This policy is listed for reference only and should be reviewed with your lawyer before implementing them into daily practice. We are not lawyers and are not providing any legal advice. View our legal disclaimer.

Facility Access Controls Contingency Operations Policy Addressable

Reference: 45 CFR § 164.312(a)(1)
Last Updated: December 14, 2023


Goal: Identify what the Covered Entity should do to have formal, documented procedures for allowing authorized employees to enter its facility to take necessary actions as defined in its disaster recovery and emergency mode operations plans.

The purpose of this policy is to describe the steps needed to access the facility, especially during emergencies. These procedures will describe how an authorized individual will have access to the facility in support of restoration of lost data.


Procedure: Access to the computer room will be controlled with access limited to only those support personnel with a demonstrated need for access. The access card, combination or key to the lock (when applicable) are given only to those personnel who require access to perform their official duties in the computer room.

  • The Security Manager or its designated representative will always have access to keys, passwords or access cards to the system(s) in case of emergency.
    • A back-up person will be designated in case the Security Manager is not available.
  • Covered Entity will keep a roster of the responsible individual to call in case of emergency.
    • Individual on call should be able to reach the facility within 15 minutes from the call with the proper keys to enter the designate controlled area.
Simplify Your Compliance with
Software and Guided Coaching
Let your patients and clients know that you take HIPAA seriously with the HIPAA Seal of Compliance for your website, storefront, and marketing materials.

Get instant access to HIPAA Compliance News and Updates

You'll get your first checklist as soon as you sign up!

overlapping hands

Our Mission

To safeguard medical data by providing secure, reliable, and fully HIPAA-compliant hosting solutions, enabling healthcare professionals to focus on their primary mission of providing care.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram