Contingency Framework

3500_HIPPA_ Contingency_Framework_Thumbnail Digital Download Add to Cart$129.95

Omnibus Rule Ready

Do you need a Contingency Framework?

Stop2The HIPAA Security Rule requires that your organization comply with its Contingency Standard (i.e. "Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.").

The Contingency Standard has five implementation specifications:

1. Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.

2. Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.

3. Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.

4. Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.

5. Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.

Our Contingency Framework ("Framework") offers guidance for complying with this standard. With the Framework, you’ll be able to determine what you need to do in order to satisfy these five implementation specifications ("Controls"). In addition, you are provided templates that help you mitigate the risks posed by the absence of these Controls.

These Controls are now generally referred to as “Business Continuity.”  Business Continuity is a very complex topic; however, similar to the manner in which other wicked problems are attacked, the most important thing that any organization can do is to fail forward fast; that is, to put a foundational solution in place and then proceed to refine it over time as specific requirements manifest.

Other components included in our Framework?



Criticality List Template

20161206_Contingency_Framework_Crticality_List_v1.pdg (MS Word)

A template that helps organizations assign criticality levels (e.g. High, Medium, or Low) to Security Objects in order to meet one of the Contingency Standard’s implementation specifications.

Incident Response Call List

20161206_Contingency_Framework_Call_List_v1.pdf (MS Word)

A template that helps organizations establishes a “call tree” required during emergency or disaster response.

Training Results Spreadsheet


A spreadsheet that helps organization track which Workforce members have been trained for emergency mode or disaster incident response.



As a Healthcare Technology vendor we found ourselves with little direction attempting to learn and comply with HIPAA and HITECH regulations. The overhead of learning and implementing needed policies and procedures was so detrimental to our internal efficiency and service delivery that we had to discontinue service for a major share of our client base just to concentrate on HIPAA regulations. We have since found the HIPAA Survival Guide and signed up for their Subscription Plan. With the help and guidance provided by HSG, we have now returned our focus to what we do best. In the past 6 months our company has increased knowledge, literature, and direction as well as record revenue by 421%. Thank You HSG, we couldn’t have done it without you!” -Wiles Tech See More Testimonials...