Contingency planning, also referred to as Business Continuity Planning (BCP), is about a coordinated strategy that involves plans, procedures and technical measures to enable the recovery of systems, operations, and data after a disruption. One of the critical steps in contingency planning is Business Impact Analysis (BIA). BIA helps to identify and prioritize critical Information Technology (IT) systems and components. IT systems may have numerous components, interfaces and processes. BIA enables a complete characterization of:

  • System requirements
  • Processes
  • Interdependencies

As part of the BIA process, information is collected, analyzed and interpreted. The information provides the basis for defining contingency requirements and priorities.

The contingency plan must be developed with the input and support of line-of-business managers and all key constituencies, since the plan will need to work across the organization. The plan must be based on the risks faced by the organization as well as risks associated with partners, suppliers, and customers. All technology issues must be addressed in the context of business operations. The plan itself must be tested regularly and refined as required. The core objectives of contingency planning include the capability to:

  • Restore operations at an alternate site (if necessary)
  • Recover operations using alternate equipment (if necessary)
  • Perform some or all of the affected business processes using other means

HIPAA Security Standard and Contingency Planning

Contingency plan is a HIPAA Security standard. The objective of the contingency plan standard is to establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

Contingency plan related requirements are also identified as implementation specifications in the Physical Safeguards section of the HIPAA Rule as well as the Technical Safeguards section.The bizSHIELDtm Contingency Plan document specifically addresses the following critical components:

  • Data Backup Plan (Administrative safeguard)
  • Disaster Recovery Plan (Administrative safeguard)
  • Emergency Mode Operation Plan (Administrative safeguard)
  • Testing and Revision Procedure (Administrative safeguard)
  • Applications and Data Criticality Analysis (Administrative safeguard)
  • Contingency Operations (Physical safeguard)
  • Data Backup and Storage (Physical safeguard)
  • Emergency Access Procedures (Technical safeguard)

Key Deliverable: The HIPAAShield™ Contingency Plan Document

bizSHIELDtm Contingency Plan document is created based on our review and analysis of information collected from your organization. This bizSHIELDtm Contingency Plan addresses the following areas:

  • Data Backup Plan
  • Disaster Recovery Plan
  • Emergency Mode Operation Plan
  • Testing and Revision Procedures
  • Applications and Data Criticality Analysis
  • Contingency Operations
  • Emergency Access Procedure

For more information about HIPAA Academy’s HIPAA Security Compliance services, please contact  Krystal Perez at +1.515.987.4044 ext 25  or


“The HIPAA Academy™ developed a comprehensive Business Impact Analysis (BIA) and Contingency Plan documents that met HIPAA Security Rule specifications and exceeded our stringent requirements. The work was executed professionally and their templates were detailed to capture small, yet critical information to establish recovery priorities.”
David P. Walsh
HCF Management, Inc.

“Very informative and accurate.”
Laura Bagus
Edward Hospital

“Great overview of contingency planning. To the point requirements detailed so that you can focus in on these.”
Debbie Slanicky
Illinois Foundation for Quality Healthcare

“The session was very educational.”
Tim Warren
Resurrection Medical Center

“This was a helpful primer on contingency planning.”
Sue Spears
Sherman Health Systems

“This program was helpful in educating me about contingency planning especially because I consider myself an interested novice in this area.”
Barbara Giardino
Sherman Health Systems

“Good overview. Helped me get on a roadmap to assist in the analysis of planning and risks associated with systems.”
Mike Williams
FHN Memorial Hospital

“Good contingency planning seminar. I would highly recommend the HIPAA Academy™ to everyone.”
Parm K. Soni
Secbay, Inc.

“The information provided was very helpful. I will be sharing the information with our security officer as I can identify areas of concern.”
Jenice Hampton
Sacred Heart Hospital

“Helped me understand more clearly what my security officer and IS Director are dealing with and talking about. Thanks.”
Carolyn Beyer
FHN Memorial Hospital

“A good and thoughtful overview of the essential core functions of contingency planning priorities with realistic goals presented to the group.”
Brynn O’Brian

“It has been time well spent. Ali is an excellent speaker and very knowledgeable. He presented useful information which I will take back to the team to help us in the future.”
Mike DeGraff
Northwest Community Hospital

“Thanks. This gave us a streamlined, clear vision of how to get this important process jump started at our own sites. I appreciated those who shared their experiences.”
David Ginn
KSB Hospital