When the Department of Health and Human Services' Office for Civil Rights will conduct audits of organizations' compliance with the HIPAA security rule, a comprehensive business continuity contingency plan is one of many pieces investigators will be looking for.

Enforcement of the security rule last year migrated from the Centers for Medicare and Medicaid Services to OCR, which has placed security rule investigators in 10 regional offices. During a session at the Safeguarding Health Information conference in Washington, David Holtzman, a health information privacy specialist at OCR, reminded attendees of the security rule's requirements for contingency plans. They must respond to emergencies that damage systems containing electronic protected health information due to fire, theft, vandalism, natural disaster or system failure.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access