6. Data Management Policy#
WayToHealth has procedures to create and maintain retrievable exact copies of electronic protected health information (ePHI) utilizing our Backup Service. This policy, and associated procedures for testing and restoring from backup data apply generally to all WayToHealth Customers excepting those Customers that do not choose or opt-out of the WayToHealth Backup Service. The policy and procedures will assure that complete, accurate, retrievable, and tested backups are available for all Customers using WayToHealth.
Data backup is an important part of the day-to-day operations of WayToHealth. To protect the confidentiality, integrity, and availability of ePHI, both for WayToHealth and WayToHealth Customers, complete backups are done daily to assure that data remains available when it is needed and in case of a disaster.
Violation of this policy and its procedures by workforce members may result in corrective disciplinary action, up to and including termination of employment per UPHS policies.
6.1 Applicable Standards#
6.1.1 Applicable Standards from the HITRUST Common Security Framework#
- 01.v - Information Access Restriction
6.1.2 Applicable Standards from the HIPAA Security Rule#
- 164.308(a)(7)(ii)(A) - Data Backup Plan
- 164.310(d)(2)(iii) - Accountability
- 164.310(d)(2)(iv) - Data Backup and Storage
6.2 Backup Policy and Procedures#
- Perform daily (snapshot / logical or binary dump) backups of all systems that process, store, or transmit ePHI for WayToHealth Customers.
- The WayToHealth Dev and Infrastructure Team is designated to be in charge of backups.
- Dev and Infrastructure Team members are trained and assigned to complete backups and manage the backup media.
- Document backups (automated as supported by the underlying hosting provider)
- Name of the system
- Date & time of backup
- Securely encrypt stored backups in a manner that protects them from loss or environmental damage.
- Test backups annually and document that files have been completely and accurately restored from the backup media.