Data Management Policy

Praktice AI has procedures to create and maintain retrievable exact copies of electronic protected health information (ePHI) stored in conjunction with providing services for Praktice AI Customers. The policy and procedures will assure that complete, accurate, retrievable, and tested backups are available for all systems used by Praktice AI.

Data backup is an important part of the day-to-day operations of Praktice AI. To protect the confidentiality, integrity, and availability of ePHI, both for Praktice AI and Praktice AI Customers, complete backups are done daily to assure that data remains available when needed and in case of a disaster.
Violation of this policy and its procedures by workforce members may result in corrective disciplinary action, up to and including termination of employment.

6.1 Applicable Standards

6.1.1 Applicable Standards from the HITRUST Common Security Framework

01.v - Information Access Restriction

6.1.2 Applicable Standards from the HIPAA Security Rule

164.308(a)(7)(ii)(A) - Data Backup Plan
164.310(d)(2)(iii) - Accountability
164.310(d)(2)(iv) - Data Backup and Storage


6.2 Backup Policy and Procedures

Perform daily snapshot backups of all systems that process, store, or transmit ePHI for Praktice AI Customers. Specifically, this comprises the master database and the Kubernetes configuration file.
Praktice AI Technical Team is designated to be in charge of backups.
Praktice AI Technical Team members are trained and assigned to complete backups and manage the backup media.

Backups are to be documented and identified clearly:
Name of the system
Date & time of backup

Securely encrypt stored backups in a manner that protects them from loss or environmental damage.
Test backups and document that files have been completely and accurately restored from the backup media.