POLICY SUMMARY:
|Data backup plan |POLICY # 22 | |
| | | |
|Administrative Manual | | |
|APPROVED BY: |ADOPTED: | |
| | | |
|SUPERCEDES POLICY: | | |
| |REVISED: | |
| |REVIEWED: | |
|DATE: |REVIEW: | |
| |PAGE: | |
|HIPAA Security Rule Language: |“Establish and implement procedures to create and maintain retrievable exact copies of EPHI.” |
|Policy Summary: |All EPHI on Sindecuse Health Center (SHC) information systems and electronic media must be |
| |regularly backed up and securely stored. Backup and restoration procedures must be regularly |
| |tested. |
|Purpose: |This policy reflects SHC’s commitment to backup and securely store all EPHI on its information |
| |systems and electronic media. |
|Policy: |1. SHC must have a formal, documented backup plan for its information systems. At a minimum, the |
| |plan must: |
| |Identify information systems and electronic media to be backed up. |
| |Provide a backup schedule. |
| |Identify where backup media are stored and who may access them. |
| |Outline restoration procedures. |
| |Identify who is responsible for ensuring the backup of information systems and electronic media. |
| |2. Backup copies of all EPHI on SHC electronic media and information systems must be made |
| |regularly. This includes both EPHI received by SHC and created within SHC. |
| |3. Information systems and electronic media for which this policy applies include, but are not |
| |limited to, computers (both desktop and laptops), floppy disks, backup tapes, CD-ROMs, zip drives,|
| |portable hard drives and PDAs. |
| |4. SHC must have adequate backup systems that ensure that all EPHI can be recovered following a |
| |disaster or media failure. These systems must be regularly tested. |
| |5. Backup of EPHI on SHC information systems and electronic media, together with accurate and |
| |complete records of the backup copies and documented restoration procedures, must be stored in a |
| |secure remote location, at a sufficient distance from the facility to escape damage from a |
| |disaster at or near SHC. |
| |6. Backup copies of EPHI stored at a secure, remote location must be accessible to authorized SHC|
| |employees for prompt retrieval of the information. |
| |7. The backup media containing EPHI at the remote backup storage site must be given an |
| |appropriate level of physical and environmental protection consistent with the standards applied |
| |to EPHI physically at SHC. |
| |8. Restoration procedures for SHC electronic media and information systems containing EPHI must |
| |be regularly tested to ensure that they are effective and that they can be completed within the |
| |time allotted in SHC’s disaster recovery plan. |
| |9. The retention period for backup of EPHI on SHC information systems and electronic media and |
| |any requirements for archive copies to be permanently retained must be defined and documented. |
| |10. Risk analysis should be used to determine and document the maximum amount of loss that may |
| |occur if backup of SHC information systems and electronic media is disrupted. Such analysis |
| |should be used to determine if all appropriate and reasonable measures are being used to backup |
| |SHC information systems and electronic media. |
|Scope/Applicability: |This policy is applicable to all departments that use or disclose electronic protected health |
| |information for any purposes. |
| |This policy’s scope includes all electronic protected health information, as described in |
| |Definitions below. |
|Regulatory Category: |Administrative Safeguards |
|Regulatory Type: |REQUIRED Implementation Specification for Contingency Plan Standard |
|Regulatory Reference: |45 CFR 164.308(a)(7)(ii)(A) |
|Definitions: |Electronic protected health information means individually identifiable health information that |
| |is: |
| |Transmitted by electronic media |
| |Maintained in electronic media |
| |Electronic media means: |
| |(1) Electronic storage media including memory devices in computers (hard drives) and any |
| |removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or |
| |digital memory card; or |
| |(2) Transmission media used to exchange information already in electronic storage media. |
| |Transmission media include, for example, the internet (wide-open), extranet (using internet |
| |technology to link a business with information accessible only to collaborating parties), leased |
| |lines, dial-up lines, private networks, and the physical movement of removable/transportable |
| |electronic storage media. Certain transmissions, including of paper, via facsimile, and of voice,|
| |via telephone, are not considered to be transmissions via electronic media, because the |
| |information being exchanged did not exist in electronic form before the transmission. |
| |Information system means an interconnected set of information resources under the same direct |
| |management control that shares common functionality. A system normally includes hardware, |
| |software, information, data, applications, communications, and people. |
| |Access means the ability or the means necessary to read, write, modify, or communicate |
| |data/information or otherwise use any system resource. |
| |Backup means creating a retrievable, exact copy of data. |
| |Restoration means the retrieval of files previously backed up and returning them to the condition |
| |they were at the time of backup. |
|Responsible Department: |Information Systems |
|Policy Authority/ Enforcement: |SHC’s Security Official is responsible for monitoring and enforcement of this policy, in |
| |accordance with Procedure # (TBD). |
|Related Policies: |Contingency Plan |
| |Disaster Recovery Plan |
| |Emergency Mode Operation Plan |
| |Testing and Revision Procedure |
| |Applications and Data Criticality Analysis |
|Renewal/Review: |This policy is to be reviewed annually to determine if the policy complies with current HIPAA |
| |Security regulations. In the event that significant related regulatory changes occur, the policy |
| |will be reviewed and updated as needed. |
|Procedures: |TBD |
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
Related searches
- year end performance summary example
- photosynthesis summary notes
- summary of history of philosophy
- summary of starbucks
- summary of 13 reasons why
- summary equation of photosynthesis
- summary of max weber theory
- 13 reasons why summary short
- starbucks summary of the company
- brief summary of photosynthesis
- photosynthesis summary for kids
- financial analyst resume summary example