Ask the Expert

Backing up data under HIPAA

Under the current guidelines, will it be permissible for health providers to continue to backup their own data and take it home?

    Requires Free Membership to View

Under the HIPAA Privacy Rule and the proposed Security Rule, there is not verbiage that I'm aware of that prevents covered entities from backing up their own data and taking it home. There are, however, documented requirements for contingency plans and media controls. For this scenario, this basically means that there needs to be formal, documented policies and procedures outlining how the data is being backed up as well as the physical access controls and media controls for the backup media going into and out of the facility. This is subject to change in the final Security Rule, but for now, it's simply a solid combination of common sense, well-established best practices and good documentation about what's being done. Just keep in mind, with or without HIPAA, to ensure that the backup media are adequately protected and kept out of the hands of strangers, not stored in a hot or cold automobile and that they are readily accessible (by other personnel) when a disaster occurs.


For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Data Protection/Backup
Best Web Links: Health Care/Health Services


This was first published in October 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: