Ann;

      I suspect that you are referring to the Emergency Mode of Operations
Plan cited in HIPAA Security segment of the regulation.  EMOP's are part of
an overall Contingency Plan, or Business Contingency Plan as they are most
commonly referred to in private sector.

      Definitions:  DRP - Disaster Recovery Plans, generally refer to
Information Systems and their recovery, unless of course you work for FEMA,
and they would have a different meaning.  Example:  Sept 11, 2001...  Some
companies had excellent DRP's...Their data was backed up offsite, they had
everything they needed to continue, except of course the lost souls.  They
didn't have a BCP...
      BCP - Refers to getting the people, processes, equipment - furniture,
PC's, facilities, etc. back online...

      EMOP's can be two fold.
      #1.  It could be simple instructions on how to process, access or
approve something in the absence of an key employee.  These instructions
are secured in a safe and only opened when needed - An Emergency.....
Betty Sue was taken to the Hospital this morning at 1:30 am and is in
extensive Labor....  Sorry for the analogy...

      #2.  Or an EMOP can provide specific instructions for a Department,
Business Unit, etc., the ability to operate in an alternate location on an
emergency,  temporary basis, due to some disaster, like the toilets backed
up, and the whole basement and first floor of a site is flooded.

            To begin with, develop high level requirements of what is
needed and then work down from there.

      Remember this is an evolution to COMPLIANCE....  Some things can be
implemented and you done with it for the time being, while others will
require changes in processes and procedures, which requires change by the
people involved and change takes time.

      Hope this helps...

Regards,

Charles L. Johnson, MPM, PMP
HIPAA Security Team
Humana Inc.,
Louisville, KY
502-580-1741 office
502-295-5041 mobil


                                                                                       
                                                
                      "Matlack, Ann"                                                   
                                                
                      <Ann.Matlack@sta         To:      "WEDI Security listserv 
(E-mail)" <[EMAIL PROTECTED]>                          
                      te.me.us>                cc:                                     
                                                
                                               Subject: Contingency Plans              
                                                
                      07/12/02 02:25                                                   
                                                
                      PM                                                               
                                                
                                                                                       
                                                
                                                                                       
                                                
                                                                                       
                                                




We've been asked a question that has given us pause, and wondered if
someone
on this listserve might be able to help.

In developing Contingency Plans, should EMO Plans, etc., be targeted
specifically to data recovery, or must they be broader?  Should our plans
include only how we propose to get the data systems back on line, or must
we
also include how personnel, communications, building repairs, etc., NOT
CONNECTED WITH DATA RECOVERY will be handled?

Ann Higgins Matlack
Edmund S. Muskie School of Public Service
Institute for Public Sector Innovation
295 Water Street
Augusta, ME  04330
Tel.  (207) 626-5038
e-mail:  [EMAIL PROTECTED]




Please note that it may take up to 72 hours to process your request.

<P>The WEDI SNIP listserv to which you are subscribed is not moderated.
The
discussions on this listserv therefore represent the views of the
individual
participants, and do not necessarily represent the views of the WEDI Board
of
Directors nor WEDI SNIP.  If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.






Please note that it may take up to 72 hours to process your request.

<P>The WEDI SNIP listserv to which you are subscribed is not moderated.  The
discussions on this listserv therefore represent the views of the individual
participants, and do not necessarily represent the views of the WEDI Board of
Directors nor WEDI SNIP.  If you wish to receive an official opinion, post
your question to the WEDI SNIP Issues Database at
http://snip.wedi.org/tracking/.
Posting of advertisements or other commercial use of this listserv is
specifically prohibited.

Reply via email to