Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
East Carolina University HIPAA Security Standards Subject: Data Backup and Storage Standard #: Standard-0010d Supersedes: Effective Date: April 21, 2005 Coverage: ECU Health Care Components Page: 1 of 2 Approved: Revised: December 9, 2010, March 30, 2012, May 30, 2013 Review Date: May 30, 2013 HIPAA Security Rule Language: “Create a retrievable, exact copy of EPHI, when needed, before movement of equipment.” Regulatory Reference: 45 CFR 164.310(d)(2)(iv) I. PURPOSE This standard reflects East Carolina University’s commitment to backup and securely store all EPHI on its healthcare computing systems and their associated electronic media. II. AUTHORIZATION AND ENFORCEMENT Health Care component management and/or administrator(s) are responsible for monitoring and enforcing this policy, in consultation with the ECU IT Security Officer, ECU HIPAA Security Officer, and ECU HIPAA Privacy Officer. III. STANDARD All EPHI on ECU healthcare computing systems and their associated electronic media must be regularly backed up and securely stored. Backup and restoration procedures must be regularly tested. IV. APPLICABILITY This standard is applicable to all workforce members who are responsible for or otherwise administer a healthcare computing system. A healthcare computing system is defined as a device or group of devices that store EPHI which is shared across the network and accessed by healthcare workers. Copyright 2003 Phoenix Health Systems, Inc. Limited rights granted to licensee for internal use only. All other rights reserved Page 1 of 2 HIPAA Security Standard #0010d: Data Backup And Storage V. PROCEDURE 1. Backup copies of all EPHI on healthcare computing systems and their associated electronic media must be made regularly and stored in a secure location. 2. Backup and restoration procedures for healthcare computing systems and their associated electronic media must be regularly tested to ensure that they are effective and can be completed within a reasonable amount of time. 3. The healthcare computing system’s backup media containing EPHI at a remote backup storage site must be given an appropriate level of physical and environmental protection consistent with the standards applied to the protection of EPHI at ECU. 4. The retention period for backup of EPHI on healthcare computing systems must be defined and documented. VI. COORDINATING INSTRUCTIONS 1. All section policies and procedures will be reviewed annually. Every section policy and procedure revision/replacement will be maintained for a minimum of six years from the date of its creation or when it was last in effect, whichever is later. Other East Carolina University, University of North Carolina system, or state of North Carolina requirements may stipulate a longer retention period. Copyright 2003 Phoenix Health Systems, Inc. Limited rights granted to licensee for internal use only. All other rights reserved Page 2 of 2