Incident Response & Operations
Contingency Plan
A HIPAA-required plan for responding to emergencies that damage systems containing ePHI.
A Contingency Plan is a HIPAA Security Rule administrative safeguard: a set of policies and procedures for responding to an emergency or other occurrence, such as fire, vandalism, system failure, or natural disaster, that damages systems containing ePHI.
It is an umbrella requirement encompassing a data backup plan, a disaster recovery plan, and an emergency mode operation plan, ensuring ePHI stays available and protected during and after a disruption.