HIPAA Security Checklist – Backup and Recovery

Backup and Recovery Checklist

  • Policies should be in place prescribing backup and recovery procedures.
  • All staff should understand the recovery plan and their duties during recovery.
  • System restore procedures should be known to at least one trusted party outside the practice.
  • A copy of the recovery plan should be safely stored off-site.
  • Files identified as critical should be documented and listed in the backup configuration.
  • Backup schedule should be timely and regular.
  • Every backup run should be tested for its ability to restore the data accurately.
  • Backup media should be physically secured.
  • Backup media should be stored offsite are encrypted.
  • Backup media should be made unreadable before disposal.