More than ever before, healthcare legislation authorities are cracking down on medical organizations who fail to comply with HIPAA regulations.
Let’s face it – million dollar plus fines are now commonplace.
If you run a small medical practice in particular, you (literally) can’t afford to run the risk of staying behind the curve when it comes to technology.
What would you do if just for one day, you couldn’t access patient records, electronic medical records, billing, correspondence, receivables and accounting information?
Would your medical practice continue to flourish or come to a screeching halt?
Surprisingly, many medical practice managers rarely take all the necessary steps to protect their data and many fail to have a disaster recovery process in place, often assuming it is someone else’s responsibility.
With all the potential disasters and risks facing medical practices, a network failure is nearly inevitable, and preparation is key.
These are the top 5 data backup and recovery mistakes we see Milwaukee area medical practices make.
HIPAA describes its data backup requirement as “Retrievable exact copies of electronic protected health information”. In other words, what they want is archiving and accessibility. In the event of a disaster, your PHI (protected health information) must be backed up securely and it must be easily restored.
Does your medical practice perform a daily backup that overwrites previous backups? What if, for technical or legal reasons, you needed to access data from a certain point in time, but you don’t have archived copies of your backup?
It’s best to keep backups as long as needed. Hourly backups can be consolidated into weekly and weekly into monthly, etc. This way, you can always access data – from any point in time – whenever you need it.
Not sure what your backup frequency should be?
Contact our office online or call us at (262) 522-8560. We’ll be happy to answer any questions you have.
In order to ensure your data is secure and HIPAA compliant, data backup must take place offsite and be replicated to at least one other location. Tape backups alone are unreliable and won’t keep your practice HIPAA compliant. Your data needs to be encrypted to ANSI standards and tape or disk-based backups are unencrypted and can easily be tampered with or moved.
Cloud based offsite data backup, while once costly and out of reach for most practices, now offers backup solutions that even the smallest medical practices can afford.
This is especially important, as HIPAA requires that your data not only be recoverable, but also viewable at the “granular” level.
You must be able to restore individual messages and documents rather than an incomplete summary of records.
Even if your backup was set up by an outside vendor and you were told it was an automated process, it is critical that you test your backup periodically to ensure you can actually restore all your data.
How often should you test your backup? Give us a call at (262) 522-8560 and one of our highly qualified techs will provide you with recommendations specifically for your medical practice.
In addition to practice management data, you also need to be backing up accounting data, documents, emails, spreadsheets and correspondence. If this data is isolated on PC’s around the office, you need to re-evaluate the data backup and business continuity process you currently have in place for your medical practice.
While formal documentation of a data backup and recovery process is a HIPAA requirement, their wording is vague. However, the outcome is clear that as a business owner, your compliant data backup plan must be on paper – and you must follow it.
HIPAA authorities also require that you periodically test your plan of action – and document it. Detailed reporting on your backups should be generated regularly.
If you’re already overwhelmed by your current day-to-day responsibilities and your office is making one or several of these mistakes, request a free, no-obligation Network Discovery.
Through our network discovery, one of our qualified, professional techs will evaluate the data backup process and policies your Milwaukee area medical practice currently has in place.
We’ll offer ways to ensure your practice remains in compliance and answer all your data backup and technical questions.
Your Network Discovery includes an audit of your current network, infrastructure, server(s), PC’s, backup, security performance and reliability, followed by a non-technical Q&A Session with our Network Consultant.
For technology questions or any other inquiry, please contact our office by email or by phone at (262) 522-8560.