EHRS-FM IG

ISO/HL7 10781 - Electronic Health Record System Functional Model, Release 2.1
0.16.0 - CI Build

Publish Box goes here

Requirements: TI.8 Database Backup and Recovery (Function)

Active as of 2024-08-12
Statement N:

Provide for the ability to backup and recover the EHR system.

Description I:

To enable the preservation of the EHR database and its data, functionality needs to be present to record a copy of the database and its contents to offline media as well as the recovery of the system from a backup copy and resumption of normal system operation. The backup must preserve both data as well as database structure and definition information sufficient to recover a complete functional EHR system. Database components may include, but not be limited to application data, security credentials, log/audit files, and programs; ultimately all EHR components necessary to provide a full and complete operating environment. Finally, the backup must be capable of being used during recovery processing to restore an exact copy of the EHR system as of a particular instant in time. This is a requirement to be able to preserve logical consistency of information within the recovered EHR system.

In providing for this capability the system may include multiple backup, and/or redundancy solutions such as fail-over architecture, database journaling, transaction processing, etc.

The backup and recovery function must address both physical system failure (i.e., failure of EHR system hardware) as well as logical system failure (e.g., database corruption). To support the requirement that the EHR system be available whenever it is needed within the design parameters of the system and provide reliability and redundancy of the EHR database and its data, the backup function shall not impact user functionality or appreciably impact user performance.

The backup function may include features which permit multiple processes and technologies to perform its task. This may include multiple backup technologies such as tape, disk, cloud, etc. Also, multiple architectures such as redundancy, online, near-line and off-line media.

Criteria N:
TI.8#01 dependent SHALL

The system SHALL provide the ability to backup and recover EHR information according to scope of practice, organizational policy, and/or jurisdictional law.

TI.8#02 SHALL

The system SHALL provide the ability to backup and recover all database contents including programs and all software components necessary to permit a complete EHR to be recovered. (i.e., 'full' backup and recovery)

TI.8#03 MAY

The system MAY provide the ability to backup and recover EHR information using alternative backup methods in addition to a full backup/recovery (e.g., incremental, differential, reverse delta, or continuous).

TI.8#04 MAY

The system MAY provide the ability to backup EHR information according to a defined schedule of storage media rotation.

TI.8#05 conditional SHALL

IF the EHR user requirements specify that the EHR system be available continuously, THEN the system SHALL provide the ability to backup EHR information concurrently with the normal operation of the EHR application.

TI.8#06 SHOULD

The system SHOULD provide the ability to backup EHR information to a remote location.

TI.8#07 MAY

The system MAY provide the ability to backup EHR information to more than one storage media (e.g., disk, tape, or cloud).

TI.8#08 MAY

The system MAY provide the ability to encrypt backup data.