Data backups that enable the restoration of electronic protected health information that is lost or corrupted.The unit creates backup copies at a sufficient frequency and retains them in safe locations for a sufficient length of time to accomplish all of the following: The unit creates and stores backup copies in accordance with their safeguard implementation plan (or the equivalent) as described in UW-124 HIPAA Security Risk Management.The unit maintains a record of movements of hardware and electronic media containing electronic protected health information and any person responsible for such movements, as required by 45 CFR § 164.310(d)(2)(iii) (HIPAA Security Rule – Device and Media Controls – Accountability).The unit creates a retrievable exact backup copy of electronic protected health information before movement of equipment as required by 45 CFR § 164.310(d)(2)(iv) (HIPAA Security Rule – Device and Media Controls – Data Backup and Storage).Data sets containing electronic protected health information that were generated from other data sets do not need to be backed up, provided that the original data sets containing electronic protected health information are properly backed up and available as required by the HIPAA Security Rule, and it is possible to recreate enough of the generated data set in a timely manner so that electronic protected health information in the generated data set is available as required by the HIPAA Security Rule.Additional copies of electronic protected health information created for convenience do not need to be backed up, provided that the original copy is properly backed up and available as required by the HIPAA Security Rule.The procedures will assure that complete, accurate, retrievable, and tested backups are available for all electronic protected health information on all information systems used by the unit, with the following exceptions: The unit establishes and implements procedures to create and maintain retrievable exact backup copies of electronic protected health information as required by 45 CFR § 164.308(a)(7)(ii)(A) (HIPAA Security Rule – Contingency Plan – Data Backup Plan).It is the policy of UW–Madison that the units of the UW HCC and each individual or unit within UW–Madison that is a business associate of a covered entity (hereafter collectively referred to as “units”) will protect the confidentiality, integrity, and availability of electronic protected health information by implementing sound data management and backup practices that include, but are not limited to, the activities described in this policy below.Scope:Īpplies to all members of the UW HCC. See UW-100 Designation of UW–Madison Health Care Component for a listing of these units. UW–Madison health care component (UW HCC) Those units of UW–Madison that have been designated by the university as part of its health care component under HIPAA. Protected health information does not include student records held by educational institutions or employment records held by employers. Protected health information (PHI) Health information or health care payment information, including demographic information collected from an individual, which identifies the individual or can be used to identify the individual. Electronic protected health information (ePHI) Any individually identifiable health information protected by HIPAA that is transmitted by or stored in electronic media. In the event a system does not allow for an electronic backup, the unit will develop an alternative method to create a copy of the electronic protected health information (ePHI) contained on that system.īusiness associate A person or entity that performs or assists in performing, for or on behalf of a covered entity, business support functions/services that involve the use of protected health information (PHI).Snapshot back-up (image backup) – a process to restore/recover the system at a particular state, at a particular point in time.
#Hospital data backup policy laws full#
Incremental backup – a backup that only contains the files that have changed since the most recent backup (either full or incremental).Full/Complete backup – a backup/image of all (selected) data, programs, files on the system.Backup The process of making an electronic copy of data stored in a computer system.
0 kommentar(er)
