Skip to content

Contingency Plan

HIPAA Rule: §164.308(a)(7)

Purpose

Ensure PHI systems can be recovered in the event of an emergency, disaster, or system failure.

Backup Requirements

System Backup Method Frequency Retention Cross-Region
NHC EC2 (Django API) AWS Backup — EBS snapshot Daily 30 days Yes
NHC Database (RDS or EC2) AWS Backup Daily 30 days Yes
NHC S3 buckets S3 Versioning + Replication Continuous 90 days Yes
NVS Screenshot S3 S3 Versioning Continuous Per retention policy No

All backups are encrypted using KMS CMKs. Backup vault access is restricted to the DevOps admin role.

Recovery Time Objective (RTO) and Recovery Point Objective (RPO)

System RTO RPO
NHC Django API 4 hours 24 hours
NHC Database 4 hours 24 hours
NVS Laravel 8 hours 24 hours

These are initial targets. Refine after testing.

Disaster Recovery Procedure

Step 1: Declare DR Event

Incident Commander declares DR after confirming primary environment is unrecoverable within RTO.

Step 2: Restore from Backup

  1. Identify latest clean backup in AWS Backup vault
  2. Restore EBS snapshot to new EC2 instance in secondary region (if cross-region)
  3. Restore RDS from snapshot
  4. Update DNS / Route 53 to point to recovered instance
  5. Verify application health

Step 3: Verify Data Integrity

  • Compare record counts against last known-good state
  • Confirm encryption is in place on restored volumes
  • Re-enable CloudTrail and GuardDuty if not automatically active

Step 4: Resume Normal Operations

  • Notify affected parties if PHI availability was impacted
  • Document DR event and lessons learned

Testing

DR procedures must be tested annually:

Test Frequency Owner
Backup restore test (NHC DB) Annual DevOps
Full EC2 restore test Annual DevOps
DR runbook walkthrough Annual All IR team

Emergency Access

In a DR scenario where normal IAM access is unavailable: - Root account MFA recovery codes are stored in [secure location — TBD] - Break-glass procedure documented in internal runbook