Problem solve Get help with specific problems with your technologies, process and projects.

Backing up data under HIPAA

Under the current guidelines, will it be permissible for health providers to continue to backup their own data...

and take it home?

Under the HIPAA Privacy Rule and the proposed Security Rule, there is not verbiage that I'm aware of that prevents covered entities from backing up their own data and taking it home. There are, however, documented requirements for contingency plans and media controls. For this scenario, this basically means that there needs to be formal, documented policies and procedures outlining how the data is being backed up as well as the physical access controls and media controls for the backup media going into and out of the facility. This is subject to change in the final Security Rule, but for now, it's simply a solid combination of common sense, well-established best practices and good documentation about what's being done. Just keep in mind, with or without HIPAA, to ensure that the backup media are adequately protected and kept out of the hands of strangers, not stored in a hot or cold automobile and that they are readily accessible (by other personnel) when a disaster occurs.

This was last published in October 2002

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.