TRADING PARTNER AGREEMENTS
|DATA BACKUP AND STORAGE |POLICY # 40 | |
| | | |
|Administrative Manual | | |
|APPROVED BY: |ADOPTED: | |
| | | |
|SUPERCEDES POLICY: | | |
| |REVISED: | |
| |REVIEWED: | |
|DATE: |REVIEW: | |
| |PAGE: | |
|HIPAA Security Rule Language: |“Create a retrievable, exact copy of EPHI, when needed, before movement of equipment.” |
|Policy Summary: |All EPHI on Sindecuse Health Center (SHC) information systems and electronic media must be |
| |regularly backed up and securely stored. Backup and restoration procedures must be regularly |
| |tested |
|Purpose: |This policy reflects SHC’s commitment to backup and securely store all EPHI on its information |
| |systems and electronic media. |
|Policy: |1. Backup copies of all EPHI on SHC electronic media and information systems must be made |
| |regularly. This includes both EPHI received by SHC and created within SHC. |
| |2. Information systems and electronic media for which this policy applies include, but are not |
| |limited to, computers (both desktop and laptops), floppy disks, backup tapes, CD-ROMs, zip drives,|
| |portable hard drives and PDAs. |
| |3. SHC must have adequate backup systems that ensure that all such EPHI can be recovered |
| |following a disaster or media failure. These systems must be regularly tested. |
| |4. Backup of EPHI on SHC information systems and electronic media, together with accurate and |
| |complete records of the backup copies and documented restoration procedures, must be stored in a |
| |secure remote location, at a sufficient distance from SHC facilities to escape damage from a |
| |disaster at SHC. |
| |5. Backup copies of EPHI stored at secure remote locations must be accessible to authorized SHC |
| |employees for timely retrieval of the information. |
| |6. The backup media containing EPHI at the remote backup storage site must be given an |
| |appropriate level of physical and environmental protection consistent with the standards applied |
| |to EPHI physically at SHC. |
| |7. Backup and restoration procedures for SHC electronic media and information systems containing |
| |EPHI must be regularly tested to ensure that they are effective and that they can be completed |
| |within a reasonable amount of time. |
| |8. The retention period for backup of EPHI on SHC information systems and electronic media and |
| |any requirements for archive copies to be permanently retained must be defined and documented. |
|Scope/Applicability: |This policy is applicable to all departments that use or disclose electronic protected health |
| |information for any purposes. |
| |This policy’s scope includes all electronic protected health information, as described in |
| |Definitions below. |
|Regulatory Category: |Physical Safeguards |
|Regulatory Type: |ADDRESSABLE Implementation Specification for Device and Media Controls Standard |
|Regulatory Reference: |45 CFR 164.310(d)(2)(iv) |
|Definitions: |Electronic protected health information means individually identifiable health information that |
| |is: |
| |Transmitted by electronic media |
| |Maintained in electronic media |
| |Electronic media means: |
| |(1) Electronic storage media including memory devices in computers (hard drives) and any |
| |removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or |
| |digital memory card; or |
| |(2) Transmission media used to exchange information already in electronic storage media. |
| |Transmission media include, for example, the internet (wide-open), extranet (using internet |
| |technology to link a business with information accessible only to collaborating parties), leased |
| |lines, dial-up lines, private networks, and the physical movement of removable/transportable |
| |electronic storage media. Certain transmissions, including of paper, via facsimile, and of voice,|
| |via telephone, are not considered to be transmissions via electronic media, because the |
| |information being exchanged did not exist in electronic form before the transmission. |
| |Information system means an interconnected set of information resources under the same direct |
| |management control that shares common functionality. A system normally includes hardware, |
| |software, information, data, applications, communications, and people. |
| |Backup means creating a retrievable, exact copy of data. |
| |Restoration means the retrieval of files previously backed up and returning them to the condition |
| |they were at the time of backup. |
|Responsible Department: |Information Systems |
|Policy Authority/ Enforcement: |SHC’s Security Official is responsible for monitoring and enforcement of this policy, in |
| |accordance with Procedure # (TBD). |
|Related Policies: |Device and Media Controls |
| |Media Re-use |
| |Disposal |
| |Accountability |
|Renewal/Review: |This policy is to be reviewed annually to determine if the policy complies with current HIPAA |
| |Security regulations. In the event that significant related regulatory changes occur, the policy |
| |will be reviewed and updated as needed. |
|Procedures: |TBD |
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- treasury trading partner codes
- trading partner number lookup treasury
- federal trading partner number
- federal trading partner code list
- federal trading partner number lookup
- government trading partner number list
- trading partner number dod
- trading partner number government agencies
- federal government trading partner list
- dod trading partner codes
- dod trading partner id lookup
- army trading partner number