ATG HIPAA Security Rule Alerts
Alert #6
Covered Entities must protect Electronic Protected Healthcare Information
Covered Entities (CEs) must protect Electronic Protected Healthcare Information (EPHI) in a number of ways to ensure the confidentiality, integrity and availability of that data.
Covered Entities must protect Electronic Protected Healthcare Information
Many sections of the Final Rule cite data protection. Section 106.308(a)(7), Contingency Plan, specifically calls for data protection. "Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information." Two key REQUIRED standards call for a "Data Backup Plan" and a "Disaster Recovery Plan".
CEs need to provide secure and recovery backup solutions that provide exact, readily retrievable copies of EPHI that will help you meet these required standards.
ATG's LiveVault online and recovery backup solutions, can provide secure, continuous, automatic backup solutions that provide exact, readily retrievable copies of EPHI with 100% guaranteed recovery.
THE LAW
Office of the Secretary
45 CFR Parts 160, 162, and 164
Health Insurance Reform: Security Standards; Final Rule 4717
Subpart C-Security Standards for the Protection of Electronic Protected Health Information
¤ 164.308 Administrative safeguards.
(a)(7) (i) Contingency Plan
Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
(ii) Implementation specifications:
(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.
Back to ATG HIPAA Security Alerts
Office of the Secretary
45 CFR Parts 160, 162, and 164
Health Insurance Reform: Security Standards; Final Rule 4717
Subpart C-Security Standards for the Protection of Electronic Protected Health Information
¤ 164.308 Administrative safeguards.
(a)(7) (i) Contingency Plan
Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
(ii) Implementation specifications:
(A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
(B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.