![]() The HIPAA-compliant backup solution must be protected by encryption and offer the following safeguards: All data is stored in a secured data center location on physical media (normally disk or tape). The MSP or healthcare organization must back up data frequently (at least daily) and maintain weekly, monthly, and annual archives. Examples of such ePHI are patient details, diagnostic images, medical records, accounting information, or any other relevant healthcare documentation stored digitally. HIPAA regulations require the managed service provider to implement a full backup schedule of the entire healthcare infrastructure containing patient data as well as any systems that handle any type of electronic protected health information (ePHI). The data backup plan is part of a wider contingency plan or HIPAA compliant disaster recovery strategy which will protect the healthcare organization’s data and infrastructure in the event of a major system failure or disaster situation. HIPAA’s data backup plan criteria are essentially the rules on how a compliant MSP will back up healthcare data. These safeguards relate to what type of data is stored, how data is stored or transferred, and how long data is retained. Each of these criteria contains several physical, technical and administrative safeguards which must be in place for an MSP to qualify as HIPAA compliant. These are referred to as the Data Backup Plan and Retention Period. There are two specific criteria that relate to data backups and data retention within HIPAA legislation. ![]() HIPAA’s Online Data Backup and Retention Requirements Managed service providers who maintain HIPAA compliance must adhere to several stringent regulations that are designed to limit the exposure of confidential or sensitive patient information from unauthorized access. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its subsequent amendments were enacted into law to protect patient healthcare data, also known as Protected Health Information (PHI) HIPAA protections also apply to Electronic Health Records (EHR) – PHI stored on computers. How Can You Achieve a HIPAA-Compliant Backup Solution?.HIPAA’s Online Data Backup and Retention Requirements.In this article, we’ll explore the HIPAA requirements for data backup so that your organization can be ready with a disaster recovery plan. If you’re in charge of data operations for a HIPAA-covered entity, you may have questions about your obligations regarding data backup and disaster recovery under HIPAA compliance. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |