(515) 865-4591
Bob@training-hipaa.net

Data Backup Policy Template

Purpose:

The Data Backup Policy document establishes the activities that need to be carried out by each Business Unit, Technology Unit, and Corporate Units (departments) within the organization.

All departments must utilize this methodology to properly backup and store media that contains ePHI (electronic protected health information).   All electronic records existing on the organization’s data processing systems must be backed up and sent to an offsite location according to Offsite Storage Requirements of this policy.  Retention standards must be defined and put into action to support business and regulatory requirements.

Table of Content

TERMINOLOGY     

ACCOUNTABILITY

I.  POLICY OVERVIEW

A. Purpose
B.  Scope
C.  Ownership Roles & Responsibilities
D. Data Backup Process
E. Data Backup Types
F. Data Backup Requirements
G. Data Backup Frequency
H. Data Backup Testing
H. Offsite Storage

II. DATA BACKUP REQUIREMENTS

A. Electronic Storage Media
B. Retention of Media
C. Backup Frequency
D. Monitoring Requirements
E. Regulatory Requirements
F. Change Management Requirements
G.  New Project Requirements
H. Audit Requirements

III. OFFSITE STORAGE REQUIREMENTS

A.   Specifications & Location Of Offsite Facility
B.  Security of Facility & Data
C.  Authorized Personnel
D.  Storage of Materials
E.  Audits
F.  Provider Expectations

APPENDIX

Appendix A – Data Backup Plan Standards
Appendix B – HIPAA Security Rule for Data Backup Plan
Appendix C– HIPAA Security Rule for Device & Media Controls

 

To view specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.