-
Backups
should be stored in a secure location.
Flashbackup.com offers a
secure offsite backup solution within a ClassA data
center.
-
Data must
be “a retrievable, exact copy” There must be an 'audit
trail' for backed up data that leaves the facility. AutoBackup
provides logs for the audit trail for backup status and
provides a simple backup solution for precise data
recovery.
-
Access to
backup media must be restricted to authorized personnel
only. Only users with the
login and password can access backed up data.
-
A contingency plan is
the only way to protect the availability,integrity, and
security of data. There must be a backup and recovery
plan in place.
Flashbackup.com offers 24x7x365 recovery of data from
any networked computer.
-
Encryption
must be employed on ‘‘open’’ networks.
Flashbackup.com offers
AutoBackup with 256bit Encryption plus an encryption
password assigned and known only to the customer up to
21 characters for additional security.
HIPAA Reference:
Data must be "a retrievable,
exact copy". : A contingency plan is the only
way to protect the availability,integrity, and security of
data during unexpected negative events. Data are often most
exposed in these events, since the usual security measures
may be disabled, ignored, or not observed.
The plan
would include an applications and data criticality analysis,
a data backup plan, a disaster recovery plan, an emergency
mode operation plan, and testing and revision procedures.
Backups should be stored in a secure location with
controlled access. The appropriate secure location and
access control will vary, based upon the security needs of
the covered entity. For example, a procedure as simple as
locking backup diskettes in a safe place and restricting who
has access to the key may be suitable for one entity,
whereas another may need to store backed-up information
off-site in a secure computer facility.
Transmission Security (§ 164.312(e)(1))
Under
‘‘Technical Security Mechanisms to Guard Against
Unauthorized Access to Data that is Transmitted Over a
Communications Network,’’ we proposed that
‘‘Communications/network controls’’ be required to protect
the security of health information when being transmitted
electronically from one point to another over open networks,
along with a combination of mandatory and optional
implementation features. We proposed that some form of
encryption must be employed on ‘‘open’’ networks such as the
Internet or dial-up lines. In this final rule, we adopt
integrity controls and encryption, as addressable
implementation specifications.
1.
Reference: Federal Register
/ Vol.
68, No. 34 / Thursday, February 20, 2003 / Rules and
Regulations
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=2003_register&docid=fr20fe03-4.pdf |
