White Paper: HIPAA ComplianceSource: KineticD
The HIPAA Privacy Rule (Health Insurance Portability and Accountability Act) applies to protected health information in all forms, including electronic, and addresses the use and disclosure of an individual's health information. It mandates that electronically stored or transmitted personal health information be kept confidential and protected against any threats to its security or integrity.
Organizations are required to have a contingency plan to continue operations in the event of data loss. This contingency plan MUST include details concerning the data backup and recovery process, who handles the backup media, the media rotation process, where the media is stored off-site, how quickly it can be retrieved in the event of a disaster, and all other aspects associated with data backups, protection, security, storage, and recovery.