Working with healthcare clients the conversation of HIPAA compliance comes up all too often. Healthcare providers, doctor’s offices, and medical practices from all areas frequently ask us what backup and disaster recovery plan would secure their client data, and keep them HIPAA compliant too.
Healthcare IT (HIT) is a careful balance of keeping healthcare clients’ systems and networks running, without compromise to client and medical data. With frequent changes to HIPAA compliance regulations, it’s important for both you and your IT partner stay up-to-date with the latest in regulations and compliance measures. Recent updates to HIPAA regulations have put everyone on alert being now IT partners share the responsibility of HIPAA compliance specifically with a healthcare provider’s BDR.
In an early post, we discussed the importance of small business backup and disaster recovery and why it’s important to have a BDR.
HIPAA Compliance With Your Backup and Disaster Recovery Plan
Before we get into the specifics, let’s assume not everyone is familiar with a BDR. BDR is short for backup and disaster recovery – an important component of your overall IT system and network management. A BDR ensures that your data is kept safe, secure, backed up regularly, and with a recovery plan in place in case of any major disaster. Now, if you don’t have a BDR currently implemented, get with your IT provider right away and fire them – no, only kidding, but if they’re managing your systems and network properly you should have a BDR in place. The plan can be extremely detailed or fairly simple, just see that you get some form of backup and disaster recovery implemented so you’re not regretting it later on.
Basic Backup and Disaster Recovery Plan: A basic BDR plan consists of server drive redundancy and local network backup to a secure directory, backup to a network attached storage device, and offsite backup using a cloud service. This should be managed, and monitored daily or at the very least weekly!
With new HIPAA compliance regulations, IT providers must take a more offensive approach to clients unwilling to participate with implementing a proper backup plan for their healthcare practice. Whether you’re an IT provider, or healthcare practice, here’s what you should look out for with your cloud backup vendor:
If you have a cloud backup vendor it’s important to know if your cloud backup service is fully HIPAA compliant with all recent updates and regulations. HIPAA now requires the strictest in data encryption methods from cloud backup partners for all data transmitted to and stored within the data center. Another thing to consider is your cloud backup vendor must take rigorous steps to keep unauthorized viewers out of its databases and data centers. A data center is already pretty secure – but in case it wasn’t, they better make it secure! Another thing to consider is verifying with your backup vendor where your healthcare client data is kept. Also, to be HIPAA compliant, your cloud backup vendor must keep your data stored in the United States (assuming your business is in USA). One final tip is to be sure you review your SLA (service level agreement). If you already have a cloud backup vendor, or are considering one, be sure to review the SLA to ensure it meets all HIPAA regulatory compliance and includes scenarios in the event data is lost, or if the backup vendor is sold, or goes out of business.
So there you have it, HIPAA Compliance with your backup and disaster recovery plan. Get with your IT partner and discuss your backup and disaster recovery plan with them today! Be sure you have a plan in place, and confirm your cloud backup vendor is compliant too.