This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Contingency Plan – Application & Data Criticality Analysis Policy (Addressable)

Reference: 45 CFR § 160.308(a)
Last Updated: January 8, 2024


Goal: Access the relative criticality of specific applications and data in support of other contingency plan components.

The purpose of this policy is to review what the organization should do to have a formal process for defining and identifying the criticality of its information systems.


Procedure: The Security Manager shall prepare a data criticality log where available systems shall be ranked.

  • The Security Manager will access all available system and determine the priority of systems in case of emergencies.
    • Priority list will be based on importance to restore during emergency operations.
    • Backups will use this priority listing to facilitate recovery in cases of emergency.
    • Disaster recovery and emergency operation planning will also take into consideration the criticality list when deployed.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram