FacebookTwitterLinkedInEmailPrint
This entry is part 42 of 59 in the series Complete Guide to HIPAA Security Final Rule

(2) Implementation specifications:

 (ii) Emergency access procedure (Required). Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.

 

Tell Me More:

The Emergency Access Procedure implementation specification requires covered entities to establish (and implement as needed) procedures for obtaining necessary electronic protected health information (EPHI) during an emergency. Emergency access is a necessary part of access control and will be necessary under emergency conditions, although these might be very different from those used in normal operational circumstances.

The need for access to ePHI may change during an emergency. Specifically, some job functions may be temporarily realigned necessitating different access to ePHI by workforce members. In addition, the need to restore and verify the integrity of the restored data may require different access by information technology personnel and others involved in disaster recovery.

complete set of HIPAA Security Policies and Procedures may be purchased here.

Questions to consider:

  • Does the contingency plan require different access to ePHI during an emergency?
  • If so, do the technical systems have the ability to support such temporary changes in access? If not, the organization may have to implement new systems to support the contingency plan.
  • Are there procedures for activating emergency access? The procedures should address who can authorize such access and under what conditions.

 

References:

Series Navigation<< 164.312(c)(2) Standard: Integrity – Mechanism to authenticate electronic protected health information164.308(a)(5)(i) Administrative safeguards – Standard: Security awareness and training >>

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.
 
FacebookTwitterLinkedInEmailPrint