Ann;
I suspect that you are referring to the Emergency Mode of Operations Plan cited in HIPAA Security segment of the regulation. EMOP's are part of an overall Contingency Plan, or Business Contingency Plan as they are most commonly referred to in private sector. Definitions: DRP - Disaster Recovery Plans, generally refer to Information Systems and their recovery, unless of course you work for FEMA, and they would have a different meaning. Example: Sept 11, 2001... Some companies had excellent DRP's...Their data was backed up offsite, they had everything they needed to continue, except of course the lost souls. They didn't have a BCP... BCP - Refers to getting the people, processes, equipment - furniture, PC's, facilities, etc. back online... EMOP's can be two fold. #1. It could be simple instructions on how to process, access or approve something in the absence of an key employee. These instructions are secured in a safe and only opened when needed - An Emergency..... Betty Sue was taken to the Hospital this morning at 1:30 am and is in extensive Labor.... Sorry for the analogy... #2. Or an EMOP can provide specific instructions for a Department, Business Unit, etc., the ability to operate in an alternate location on an emergency, temporary basis, due to some disaster, like the toilets backed up, and the whole basement and first floor of a site is flooded. To begin with, develop high level requirements of what is needed and then work down from there. Remember this is an evolution to COMPLIANCE.... Some things can be implemented and you done with it for the time being, while others will require changes in processes and procedures, which requires change by the people involved and change takes time. Hope this helps... Regards, Charles L. Johnson, MPM, PMP HIPAA Security Team Humana Inc., Louisville, KY 502-580-1741 office 502-295-5041 mobil "Matlack, Ann" <Ann.Matlack@sta To: "WEDI Security listserv (E-mail)" <[EMAIL PROTECTED]> te.me.us> cc: Subject: Contingency Plans 07/12/02 02:25 PM We've been asked a question that has given us pause, and wondered if someone on this listserve might be able to help. In developing Contingency Plans, should EMO Plans, etc., be targeted specifically to data recovery, or must they be broader? Should our plans include only how we propose to get the data systems back on line, or must we also include how personnel, communications, building repairs, etc., NOT CONNECTED WITH DATA RECOVERY will be handled? Ann Higgins Matlack Edmund S. Muskie School of Public Service Institute for Public Sector Innovation 295 Water Street Augusta, ME 04330 Tel. (207) 626-5038 e-mail: [EMAIL PROTECTED] Please note that it may take up to 72 hours to process your request. <P>The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. Please note that it may take up to 72 hours to process your request. <P>The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.