This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Contingency Plan Testing & Revision Procedure Policy (Addressable)

Reference: 45 CFR § 160.308(a)
Last Updated: October 13, 2023


Goal: Implement procedures for periodic testing and revision of contingency plans.

The purpose of this policy is to establish a formal, documented policy and procedures that describes what the organization should do to conduct regular testing of its disaster recovery plan to ensure that it is up-to-date and effective.


Procedure: The Security Manager shall update the contingency plan every time new software or hardware is integrated into the system. Modification of systems, updates and upgrades may also require revision of the plan. At the very least, the contingency plan shall be tested and revised at random intervals but under no circumstances shall the gap between updates exceed one year. Testing and revisions will be documented by the Security Manager.

  • Contingency plan shall be tested at random intervals, not to exceed one year between intervals.
    • Testing of the contingency plan will include but not limited to:
      • Accessing alternative system and site in a timely fashion.
      • Load and run any necessary software.
      • Load and run backup.
      • Simulate employee actions (paper simulation and written test will be used randomly to validate workforce knowledge).
      • The Security Manager will coordinate exercises and tests to be performed.
    • Testing, workforce participants, dates, feedback, and areas tested shall be documented by the Security Manager (Contingency Plan Testing Form).
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram