(2) Implementation specifications:
(iv) Data backup and storage (Addressable). Create a retrievable, exact copy of electronic protected health information, when needed, before movement of equipment.
Tell Me More:
The Data Backup and Storage implementation specification requires the covered entity and business associate to create an exact retrievable copy of electronic protected health information, when needed, before movement of equipment.
Several sections of the Final Rule address the need for backing up data, e.g., in the Contingency Plan standard. When equipment is moved, one should consider a process to be prepared for problems and, prior to such movement, should ensure a current backup is made of the information on that equipment.Data may also be lost or corrupted in movement – hence a good data backup plan is important.
A complete set of HIPAA Security Policies and Procedures may be purchased here.
Questions to consider:
- What data (systems, files, directories, folders) should be backed up when equipment is moved?
- Are backups done before movement?
- Who is responsible/authorized to retrieve the media?
- NIST SP 800-12 chapter 14 An Introduction to Computer Security: The NIST Handbook
- NIST SP 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems
- NIST SP 800-34 Contingency Planning Guide for Information Technology Systems
- NIST SP 800-53, Revision 3 Recommended Security Controls for Federal Information Systems and Organizations
Latest posts by admin (see all)
- $100,000 Fine in Case Involving Defunct Records Storage Firm - February 14, 2018
- Clearwater CEO Bob Chaput Shares Expertise on Insuring Hospital Cyber Risks Through Captives - February 13, 2018
- Partnership Brings Focus on Cyber Security Solutions to Texas Hospitals - February 5, 2018