Data backup plan4/11/2023 ![]() The difference between backups and disaster recovery is a matter of scope. What is the Difference Between a HIPAA Data Backup Plan and a Disaster Recovery Plan? Storing backup data at an offsite facility (a physical location other than your worksite) allows recovery of backup data if backup data stored locally, onsite, is destroyed or damaged because the premises themselves have been damaged to emergencies such as earthquakes and floods. With cloud storage, backup data can be retrieved at any time. Storing backup data with a HIPAA compliant cloud provider allows an organization to easily retrieve information from the cloud. Offsite backup consists of either backing up data to the cloud, or storing backup data at an offsite facility. In this kind of data backup, backup data is stored on a local storage device (appliance), such as a hard disc, CD, or hard drive.īackup #2 (Offsite Backup): The second kind of backup is offsite backup. There are two types of backup storage organizations should use:īackup #1 (Local Storage Backup): The first kind of backup (Backup #1) you should use is backup through a local, onsite appliance. Where Should I Store Backup Copies of Data? These include, among others, patient accounting systems, electronic medical records, health maintenance and case management information, digital recordings of diagnostic images, electronic test results, and any other electronic documents created or used. There are many potential sources of ePHI. The HIPAA Security Officer should make an inventory of all sources of data, to determine the nature and type of ePHI an organization stores. When developing a HIPAA data backup plan, covered entities and business associates should consider the nature of the ePHI that must be backed up, including how many identifiers the ePHI has. What Should I Consider When Developing a HIPAA Data Backup Plan? Under a disaster recovery plan, a covered entity or business associate establishes (and implements as needed) procedures to restore any loss of data. The requirement that data be capable of being recovered comes from a related provision of the contingency plan requirement – the disaster recovery plan requirement. Is your organization protected against breaches? Download the free cybersecurity eBook to get tips on how to protect your patient information.ĭata that is secured and backed up must be capable of being recovered (i.e., must be recoverable or retrievable). The data backup plan, which is part of the administrative safeguard requirement to have a contingency plan, consists of establishing and implementing procedures to create and maintain retrievable, exact copies of electronic protected health information (ePHI). What are the Requirements of a HIPAA Data Backup Plan?Ī HIPAA data backup plan is a component of the administrative safeguards that must be implemented under the HIPAA Security Rule. The requirements of a HIPAA data backup plan and disaster recovery plans are discussed below.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |