Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            What are HIPAA Data Backup Requirements?

            Modified on Wed, 16 Jul at 5:10 PM

            DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.

            Introduction

            This article discusses HIPAA Security Rule data backup requirements.

            Where Does HIPAA Address Data Backup Requirements?

            HIPAA addresses the subject of data backups in the Security Rule contingency plan standard. This standard is an administrative safeguard requirement

            45 CFR 164.308(a)(7)(Ii)(A) is the data backup plan requirement. It provides: “Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.”  

            Is there a Data Backup Frequency Requirement?

            The HIPAA Security Rule does not contain a data backup frequency requirement. In other words, there is no Security Rule provision that states how often backups must be performed - e.g., daily, weekly, monthly, etc. 

            Per HHS guidance, a data backup plan should be focused on regularly copying protected health data to ensure it can be restored in the event of a loss or disruption.

            The backup frequency must be appropriate for an organization's environment (pp. 19-20). Organizations should have a plan for determining             which data is critically needed, and for creating retrievable, exact copies of critical data and how to restore that data, including from alternate locations. The plan should be tested and revised, as needed.  

            Can I Hire Someone to Manage Data Backup?

            Small healthcare providers might seek to hire a managed service provider to manage data backup (page 3). Leveraging the cloud for backup purposes is acceptable if there are service and business associate agreements in place with the vendor. Covered entities should emsure compliance with agreements through verifying the security of the vendor’s systems. Data being backed-up should be encrypted prior to storage to a cloud vendor’s system (page 21).

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0