Fulfilling HIPAA Backup Compliance Obligations

In place since 1996, the Health Insurance Portability And Accountability Act (HIPAA) was a broad-sweeping overhaul of modern healthcare, enacting clear measures for how patient data can be accessed, maintained and protected. HIPAA established many new rules around patient data protection, stipulating clear guidelines for data loss and recovery plans that safeguard patient information in the event of any major data loss activity.

The Bocada’s automated backup monitoring platform provides healthcare delivery and insurance organizations with a simplified way to ensure, and report on, HIPAA compliance. By consolidating complex backup operations monitoring under a single pane, Bocada gives compliance, backup and storage teams a straightforward way to fulfill HIPAA backup compliance requirements and stay ahead of regulators.

HIPAA RULE Rule 164.308.7: Administrative Safeguards, Standard Contingency Plan

According to HIPPA, organizations must, “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information: A: Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. B: Establish (and implement as needed) procedures to restore any loss of data. C: Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode.”

Bocada supports HIPAA backup compliance through the following capabilities:

• Automated backup performance reporting identifies failed backups, enabling tailored troubleshooting so data is always protected and restorable.
• Built-in critical failure alerting enables processors to address data backup failures quickly so that valuable data is protected.
• In-progress backup job reporting across hybrid-cloud environments allows processors to proactively address issues that could harm data restoration.
• VM Analysis Reports allow enterprises to identify machines that are not being protected by their backup software so that non-backup issues can be corrected.
• Ticketing systems integration allows for automated creation of service tickets and faster failure resolution

HIPAA Rule 164.308.8: Administrative Safeguards, Standard Evaluation

According to HIPAA, “Perform a periodic technical and nontechnical evaluation, based initially upon the standards implemented under this rule and, subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which a covered entity’s or business associate’s security policies and procedures meet the requirements of this subpart.”

Bocada supports HIPAA backup compliance through the following capabilities:

• Automated compliance report creation, scheduling and distribution offers a recurring governance process for reviewing backup fidelity and sharing compliance status with internal and external auditors.

HIPAA Rule 164.312.b: Technical Safeguards, Standard Audit Controls

According to HIPAA, “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”

Bocada supports HIPAA backup compliance through the following capabilities:

• Bocada stores historical backup activity, maintaining a record of where and when data was stored as well as the storage medium (e.g. tape, disk, or cloud).
• Historical annotations make it easy to track procedures taken to fix backup failures and protect health data.
• By pulling and normalizing data from over twenty backup products, Bocada simplifies the process of overseeing diverse systems storing patient information.

Ready to Assess Your HIPAA backup compliance readiness?