Overview:
Assess the relative criticality of specific applications and data in support of other contingency plan components.
Action Items:
1) Obtain and review policies and procedures related to identifying critical aplications and data. Evaluate and determine if these policies outline reasonable criteria and guidelines for identifying and categorizing critical applications and data.
2) Obtain and review the contingency plan to verify it specifically addresses applications and systems identified as critical.
Related Documents:
1) Critical System Identification Methodology
2) Business Contingency Plan
Additional Guidance:
This implementation specification requires covered entities to identify their software applications (data applications that store, maintain or transmit EPHI) and determine how important each is to patient care or business needs, in order to prioritize for data backup, disaster recovery and/or emergency operations plans. A prioritized list of specific applications and data will help determine which applications or information systems get restored first and/or which must be available at all times.
Article ID: 459
Created: September 28, 2022
Last Updated: September 28, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/hipaa-applications-and-data-criticality-analysis-164-308-a-7-ii-e-459.html