DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
HIPAA addresses the subject of data backups in the contingency plan standard. This standard is an administrative safeguard requirement.
45 CFR 164.308(a)(7)(Ii)(A) is the data backup plan requirement. It provides: “Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.”
The HIPAA Security Rule does not contain a data backup frequency requirement. In other words, there is no Security Rule provision that states how often backups must be performed - e.g., daily, weekly, monthly, etc.
Per HHS guidance, a data backup plan should be focused on regularly copying protected health data to ensure it can be restored in the event of a loss or disruption.
Rather, the backup frequency must be appropriate for an organization's environment (pp. 19-20).
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article