This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Contingency Plan – Disaster Recovery Plan Policy

Reference: 45 CFR § 160.308(a)
Last Updated: October 13, 2023


Goal: Establish (and implement as needed) procedures to restore any loss of data.

The purpose of this policy is to establish the steps necessary to recover ePHI that was impacted by a disaster.


Procedure: The Security Manager shall develop and update procedures to ensure the restoration of systems and ePHI after any system degradation or incident.

  • The Security Manager will keep a list of critical systems and prioritize them based on needs.
    • A tier system for recovery shall be used to ensure timely restoration of functionality.
    • Alternative systems have been identified and necessary software has been installed.
      • Software and hardware has been tested and are capable of running backups.
    • Primary notification to staff members will be done via telephone by the Security Manager or its assigned representative.
      • Whenever possible contact with employees may be delegated to the Office Manager/Administrator.s.
      • Notification to employees will informed them of recovery actions and operation requirements.
    • Patients will be informed of facility’s status and alternative location, if possible.
      • Rescheduling of patients will be based on needs and available resources. Security Manager will determine extent of operations and capabilities and will immediately update Administrator of any changes.
    • Security Manager or its assigned representative will notify vendors and business partners of any operational needs and changes.
      • Coordination of deliveries will be rescheduled, as needed.
    • The Security Manager or its appointed representative will obtain the most current backup and ensure proper upload to the system.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram