Download Data Backup and Storage

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Computer security wikipedia , lookup

Transcript 
East Carolina University
HIPAA Security Standards
Subject: Data Backup and Storage
Standard #: Standard-0010d
Supersedes:
Effective Date: April 21, 2005
Coverage: ECU Health Care Components
Page: 1 of 2
Approved:
Revised: December 9, 2010,
March 30, 2012, May 30, 2013
Review Date: May 30, 2013
HIPAA Security
Rule Language:
“Create a retrievable, exact copy of EPHI, when needed, before
movement of equipment.”
Regulatory
Reference:
45 CFR 164.310(d)(2)(iv)
I. PURPOSE
This standard reflects East Carolina University’s commitment to backup and securely
store all EPHI on its healthcare computing systems and their associated electronic media.
II. AUTHORIZATION AND ENFORCEMENT
Health Care component management and/or administrator(s) are responsible for
monitoring and enforcing this policy, in consultation with the ECU IT Security Officer,
ECU HIPAA Security Officer, and ECU HIPAA Privacy Officer.
III. STANDARD
All EPHI on ECU healthcare computing systems and their associated electronic media
must be regularly backed up and securely stored. Backup and restoration procedures
must be regularly tested.
IV. APPLICABILITY
This standard is applicable to all workforce members who are responsible for or
otherwise administer a healthcare computing system. A healthcare computing system is
defined as a device or group of devices that store EPHI which is shared across the
network and accessed by healthcare workers.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 1 of 2
HIPAA Security Standard #0010d: Data Backup And Storage
V. PROCEDURE
1. Backup copies of all EPHI on healthcare computing systems and their associated
electronic media must be made regularly and stored in a secure location.
2. Backup and restoration procedures for healthcare computing systems and their
associated electronic media must be regularly tested to ensure that they are effective and
can be completed within a reasonable amount of time.
3. The healthcare computing system’s backup media containing EPHI at a remote
backup storage site must be given an appropriate level of physical and environmental
protection consistent with the standards applied to the protection of EPHI at ECU.
4. The retention period for backup of EPHI on healthcare computing systems must be
defined and documented.
VI.
COORDINATING INSTRUCTIONS
1. All section policies and procedures will be reviewed annually. Every section policy
and procedure revision/replacement will be maintained for a minimum of six years
from the date of its creation or when it was last in effect, whichever is later. Other
East Carolina University, University of North Carolina system, or state of North
Carolina requirements may stipulate a longer retention period.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 2 of 2
Related documents
HIPAA
HIPAA
Is the #1 geo-targeted digital media company in the world Operates
Is the #1 geo-targeted digital media company in the world Operates
Types of Economies
Types of Economies
Done properly, ethical medical marketing can grow
Done properly, ethical medical marketing can grow
Datex
Datex
the adoption of precaution towards emergent and recurring
the adoption of precaution towards emergent and recurring
OmniJoin Compliance Statement
OmniJoin Compliance Statement
Policy Title: HIPAA Device and Media Control
Policy Title: HIPAA Device and Media Control
Backup power sources ASTIP STRONG series
Backup power sources ASTIP STRONG series
valley forge patriots healthcare coalition
valley forge patriots healthcare coalition