Revenue Cycle Business Continuity Planning
Revenue-cycle business continuity planning defines how critical work continues or safely pauses when people, facilities, systems, networks, vendors, or data are unavailable, and how temporary activity is reconciled after recovery.
Updated 2 min read
On this page
Key takeaways
- Continuity plans cover people, vendors, facilities, networks, systems, and data.
- A workaround must remain secure, controlled, and reconcilable.
- Recovery is incomplete until temporary and restored activity agree.
What it controls
Revenue-cycle business continuity planning defines how critical work continues or safely pauses when people, facilities, systems, networks, vendors, or data are unavailable, and how temporary activity is reconciled after recovery.
An improvised workaround may protect one deadline while creating duplicate claims, missing evidence, insecure data, or unreconciled payments. Preapproved continuity procedures balance timeliness with security, accuracy, and recoverability.
Design the work
Identify critical services, dependencies, maximum tolerable interruption, backlog consequences, and authoritative deadlines. Prioritize work using verified obligations and patient or financial impact rather than a generic recovery order.
Define approved fallback channels, minimum information, access controls, decision authority, communication, logging, and reconciliation. Never move PHI into personal email, consumer storage, or an uncontrolled spreadsheet to make a workaround faster.
Minimum controls
- Current dependency and critical-service inventory.
- Approved secure workarounds with activation authority.
- Incident log, temporary-work identifiers, and duplicate prevention.
- Recovery reconciliation, backlog ownership, and after-action review.
Keep claim-specific information in the approved system
Put it into practice
Assess critical work
Map dependencies, deadlines, interruption consequences, and minimum safe service.Design and test fallback
Approve secure procedures, roles, communications, evidence, and reconciliation.Recover deliberately
Restore sources of truth, reconcile temporary activity, clear backlog, and record lessons.
Review and improve
Review the control on a fixed cadence and after a material policy, payer, system, staffing, or workflow change. Compare the current process with its documented design, sample the evidence it produces, and record exceptions separately from completed routine work. A control that exists only in a policy but leaves no observable evidence cannot be evaluated reliably.
Use findings to change the upstream process, not merely to clear the current queue. Assign one owner, one next action, and one follow-up date. Preserve the definition and baseline used for the review so a later result can be compared without changing the measurement after the fact.
Frequently asked questions
Can staff use personal devices during an outage?
Only if the organization’s approved security and continuity policies explicitly authorize and control that use.
What should be tested?
Activation, access, communications, critical transactions, evidence capture, restoration, duplicate prevention, and reconciliation.
Operational terms
Authoritative sources
- General Compliance Program Guidance (opens in a new tab)
HHS Office of Inspector General
- Internet-Only Manuals (opens in a new tab)
Centers for Medicare & Medicaid Services
- Medicare Learning Network resources and training (opens in a new tab)
Centers for Medicare & Medicaid Services
