Corporate Compliance

Tip: Emergency access procedures

Compliance Monitor, September 8, 2010

Tip: Emergency access procedures

Organizations must establish procedures so their employees know how to obtain electronic protected health information (ePHI) during an emergency. In HIPAA’s security rule preamble, the government gives the following tip on how an organization could meet the emergency access requirement.

Access controls will still be necessary under emergency conditions, although they may be very different from those used in normal operational circumstances. For example, in a situation when normal environmental systems, including electrical power, have been severely damaged or rendered inoperative due to a natural or manmade disaster, procedures should be established beforehand to provide guidance on possible ways to gain access to needed electronic protected health information.

Follow these additional tips on how your organization can meet emergency access requirements:

  • Review your contingency plan to determine what processes you have in place to provide rapid access to ePHI in an emergency
  • Have backup copies of any ePHI that you deem critical
  • Have plans to restore the system and data inside your facility and at an alternative site
  • Document the names and roles of individuals with administrative privileges who can grant access in a crisis.

This week’s tip was adapted from The Compliance Officer’s Handbook. For more information about the book or to order your copy, visit the HCMarketplace.

Most Popular