HIPAA_Data_Recovery_Form
HIPAA Data Recovery Request & Chain of Custody Form
Instructions: Complete all sections. Store completed forms for 6 years per HIPAA retention.
Section 1: Request Details
- Request ID: _______________________________________
- Request Date/Time: _______________________________________
- Requestor Name/Title/Department: _______________________________________
- Contact Info (email/phone): _______________________________________
- Business Justification (clinical/operational impact): _______________________________________
________________________________________________________________
Section 2: Data/System Identification
- System/Application Name: _______________________________________
- Environment (Prod/Test/Dev): _______________________________________
- Data Type(s) (ePHI, PII, other): _______________________________________
- Data Owner: _______________________________________
- Location (server/VM/endpoint/cloud service): _______________________________________
- Asset Tag / Hostname: _______________________________________
Section 3: Recovery Parameters
- Incident/Change Reference #: _______________________________________
- Desired Restore Point (timestamp/snapshot): _______________________________________
- RTO Target (hours): _______________________________________
- RPO Target (minutes/hours): _______________________________________
- Scope (entire system / database / folder / files): _______________________________________
- Dependencies (DB, services, keys, networking): _______________________________________
Section 5: Recovery Execution (to be completed by IT)
- Assigned Engineer: _______________________________________
- Start Date/Time: _______________________________________
- Source Media (backup set ID, snapshot ID): _______________________________________
- Hash/Integrity Verification (method/result): _______________________________________
- Steps Performed (summary):
________________________________________________________________
________________________________________________________________
________________________________________________________________
- End Date/Time: _______________________________________
- Outcome (success/partial/failed): _______________________________________
- Data Validation Results (owner sign-off): _______________________________________
Section 6: Post-Recovery Actions
- Incident Record Updated (yes/no): _______________________________________
- Gaps/Issues Identified: _______________________________________
________________________________________________________________
- Corrective Actions/Follow-ups: _______________________________________
________________________________________________________________
- Runbooks Updated (yes/no/date): _______________________________________
Chain of Custody (if physical media used)
- Media ID: _______________________________________
- Description: _______________________________________
- Custodian Transfer Log (name, date/time, from/to, signature):
| Date/Time | From | To | Signature | Notes |
|_________________|_______________|_______________|________________|___________________|
| | | | | |
| | | | | |
| | | | | |
No Comments