Add to collection(s) Add to saved
  1. No category

Standard Security #0008a - Contingency Operations

East Carolina University
HIPAA Security Standards
Subject: Contingency Operations
Standard #: Standard-0008a
Supersedes:
Effective Date: April 21, 2005
Coverage: ECU Health Care Components
Page: 1 of 2
Approved:
Revised: December 9, 2010,
March 29, 2012, May 30, 2013
Review Date: May 30, 2013
HIPAA Security
Rule Language:
“Establish (and implement as needed) procedures that allow facility
access in support of restoration of lost data under the disaster
recovery plan and emergency mode operations plan in the event of
an emergency.”
Regulatory
Reference:
45 CFR 164.310(a)(2)(i)
I. PURPOSE
This standard reflects East Carolina University’s commitment to ensure that, in the event
of a disaster or emergency, appropriate individuals can enter its facilities to take
necessary actions defined in its Disaster Recovery and Business Continuity Plans.
II. AUTHORIZATION AND ENFORCEMENT
Health Care component management and/or administrator(s) are responsible for
monitoring and enforcing this policy, in consultation with the ECU IT Security Officer,
ECU HIPAA Security Officer, and ECU HIPAA Privacy Officer.
III. STANDARD
ECU Health Care Components must have formal, documented procedures for allowing
designated individuals to enter its facilities to take necessary actions as defined in its
Disaster Recovery and Business Continuity Plans.
IV. APPLICABILITY
This standard is applicable to all workforce members who are responsible for or
otherwise administer a healthcare computing system. A healthcare computing system is
defined as a device or group of devices that store EPHI which is shared across the
network and accessed by healthcare workers.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 1 of 2
HIPAA Security Standard # 0008a: Contingency Operations
V. PROCEDURE
The following safeguards must be implemented to satisfy the requirements of this
standard:
1. ECU Health Care Components must ensure that, in the event of a disaster or
emergency, appropriate persons can enter its facility to take necessary actions defined in
its Disaster Recovery and Business Continuity Plans.
2. Based on its Disaster Recovery and Business Continuity Plans, ECU Health Care
Components must develop, implement, and regularly review a formal, documented
procedure that ensures that authorized employees can enter the facility to enable
continuation of processes, and controls that protect EPHI while the ECU Health Care
Component is operating in emergency mode.
3. In the event of an emergency, only authorized ECU employees may administer or
modify processes and controls which protect EPHI contained on information systems.
Such employees or roles must be defined in ECU Health Care Components’ Disaster
Recovery and/or Business Continuity Plans.
VI. COORDINATING INSTRUCTIONS
1. All section policies, standards and procedures will be reviewed annually. Every
section policy, standard and procedure revision/replacement will be maintained for a
minimum of six years from the date of its creation or when it was last in effect,
whichever is later. Other East Carolina University, University of North Carolina
system, or state of North Carolina requirements may stipulate a longer retention
period.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 2 of 2
Related documents
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
Document15457473 15457473
Document15457473 15457473
Student Financial Assistance Form
Student Financial Assistance Form
Standard Security #0001d - Information System Review
Standard Security #0001d - Information System Review
Download