Is Your Healthcare Organization Meeting the HIPAA Security Final Rule?

The HIPAA Security Final Rule, the last of the three HIPAA Rules, was published in the February 20, 2003 Federal Register with an effective date of April 21, 2003. Most Covered Entities (CEs) had two full years — until April 21, 2005 — to comply with these standards. However, studies have shown that a large percentage of healthcare official still misunderstand or fail to comply with these regulations. In general, the Security Rule protects electronic patient health information (EPHI) whether it is stored in a computer or printed from a computer.  

The law comprises many Administrative, Physical and Technical safeguards, one of which specifically addresses data backup and disaster recovery.

§ 164.308 Administrative safeguards.

(7)

(i) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

(ii) Implementation specifications:

(A) Data backup plan (Required).  Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.

(B) Disaster recovery plan (Required).  Establish (and implement as needed) procedures to restore any loss of data.

(C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.

(D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans.

(E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components.

Is Your Healthcare Organization Meeting the HIPAA Data Backup Standard? Our HIPAA Security Assessment Toolkit can help!

To learn more about our online Server and PC backup solutions, powered by Iron Mountain Digital, please contact us or visit http://www.DataMountain.com.

Share

Trackbacks/Pingbacks

  1. Implications of the HITECH Act | HIPAA Security Assessment - 08/10/2010

    [...] during and after the HIPAA Security Final Rule went in law in April 2005 there was confusion and turmoil from CEs, BAs, security professionals and [...]

  2. HIPAA Rules Summary | HIPAA Security Assessment - 08/14/2010

    [...] Covered Entities and Business Associates are statutorily obligated to meet the requirements of the HIPAA Security Final Rule and The HITECH Act. The goals of the original HIPAA standards are [...]

Leave a Reply