Contingency Plan Template
Establishes procedures for responding to emergencies affecting ePHI systems per §164.308(a)(7).
What This Policy Covers
Required Sections
A compliant Contingency Plan for HIPAA must include the following5 sections. Each section addresses a specific control requirement that auditors will review.
Purpose and Scope
Plan objectives and regulatory references.
Data Backup Plan
Procedures for creating and maintaining retrievable ePHI copies.
Disaster Recovery Plan
Restoring lost ePHI systems and data.
Emergency Mode Operations
Continuing critical processes during emergencies.
Testing and Revision
Periodic testing and plan updates.
Generate a Customized Version
This template shows the required structure. PoliWriter generates a fully customized Contingency Plan that references your actual cloud providers, identity systems, tools, and team practices — ready for auditor review.
Policy Details
Other HIPAA Templates
Administrative, physical, and technical safeguards.
PHI use and disclosure requirements.
Breach identification and reporting procedures.
Technical policies for controlling access to ePHI per §164.312(a).
Mechanisms for recording and examining access to ePHI per §164.312(b).
Policies to protect ePHI from improper alteration or destruction per §164.312(c).
Technical safeguards for protecting ePHI during electronic transmission per §164.312(e).
Security awareness and training program for all workforce members per §164.308(a)(5).