Health IT and Electronic Health Activate your FREE membership today |  Log-in
25 pts.
 HIPAA rule and data backup location
Where in the HIPAA rule or updates does it say that covered entities must keep data backups a minimum of five miles away from the original site? Or, does it not say this? I’ve heard this in conversation and am looking for a confirmation from any HIPAA experts.
ASKED: December 15, 2011  2:34 PM
UPDATED: January 10, 2013  6:51 pm

Answer Wiki:
HIPAA requires covered entities to develop plans and implement procedures to back up data and otherwise enable disaster recovery and continuity of operations, all under the contingency planning standard within the administrative safeguards described in 45 CFR 164.308. There is also language in the physical safeguards in 45 CFR 164.310 that data backups should include retrievable, exact copies of PHI before moving equipment, but this is an addressable standard, not a mandatory requirement. Nothing in the regulations specifies how backups must be performed, or where backup data must be stored. There are many backup service vendors that claim that HIPAA requires offsite storage of backed up data, but this simply isn't part of the security rule. This is not to say that offsite backup storage isn't a good idea - it's a well established security practice and arguably an essential component of a disaster recovery strategy. There is no statutory requirement covering offsite backup, and certainly no rule on the distance between offsite storage and the operational site.
Last Wiki Answer Submitted:  January 10, 2013  6:51 pm  by  Jenny Laurello   145 pts.
All Answer Wiki Contributors:  Jenny Laurello   145 pts. , SteveGonHIT   250 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: