ࡱ> WYVq` "bjbjqPqP .8::,$*j@^ *"*"*"*"*"*"*$ ,hs.TF*   F*[*||| : *|  *||p"#4 ]XCTwD. # *q*0*0#.r. #.#,0"| F*F*r *        UAMS ADMINISTRATIVE GUIDE NUMBER: 7.3.13 DATE: April 1, 2005 REVISION: SECTION: INFORMATION TECHNOLOGY AREA: NETWORK SECURITY SUBJECT: DISASTER RECOVERY SCOPE UAMS Workforce using or disclosing Confidential Information, which includes Electronic Protected Health Information (ePHI), for any purpose. Definitions Backup means creating a retrievable, exact copy of data. Disaster means an event that causes harm or damage to UAMS information systems. Disasters include, but are not limited, to the following: earthquake, fire, extended power outage, equipment failure, or a significant computer virus outbreak. Confidential Information includes information concerning UAMS research projects, confidential employee information, information concerning the UAMS research programs, proprietary information of UAMS, and sign-on and password codes for access to UAMS computer systems. Confidential information shall include Protected Health Information. Electronic Protected Health Information means individually identifiable health information that is: Transmitted by Electronic media Maintained in Electronic media Protected Health Information (PHI) means information that is part of an individuals health information that identifies the individual or there is a reasonable basis to believe the information could be used to identify the individual, including demographic information, and that (i) relates to the past, present or future physical or mental health or condition of the individual; (ii) relates to the provision of health care services to the individual; or (iii) relates to the past, present, or future payment for the provision of health care services to an individual. This includes PHI which is recorded or transmitted in any form or medium (verbally, or in writing, or electronically). PHI excludes health information maintained in educational records covered by the federal Family Educational Rights Privacy Act and health information about UAMS employees maintained by UAMS in its role as an employer. To access any other terms or definitions referenced in this policy:  HYPERLINK "http://hipaa.uams.edu/DEFINITIONS%20-%20HIPAA.pdf" \o "http://hipaa.uams.edu/DEFINITIONS%20-%20HIPAA.pdf" http://hipaa.uams.edu/DEFINITIONS%20-%20HIPAA.pdf POLICY UAMS Information Technology (IT) will establish and implement as needed the UAMS IT Disaster Recovery Plan (DRP) which contains contingency policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages IT supported systems that contain Confidential Information, which includes Electronic Protected Health Information (ePHI). The IT Division is committed to employing all appropriate strategies for anticipating and controlling crisis situations by implementing the IT DRP. PROCEDURE IT Management is responsible for establishing, implementing and maintaining the IT Disaster Recovery Plan (DRP). The plan is located at  HYPERLINK "http://disasterrecovery.uams.edu" http://disasterrecovery.uams.edu and will include: An Emergency Response Plan (ERP) that contains procedures which will serve as a guide to IT Management and Staff toward recovery of the systems. Procedures that allow physical facility access during emergencies to support restoration of data will be included in the ERP. A data backup plan that establishes and implements procedures to create and maintain retrievable, exact copies of Electronic Protected Health Information. For network file servers, the Network Administrator is responsible for the backups and other measures necessary for the overall security of the software and data stored on the network storage space. For stand-alone microcomputers, the primary user of that system is responsible for backups and any other measures necessary to insure the security and integrity of the data and software Individual workstation users on the network are responsible for backups and data security for local storage space. Critical Data Center Operations which are defined in the  HYPERLINK "http://disasterrecovery.uams.edu/ERP/Common/DR%20Critical%20List.xls" Disaster Recovery Critical Systems List and which assess the relative criticality of specific applications and data in support of other contingency plan components. The List is updated as new systems or redundant equipment for existing systems are purchased, and as system status is upgraded to higher priorities. A Business Continuity Plan (BCP), which serves as an emergency mode operation plan to establish and implement procedures to enable continuation of critical business processes for protection of the security of Electronic Protected Health Information (ePHI) while operating in emergency mode. The BCP is comprised of departmental procedures supplied to IT for publishing in the Disaster Recovery Plan and will serve as a guide to UAMS staff toward continuing normal business operations during an IT Emergency. Individual UAMS Division Areas or Team Leaders will assist in the development of plans for their areas of responsibility, to include appropriate maintenance of their respective plans, which are to be consistent with the overall Policies and Procedures established by senior IT Management. All employees are expected to comply with established practices and procedures of the ERP, which are designed to minimize the risk to themselves and others, as well as to minimize threats to personnel, technical resources, property, or to the security of the facility. The Disaster Recovery Plan will be regularly tested and periodically revised as needed. An IT Disaster will be called, and the IT Disaster Recovery Plan initiated, when any situation occurs that disables access to the systems in the Data Center and requires ordering new hardware to be delivered to an alternate location for setup and access. Copies of the Disaster Recovery Plan and other documents referenced in the Plan will be stored off-site on the Disaster Recovery Website located at the UAMS DR Site and in hard copy with an off-site  HYPERLINK "http://disasterrecovery.uams.edu/ERP/Contact/Vendors/Information%20Vaulting%20Services.htm" Vaulting Service. The documents will be readily available for reference online, or for delivery in the event of an emergency situation that restricts or prohibits access to the normal workplace. The Website is:  HYPERLINK "http://disasterrecovery.uams.edu/" http://disasterrecovery.uams.edu. When an IT Disaster is called, the Disaster Recovery Plan should be referenced. IT staff responsible for getting systems back on-line should access the Emergency Response Plan section and follow the instructions under their department heading. All other UAMS staff should access the Business Continuity Plan section and follow the instructions under their department heading. -.AB # 4 5 @ A H z  k Ƽ𗍅zpiiiiU&hvyhp5CJOJQJ\^JaJ hvyhphvyhp5\hvyhp5>*\hvyhp>*hp5;>*\h$ ]hp5;>*\ hNhphNhpKHhp5>*\h hp5\hVhp5\ h hph{@hpB*ph hp5\ hp6]hpjh hpU.BLMn5 A z k " $a$gdp$a$gdpgdp $a$gdpgdp  Tgdp Tgdpgdp$ 1$7$8$H$a$gdp" b  231pvwƻƟƻoaaaahpCJOJQJ^JaJ&hshp5CJOJQJ\^JaJ hshpCJOJQJ^JaJhp h hphz;>hp0J$jh(hpB*Uphhz;>hpB*phjhz;>hpB*Uphhz;>hp>* hz;>hphz;>hp5\ hvyhpCJOJQJ^JaJ" # C b  *+'D $ & Fa$gdp $ & Fa$gdp $ & Fa$gdpgdpgdp$a$gdpgdpgdp$dd[$\$a$gdp$ & F ^`a$gdp$a$gdp *+  CDElmW˹ˤˍˍ˹xdSHhp5CJ\aJ hA`hpCJOJQJ^JaJ'hshp0J5B*CJ\aJph)jph(hp5CJU\aJ hshphshp0J5CJ\aJ)jthshp5CJU\aJ#jhshp5CJU\aJhshp5CJ\aJhshpCJaJhshpCJaJ hshpCJOJQJ^JaJY    i!j!!^"" $ & Fa$gdp $ a$gdp$ & F a$gdp$a$gdp $ & Fa$gdp $h^ha$gdp $^a$gdp $ & Fa$gdp5jpq|~    0OZ; < = M N !!õÒynyeyyhhp0JjchpUjhhpU h|hp hp5\ hoWhph~hp5CJ\aJhGhp5CJ\aJhhp5CJ\aJhp5CJ\aJhp hhph !bhp5CJ\aJhp5CJ\aJhF hp5CJ\aJ'!C!D!E!e!f!g!!!""""("I"]"^"s""""""""hz h|hphphhp0JjhhpUjhpU hhp"",1h/ =!"#$% Dd  D  3 A"bjjAD/njjAPNG  IHDR`bPLTEFFF fZ;;;CCC<<<333...''',,,z***666###(((444wl E6peJ>>```tttzzzúYYYЩϳppp___HHHPPPlll~~~uuujjjKKKȢSSSbbbMMMqqqgggDDDWWWOOOwwwdddmmmӭG8PBOAgtRNSS%bKGD cmPPJCmp0712Hs\IDATx^[wTIݦveۙv?DhŁ&$I$bV9s9q}}9UБf0y9u}u֭Ye{8lڢGiZǙF<|J-`2X'=8'ʘI6k}HZЭ9ͩL.[2ipޙX2߅3vKԨ1znˌ9&K̚W5J߽n:u1E-xfXwdK9N-GNeAf[L:yUx fYZEF/c>)^*~˻- _ĈLi2ɖvX?`9&CHgD!fFv`$1ĉcxƼo#|Puy(!tX+puP')%^&4o#{j 0@h, g` g4eP!eWw(`4;TK Ak!ƖߴgNV9!?u lPR,B%=K C!ՒGrښbBh P<*%>C|,YLgi,E$SHflz2=3> j?^DsC<8s/ Nܿ,P;p*?CK+ø3r;ꙵ;a<"S tm](ݑIX.hR?$gOeRb֦W\H}9v̏Pz! 7]4S|&{R{h8^83MY~#E_3ZBޝ+"ۏMYE@FCM֐#J4Qr3(,zх(4JCfࠖBFڠVDGZyԼ1Qė73&Z5W\crO []L_{6heiKWd#GSfPs @Y5fcWGBbݿEs"}?sv*V!\:6TI q&6QĨ6|}ǖ7dMv/uP脬`$Tj1l|y8h8MQB-V&yg'j|q S4c+v6a>GN4_d&@ۓ\xQApg^$5 v1Hfx6SR&hC(Qj&N7Ɗgve2Q؊L^UZ¹(ntb8zgq &8ˈH.1ƛF]/t]* aԩo|Q̂uM'PsR2X& taf6[eex'8o8TmDn0'w┍F1]OPv|K.(efT+VS;&+_\U2v qއ1&"jAȶ66QLcZބ~FP.`? 1W{}ſb5:hPQ g 93i~ld#󅜎wlB$k f0 ;7]XcL,EVd9Y٨k<T\Sj7i^?`%!үqY"Tϛ% _%HLOPeՁ zyq{<`;|Sj^ +`{hFCF07Qlvߥw7 -:m%F>cHFWj/0Ymm)DFǰ P;aD:(AŜԉl*h d8T2G֠ߛ@Y=x2sd&y22h|*8`4 $ĉ|#A͸-1+2cUw1>\)ajZXv'.ƶ_mLUqZfZPj{ %xRG{,x1 4f37sfƖg e97k'[emY^s8Tc郯0 }GX+ĖSWp6i4oH"_^dƳ(Q5UM#lL"ޓU{tqCN付d{g/A<~C驵Mr?K'nPѩ44L<11<; 7XPl$&:]Czv;4<>c|ȟ?yG,EqތDv3KL| r*w7@8 ezaO[~LaA=celEiS|`ι [hmp+X\4([m|C$'ɇfwdaʛR-`1H8+Yw"6#bPkqy}91EN@EziѺSO \M|(* g={SD4Ӽ= ú%cT_‘Z3xQe@Mݚ[C $Լ #fOmfApS!]9THf8!ٟ&euA5_eGp)sDɞ"SB10@Ş?v$ 6lifqbH"<y>E:*H "3oŢ_U=1kc.:9_q ɦ ;|ryWT@@Z0`!`DkZfi =sGfF%{Uan]K6d c(V?ichcd5=mnr7_z+'P#yg'| | lV?>_AV (37]%hGô~%''/o/. &R9K?xx_6lnfzsvND)9W ю֝ϣ3ôLԎ>s`K2LXOơJ/^^$Qp0%)v"PVn]|$zlt<:lgi b7{7grC)Yɧr)H*njqqYeXG筙k6.[4l@%rͼ*XŠ%yB<DžӷGW痁-Rq%wVl*bL'Õ Dl O?EH;~yW,4* @_*U PY.çCQ㛅W(]ԊU8AetvK hg86uD")HZQpTu8/+plӡ,=r:ya!-uN|{"&%EqUx锁qyC س!~BM[=?6jI~*CJ\aJR`R p Heading 3$$7$8$@&H$a$ 5>*\DA@D Default Paragraph FontRiR  Table Normal4 l4a (k(No List6U`6 p Hyperlink >*B*ph:>`: pTitle$a$5CJ \aJ V^`V p Normal (Web)dd[$\$CJOJQJ^JaJe`" pHTML Preformatted7 2( Px 4 #\'*.25@9CJOJQJ^JaJ4`24 pHeader  !8.BLMn5Azk"#Cb * +  ' DY    ij^0000000000000000(00A0A0A0A 0A 0A0A0A0A(00000  0  0  0  0  0  0  0 0 0  0 0  0 0  0 0  0 0  0 0  0 0  0 @ 0 @ 0 I0.BLMn5Azk"#Cb * +  ' DY    ij^@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0(@0@0A@0A@0A@0A@ 0A@ 0A@0A@0A@0A(@0@0@0@0@0 @ 0 @ 0 @ 0 @ 0 @ 0 @ 0 @ 0 @0 @0 @ 0 @0 @ 0 @0 @ 0 @0 @ 0 @0 @ 0 @0 @ 0 @0 @ 0 @ 0 @ 0 0 !"" """2  Dl<MDeXXXXX8W % 9W % :W |% =*urn:schemas-microsoft-com:office:smarttags PlaceName=*urn:schemas-microsoft-com:office:smarttags PlaceTypeV*urn:schemas-microsoft-com:office:smarttagsplacehttp://www.5iantlavalamp.com/ L!z{ }' Y_3335hTHyF!C^[ICa3Qjh88^8`OJQJ^Jo(pp^p`.@ L@ ^@ `L.^`.^`.L^`L.^`.PP^P`. L ^ `L. hh^h`CJaJo(. ^`5\o(.pLp^p`L.@ @ ^@ `.^`.L^`L.^`.^`.PLP^P`L. ^`B*o(ph.^`. L ^ `L.  ^ `.xx^x`.HLH^H`L.^`.^`.L^`L.h^`OJQJ^Jo(h^`OJQJ^Jo(ohpp^p`OJQJ^Jo(h@ @ ^@ `OJQJ^Jo(h^`OJQJ^Jo(oh^`OJQJ^Jo(h^`OJQJ^Jo(h^`OJQJ^Jo(ohPP^P`OJQJ^Jo(h,P^`P56B*CJOJQJ\]^JaJo(phh^`OJQJ^Jo(ohpp^p`OJQJ^Jo(h@ @ ^@ `OJQJ^Jo(h^`OJQJ^Jo(oh^`OJQJ^Jo(h^`OJQJ^Jo(h^`OJQJ^Jo(ohPP^P`OJQJ^Jo(y!C5h[Ia3QY          9&       RZT                 0        pMG-,G$"s+| Js" J& 9 C % ' =8 N E[%r[0_>O!eugi/$\9{eQXqU=9Q#j:^<S^D^#2tLrXk s4!(5!i!"i"#J}%B&]& &3;(C)q{):*:*M*N,R,].b.t4/0F/\#1_13 333c3jx3~34@5r6J7.c7~79Ty9);[;>^<$=<=)>d?y:@$BXBiCk`C/D_DNpE&FRF%+G,GzeHuI1JYSJXJ'KBL!M.N/YN8UOuPvQ:R=(SUSUU_UHWm7X8Z]ZzZ[S8[ v\KD]xp^9_Sv_Oaa#aaa"c%c~cUeeOe*Ref h:htiYi(j0kTlkmwm#nGoq::r$tT~tvvqvnxhfyzW&z;{I%{C{ |[}P}cR}U]}2\JGIMp1rW56@q e)0n|K2U9E nEpuK-|9dy1'=ajF~4 LrWf qAA}NC >DWByX=9S>pVL>Nu d{qOJ3%?^u:Wra"~ 7 |A07~Jr*8+=5{P+b?mpY7> 4 Qbn!MCwo2Cn0JMD!~"$01:FdUCa7% U<`Ye3)DnS FUt*H,S:A ]HT7eys,M]O=.^9<mn{U!>&bkd]$0,u+W~4|%\`4 Whttp://disasterrecovery.uams.edu/ERP/Contact/Vendors/Information Vaulting Services.htmkMAhttp://disasterrecovery.uams.edu/ERP/Common/DR Critical List.xlskC"http://disasterrecovery.uams.edu/k .http://hipaa.uams.edu/DEFINITIONS - HIPAA.pdfk  !"#$%&'()*+,-/0123456789:;<=>?@ABCDEGHIJKLMOPQRSTUXRoot Entry FfCTwZData 7 1Table..WordDocument.8SummaryInformation(FDocumentSummaryInformation8NCompObjq  FMicrosoft Office Word Document MSWordDocWord.Document.89q