5 Data Management Policy
EA has procedures to create and maintain retrievable exact copies of electronic protected health information (ePHI). The policy and procedures will assure that complete, accurate, retrievable, and tested backups are available for all systems used by EA.
Data backup is an important part of the day-to-day operations of EA. To protect the confidentiality, integrity, and availability of ePHI, both for EA and EA Customers, complete backups are done daily to assure that data remains available when it is needed and in case of a disaster.
Violation of this policy and its procedures by workforce members may result in corrective disciplinary action, up to and including termination of employment.
5.1 Backup Policy and Procedures
- Perform daily snapshot backups of all systems that process, store, or transmit ePHI for EA Customers, including SaaS Customers.
- EA Ops Team, lead by the CTO, is designated to be in charge of backups.
- Dev Ops Team members are trained and assigned to complete backups and manage the backup media.
- Document backups
- Name of the system
- Date & time of backup
- Where backup stored (or to whom it was provided)
- Securely encrypt stored backups in a manner that protects them from loss or environmental damage.
- Test backups and document that files have been completely and accurately restored from the backup media.
- Any user access to a backup will be logged for security auditing purposes.