CMS Contingency Plan

Summary:

I chose to read this article to better understand what a contingency plan is, what it takes to make it
and how it is run. I think it is important to know what a contingency plan is and how to follow it in case
of an unexpected occurrence or emergency. It is always great to have that as a back-up plan, especially in
the healthcare field. Even if medicine and dentistry are different, problems can occur at any moment and
of you have a contingency plan put into place, you’ll know that you have some bounce back so to speak
and can get back to the right path and continue on through the work day. This article will help with sub-
competency #9, which focuses on contingency planning and how to develop these plans for different
circumstances.

What I Learned:

A contingency plan provides a framework for responding to unexpected events, such as natural
disasters, data breaches and crises in health. IT is also essential for protecting the organization from any
potential risks and also ensured the continuity of their operations. These plans outline strategies for risk
management, such as protocols, procedures and roles and responsibilities to those a part of the plan. Some
contingency plans, such as the Center for Medicare and Medicaid Services (CMS) have the guidance of
the Federal Information Systems Management Act (FISMA) to provide the process of the planning and
security objectives. Such objectives include: Confidentiality, Integrity, and Availability. Confidentiality
focuses on preserving authorized restrictions on information access and disclosure. Integrity is about
guarding against improper information modification or destruction. Availability focuses on ensuring
timely and reliable access to and use of information.

Before are to start a contingency plan, you must determine what impact level of the system you
are creating this plan for. There are three impact levels: Low, Medium, and High. Low impact level
occurs when the loss of the three objectives are expected to have little effect on your company. Medium
impact level is when it is expected to have serious effects on your business. This could cause significant
deterioration to the mission, but the contingency plan could still be able to provide its primary functions.
High impact level is when there is catastrophic effects on you business and there is no coming back from
this issue. Another part of a contingency plan you must look into is a Business Impact Analysis (BIA) to
help identify any preventative actions that are required to reduce the chance of risk and keep the system
safe.

How to make a contingency plan is that it involves cooperation with every person apart of the
company and system and other organizations that could be affected. After that, you can create the
document, than the business owner must sign the document. Next is to perform the testing to see if the
plan will work. If so, then the steps towards the plan will continued to be tested until everyone
understands what is needed to be done to execute this plan correctly. You then get an after action report to
show that the test has been completed and successful. If there needs to be any changes, you must get a
recertification. Once that is taken care of, you have a contingency plan. This article also provides the
advice to start making the next year’s exercises in advance so you can be prepared.
 Overall, this is a good article to get a basic understanding of what goes into making a contingency
plan. I would definitely want to know more on plans that have been put into place for those in the
healthcare field, mainly focusing on the dental field.