of back-up media are securely stored on (Tape ,Disk) located in ______. The Security Officer is responsible for verifying all back-up procedures and conducting a regular audit of back-up media to ensure the integrity and accuracy of data.

Disaster Recovery Plan

Our Disaster Recovery Plan establishes procedures to restore any loss of ePHI. A copy of this plan is readily accessible in our primary office location and another copy is kept off-site.

In the event of a disaster (natural or otherwise), we will implement the following plan.

1. The Security Officer will do an inspection of all IT inventory to determine if any equipment or systems has been damaged. Based on the assessment we will purchase or rent new equipment as soon as possible.
2. We will restore our ePHI and programs from our most recent backup (on or off-site).
3. If we have a network, we will contact our network administrator.
4. Once we have restored the systems, we will secure copies of all of our software licenses.
5. Any damaged equipment to be discarded will be purged of all ePHI, inspected and documented.

By following the above steps, we will be able to recover any loss of our ePHI due to a disaster.

Emergency Mode Operations Plan

Our Emergency Mode Operation Plan establishes procedures that will enable us to continue critical business processes for the security of our ePHI while operating in emergency mode. In the event of an emergency, we will implement the following plan.

1. We will have printed our appointment lists, encounter forms (with balance forward), and medical record chart “pull” lists for the next day.
2. We will print extra blank encounter forms and have them available for use.
3. We will hand-write in appointments that are added while our system is down.
4. We will use a manual payment log to record receipts of cash, checks, and credit cards including account numbers.
5. We will utilize laptops and/or notebook PCs with charged spare batteries, if necessary, for secondary versions of ePHI.
6. When our system is restored, we will enter the data recorded on hard copies into our information systems.

Emergency Access Procedures

If an emergency occurs at our office which will require a workforce member to access ePHI that he or she does not usually have authorization to access, but is required to access in order for a patient to receive treatment, we will do the following:

1. The workforce member involved nearest the emergency situation will be designated to access the patient’s PHI.
2. The workforce member will access the minimum PHI necessary in order for the patient to receive treatment; either paper or electronic PHI may be accessed.
3. The workforce member will log the access to the PHI; what was accessed and for what treatment reason.
4. The HIPAA Compliance Officer will audit the access to the PHI to ensure that appropriate access was made by the workforce member.

Emergency Contact Lists

The following list of contacts is maintained and should be notified in the event of an emergency:

Name / Phone / Alternate Phone

HIPAA SecurityAAPC Physician Services