Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

POLICY # 43 ADMINISTRATIVE MANUAL APPROVED BY:

EMERGENCY ACCESS PROCEDURE
ADMINISTRATIVE MANUAL
APPROVED BY:
SUPERCEDES POLICY:
DATE:
POLICY # 43
ADOPTED:
REVISED:
REVIEWED:
REVIEW:
PAGE:
HIPAA Security
Rule Language:
“Establish (and implement as needed) procedures for obtaining
Policy Summary:
Sindecuse Health Center (SHC) must have a formal, documented
emergency access procedure enabling authorized workforce members to
obtain required EPHI during an emergency. SHC must have a formal,
documented emergency access procedure enabling SHC workforce
members to access the minimum EPHI necessary to effectively and
efficiently treat patients in the event of a major emergency.
Purpose:
This policy reflects SHC’s commitment to have an emergency access
procedure enabling authorized workforce members to obtain required
EPHI during an emergency.
Policy:
1. SHC must have a formal, documented emergency access procedure
enabling authorized workforce members to obtain required EPHI during
an emergency. At a minimum, the procedure must:
necessary EPHI during an emergency.”



Identify and define which SHC workforce members are
authorized to access EPHI during an emergency.
Identify and define manual and automated methods to be used by
authorized SHC workforce members to access EPHI during an
emergency.
Identify and define appropriate logging and auditing that must
occur when authorized SHC workforce members access EPHI
during an emergency.
2. SHC must have a formal, documented emergency access procedure
enabling SHC workforce members to access the minimum EPHI
necessary to treat patients in the event of an emergency. Such access
must be authorized by appropriate SHC management.
3. SHC workforce members must receive regular training and awareness
on the emergency access procedure.
4. All appropriate SHC workforce members must have a current copy of
Page 1 of 3
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only.
All other rights reserved.
EMERGENCY ACCESS PROCEDURE
the procedure and an appropriate number of current copies of the
procedure must be kept off-site.
Scope/Applicability: This policy is applicable to all departments that use or disclose electronic
protected health information for any purposes.
This policy’s scope includes all electronic protected health information,
as described in Definitions below.
Regulatory
Category:
Technical Safeguards
Regulatory Type:
REQUIRED Implementation Specification for Access Control Standard
Regulatory
Reference:
45 CFR 164.312(a)(2)(ii)
Definitions:
Electronic protected health information means individually identifiable
health information that is:


Transmitted by electronic media
Maintained in electronic media
Electronic media means:
(1) Electronic storage media including memory devices in computers
(hard drives) and any removable/transportable digital memory medium,
such as magnetic tape or disk, optical disk, or digital memory card; or
(2) Transmission media used to exchange information already in
electronic storage media. Transmission media include, for example, the
internet (wide-open), extranet (using internet technology to link a
business with information accessible only to collaborating parties), leased
lines, dial-up lines, private networks, and the physical movement of
removable/transportable electronic storage media. Certain transmissions,
including of paper, via facsimile, and of voice, via telephone, are not
considered to be transmissions via electronic media, because the
information being exchanged did not exist in electronic form before the
transmission.
Information system means an interconnected set of information resources
under the same direct management control that shares common
functionality. A system normally includes hardware, software,
information, data, applications, communications, and people.
Page 2 of 3
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only.
All other rights reserved.
EMERGENCY ACCESS PROCEDURE
Workforce member means employees, volunteers, and other persons
whose conduct, in the performance of work for a covered entity, is under
the direct control of such entity, whether or not they are paid by the
covered entity. This includes full and part time employees, affiliates,
associates, students, volunteers, and staff from third party entities who
provide service to the covered entity.
Emergency means a crisis situation.
Responsible
Department:
Information Systems; Medical Records
Policy Authority/
Enforcement:
SHC’s Security Official is responsible for monitoring and enforcement of
this policy, in accordance with Procedure #(TBD).
Related Policies:
Access Control
Automatic Logoff
Encryption and Decryption
Unique User Identification
Emergency Mode Operations Plan
Renewal/Review:
This policy is to be reviewed annually to determine if the policy complies
with current HIPAA Security regulations. In the event that significant
related regulatory changes occur, the policy will be reviewed and updated
as needed.
Procedures:
TBD
Page 3 of 3
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only.
All other rights reserved.
Related documents
POLICY # 44 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 44 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 24 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 24 ADMINISTRATIVE MANUAL APPROVED BY:
PROHIBITION OF RETALIATION AGAINST EMPLOYEES, INDIVIDUALS OR OTHERS
PROHIBITION OF RETALIATION AGAINST EMPLOYEES, INDIVIDUALS OR OTHERS
POLICY # 42 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 42 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 32 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 32 ADMINISTRATIVE MANUAL APPROVED BY:
P37-DISPSL
P37-DISPSL
POLICY # 30 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 30 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 47 ADMINISTRATIVE MANUAL APPROVED BY:
POLICY # 47 ADMINISTRATIVE MANUAL APPROVED BY:
Download