Purpose:
The Data Backup Policy document establishes the activities that need to be carried out by each Business Unit, Technology Unit, and Corporate Units (departments) within the organization.
All departments must utilize this methodology to properly backup and storage media that contains ePHI (electronically protected health information). All electronic records existing on the organization’s data processing systems must be backed up and sent to an offsite location according to the Offsite Storage Requirements of this policy. Retention standards must be defined and put into action to support business and regulatory requirements.
Table of Content
TERMINOLOGY
ACCOUNTABILITY
I. POLICY OVERVIEW
A. Purpose
B. Scope
C. Ownership Roles & Responsibilities
D. Data Backup Process
E. Data Backup Types
F. Data Backup Requirements
G. Data Backup Frequency
H. Data Backup Testing
H. Offsite Storage
II. DATA BACKUP REQUIREMENTS
A. Electronic Storage Media
B. Retention of Media
C. Backup Frequency
D. Monitoring Requirements
E. Regulatory Requirements
F. Change Management Requirements
G. New Project Requirements
H. Audit Requirements
III. OFFSITE STORAGE REQUIREMENTS
A. Specifications & Location Of Offsite Facility
B. Security of Facility & Data
C. Authorized Personnel
D. Storage of Materials
E. Audits
F. Provider Expectations
APPENDIX
Appendix A – Data Backup Plan Standards
Appendix B – HIPAA Security Rule for Data Backup Plan
Appendix C– HIPAA Security Rule for Device & Media Controls
To view a specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.
Business Impact Analysis Template Packages
Risk Assessment Template Packages
Data Center Recovery Template Packages
BCP & DRP Template Packages