HIPAA_Data_Recovery_Form

HIPAA Data Recovery Request & Chain of Custody Form 

 Instructions: Complete all sections. Store completed forms for 6 years per HIPAA retention. 

 Section 1: Request Details - Request ID: _______________________________________ - Request Date/Time: _______________________________________ - Requestor Name/Title/Department: _______________________________________ - Contact Info (email/phone): _______________________________________ - Business Justification (clinical/operational impact): _______________________________________   ________________________________________________________________ 

 Section 2: Data/System Identification - System/Application Name: _______________________________________ - Environment (Prod/Test/Dev): _______________________________________ - Data Type(s) (ePHI, PII, other): _______________________________________ - Data Owner: _______________________________________ - Location (server/VM/endpoint/cloud service): _______________________________________ - Asset Tag / Hostname: _______________________________________ 

 Section 3: Recovery Parameters - Incident/Change Reference #: _______________________________________ - Desired Restore Point (timestamp/snapshot): _______________________________________ - RTO Target (hours): _______________________________________ - RPO Target (minutes/hours): _______________________________________ - Scope (entire system / database / folder / files): _______________________________________ - Dependencies (DB, services, keys, networking): _______________________________________ 

 Section 4: Authorization - Security/Privacy Officer Approval (name/sign/date): _______________________________________ - System Owner Approval (name/sign/date): _______________________________________ 

 Section 5: Recovery Execution (to be completed by IT) - Assigned Engineer: _______________________________________ - Start Date/Time: _______________________________________ - Source Media (backup set ID, snapshot ID): _______________________________________ - Hash/Integrity Verification (method/result): _______________________________________ - Steps Performed (summary):   ________________________________________________________________   ________________________________________________________________   ________________________________________________________________ - End Date/Time: _______________________________________ - Outcome (success/partial/failed): _______________________________________ - Data Validation Results (owner sign-off): _______________________________________ 

 Section 6: Post-Recovery Actions - Incident Record Updated (yes/no): _______________________________________ - Gaps/Issues Identified: _______________________________________   ________________________________________________________________ - Corrective Actions/Follow-ups: _______________________________________   ________________________________________________________________ - Runbooks Updated (yes/no/date): _______________________________________ 

 Chain of Custody (if physical media used) - Media ID: _______________________________________ - Description: _______________________________________ - Custodian Transfer Log (name, date/time, from/to, signature):   | Date/Time       | From          | To            | Signature      | Notes                              |   |_________________|_______________|_______________|________________|___________________|   |                 |               |               |                |                   |   |                 |               |               |                |                   |   |                 |               |               |                |                   |