164.308(a)(7)(ii)(C) - Emergency Mode Operational Plan (Required)
Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.
Illustrative Controls and TIBCO LogLogic Solution
It is inevitable that accounts must be created for emergency mode access. These accounts may be required for vendors so they can perform remote troubleshooting as well as maintenance of the equipment in the IT infrastructure. Care must be taken to ensure that these vendors only have access during maintenance hours and when personnel are available to monitor the process.
Administrators must identify all access to ensure vendors are only logging in during maintenance hours. Administrators must also review access to the IT infrastructure to ensure no access is performed during unauthorized hours.
Reports and Alerts
Use the following link or reference to see the 164.308(a)(7)(ii)(C) reports and alerts: 164.308(a)(7)(ii)(C) - Emergency Mode Operational Plan (Required).