Contingency Plans are made to help the organizations comply with standard regulations like HIPAA, JCAHO, FDA, SOX, FISMA, COOP & COG, FFIEC, Basel II, NIST, and ISO 27002. There are many laws that specify requirements for Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). These requirements vary among industry sectors, affecting the development, focus, and execution of business continuity plans. This is where a Contingency plan is required – to basically comply with all the compliance rules and regulations enforced by the Government.
There are some contingency plans that are identified as standard by the HIPAA security rule (HIPAA Security Rule 164.308(a)(7)(i)). Planning means the overall process of developing an already approved set of arrangements and procedures to ensure that your business can respond to any disaster and resume its critical business functions within a required time frame objective. The main goal is the reduce the risk level and its cost and its impact on the staff, consumers, and suppliers.
According to the HIPAA HITECH ARRA Act enforced on 20th February 2003, all Healthcare entities need to Create HIPAA Security policies and procedures for them to apply this law to their organizational structure, and also train their employees in these policies and procedures so as to apply them to their regular jobs.
Creating one or revising an already created organization’s security policies and procedures is one major task and requires lots of detailed work and time. Each security policy must set the foundation for the individual departmental procedures needed to support and implement the policy. We have developed 68 security policies which include 57 security policies & procedures required by HIPAA Security regulation and additional 11 policies, checklists, and forms as supplemental documents to the required policies.
According to the HIPAA HITECH ARRA Act enforced on 20th February 2003, all Healthcare entities need to create HIPAA privacy policies and procedures for them to apply this law to their organizational structure. They also need to be implemented in the daily job activities by training the employees on these policies.
Making a new policy or changing an already existing policy is very time-consuming and a daunting task. Each policy needs to be read and thoroughly checked to make any changes. Our templates for covered entities can jump-start your HIPAA Privacy Policy and Procedures project and save you a lot of time for your team and money. HIPAA Privacy Policy and Procedures templates suite have 51 documents that have been customized to help you meet the requirements of the HIPAA Privacy Rule.
Risk Analysis is usually regarded as step one towards HIPAA compliance. Risk analysis is a mandatory implementation specification under the Security Management Process standard of the Administrative Safeguards portion of the HIPAA Security Rule as per Section 164.308 (a) (1). All Healthcare organizations will reap the benefits of an effective Risk Analysis and Risk Management program beyond just being HIPAA compliant. Compliance with HIPAA is not optional… it is mandatory, to keep off penalizations.
The overall target of a HIPAA risk analysis is to document the possible risks and exposures to the confidentiality, integrity, or availability of electronic protected health information (ePHI) and ascertain the appropriate safeguards to bring the level of risk to a manageable level. This ensures that controls and expenditures are fully consistent with the risks to which the entity is exposed.
The HIPAA Security Rule requires organizations, at the very least, to conduct regular internal audits to assess procedures meant to secure confidentially or “protected health information” (PHI) (45 CFR 164.308 (a) (8)). It is usually advisable to look for an external inspection or audit but the provisions of the security rule do not specifically require this. In most cases, this will be determined by the organizational size, line of business, and sometimes the contract requirements (i.e., Medicare, Medicaid, etc.). The intention here is to determine if an organization has appropriately documented the administrative, physical, and technical security practices, policies, and procedures and by and large meets the requirements of the rule.
For more information, please contact us at: bob@supremusgroup.com or call (515) 865-4591