HIPAA-Compliant Data Backup Checklist

HIPAA (Health Insurance Portability and Accountability Act of 1996) was enacted to improve the access and portability of patient health records while maintaining strict privacy and security of electronically transmitted private information. Health agencies who fail to comply with HIPAA's regulations now face strict fines and penalties. Below several checklist that should be completed for HIPAA's Data Protection - Data Privacy and Data Security Rules, especially for Data Backup Process.

Compliance with HIPAA's Privacy Rule: Mandatory Compliance, Date April 14, 2003
1. Secure Transmission - uses bank-level 128-bit AES encryption to transmit and store
2. Physical Access - Data centers feature the tightest physical and technical safeguards to prevent unauthorized access to our mirrored data center. Both are hardened facilities with limited administrative access, finger scanners for physical access and motion detectors and camera tracking.
3. Logical Access - Logical access to backed up data is controlled with a secure user interface.
4. Data Retention - Healthcare providers must retain health records for a minimum of six years.

Compliance with HIPAA's Security Rule: Mandatory Compliance, Date April 21, 2005.
1. Written contingency plan for responding to system emergencies.
2. A data backup plan is required as part of the contingency plan. The plan will ensure the data is securely and reliably backed up on a routine basis and that the backed up data will be readily available in the event you have a system failure or other form of data loss.
3. Files are securely transmitted to data centers using encryption and Secure Socket Layer (SSL) authentication, access controls, auditing mechanisms, and event reporting as required by HIPAA's Security Policy.