Create Your HIPAA Emergency and Incident Response Plans

Home Bridge Compliance HIPAA​ Create Your HIPAA Emergency and Incident Response Plans

You can create and manage your HIPAA Emergency and Incident Response Plans for protecting protected health information (PHI) in Bridge Compliance. See About Patient Health Information (PHI) for more information on PHI.

HIPAA requires documented plans for how your practice responds to data breaches, cyberattacks, and emergencies. Without them, you risk delays, greater damage, and compliance penalties. Having clear plans in place protects patient data and ensures a fast, compliant response when something goes wrong.

It’s recommended to keep printed copies of these plans in a binder to ensure access during internet or power outages.

Note: Review these plans quarterly and/or annually to ensure they continue to meet your needs and align with your current IT systems.

Time to complete this requirement: 15-20 minutes

To follow a guided product tour of this process, see HIPAA Compliance Requirement: Create Your HIPAA Emergency and Incident Response Plans.

Instructions

  1. Select HIPAA > Emergency Planning in the left menu.
  2. Complete the Emergency and Incident Response Team section by adding one or more team members.
    You can add anyone who helps organize emergency responses—such as IT, the Practice Manager, or a Doctor. It doesn’t need to be everyone, just key contacts.
    To add or remove team members, click on the Remove or Add Another buttons.
    Provide the team member(s):
    • First Name (required)
    • Last Name (required)
    • Title (optional)
    • Email Address (required)
    • Phone (required)
    • Alternate Phone (optional)
  3. (Optional) Complete the Additional Information portion after adding your team member(s).
  4. Click the Continue button.
    You will proceed from the Emergency and Incident Response Team section to the Data Backup Plan section.
    If desired, click the Save button to save your progress first.
  5. Complete the Data Backup Plan section by selecting the team member responsible for backing up and restoring your electronic protected health information (ePHI).
    The Responsible team member drop-down field includes the team members you added to the Emergency and Response Team earlier.
  6. (Optional) Complete the other items in the Data Backup Plan section:
    • How is your electronic protected health information (ePHI) being backed up? (optional)
    • How often is your ePHI backed up? (optional)
    • Additional Information (optional)
  7. Click the Continue button.
    You will proceed from the Data Backup Plan section to the Emergency Mode Operations Plan section.
    If desired, click the Save button to save your progress first.
  8. Complete the Define the key processes critical to continuing operations portion.
    This is where you’ll define the key processes that are essential to keeping your operations running during an emergency—for example, continuing to process payments.
    Complete the following fields for Key Process 1 and Key Process 2.
    • Key process (required)
      Examples:
      • Accessing Patient Payment Records During a System Outage
      • Secure Communication with Patients During Network Downtime
    • Is access to ePHI required? (required)
    • Responsible team member (required)
      You can choose from team members you added to the Emergency and Response Team.
  9. List the IT System(s) and the resources required to access them during an emergency.
    You can use the Remove or Add Another buttons to remove or add IT Systems.
    • IT System (required)
      Example: Bridge Payments Portal
    • Resources needed (required)
      Example: Secure VPN access, user credentials, encrypted laptop
      Additional resources needed may include: account numbers, contact numbers, phone numbers
    • Responsible team member (required)
      You can choose from team members you added to the Emergency and Response Team.
  10. Complete the What testing and revision procedures are in place? portion.
    This is where you outline the testing and revision procedures you have in place to keep your Emergency and Incident Response plans effective and current.
    You can remove or add Testing Procedures by clicking the Remove or Add Another buttons.
    • Testing procedures (required)
      Example: Quarterly data restore test from encrypted backup server
    • Last Performed (required)
    • Results and recommendations (required)
      Example: Successful – restore completed within 45 minutes. Recommend documenting recovery time in next test.
  11. (Optional) Complete the Additional Information portion.
  12. After completing and saving each section, click the Download PDF button to print your Emergency and Incident Response Plans.
    We recommend placing them in a binder so they’re easily accessible during an internet or power outage.
    Note: At the bottom of your downloaded file, you’ll find a complete policy that has been created for you using the information you provided.
Helpful?