HIPAA Compliant Backup Service

A brief history of HIPAA

HIPAA stands for The Health Insurance Portability and Accountability Act of 1996 the act requires that the data related to an individuals health insurance be private and needs to be safeguarded. It requires the entities storing such data to have a strict compliance to guidelines before they are allowed to provide service. It was the result of efforts by the federal government to ensure healthcare data practices allow patients to easily move jobs, insurance, and/or healthcare providers.

The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse, while enabling workers of all professions to change jobs easily even if they (or family members) had pre-existing medical conditions.

HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, privacy, security, and availability of information.

What does this mean for entities handling the information

Administrative Safeguards

A number of administrative requirements must be observed in order to meet HIPAA compliance. The standards cited in the Security Rule include a provider’s security management process, assigned security responsibilities, workforce security, information access management, security awareness training and contingency planning.

Physical Safeguards

These are related to physical infrastructure such as locks and secure access areas. The Physical Safeguards in the HIPAA Security Rule include standards for facility access controls, workstation use and security and device and media controls.

Controls must govern the introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.)

Access to equipment containing health information should be carefully controlled and monitored.

Access to hardware and software must be limited to properly authorized individuals.

Technical Safeguards

A minimum of 128-bit encryption, deletion and destruction of data, which can be done according to the Department of Defense’s standards, set forth in the National Industrial Security Program Operating Manual. And if you don’t encrypt data at rest, then it must be destroyed.

Any backup service that you use should comply to the above mentioned guidelines. For a further understanding of these guidelines please refer this link.

Once you have a clear understanding of all the detailed requirements for compliance you would see that it would make sense to use a backup provider service than implement all of these yourself. Handling an inhouse solution will be both expensive and risky. Would it not be better to rely on someone who has experience in handling these requirements.

How can a Backup Service Provider help you

Advantages to using a data backup service are numerous.

For one, your data is stored off site, which lets you breathe easy in case of blackouts and malware. Automatic data backup is a another feature, seeing as you don’t have to worry about having to backup data periodically on site.

Not to mention, these services normally boast multiple file versioning, so multiple versions of specific documents and files are kept off site. Backup of servers is done overnight, and your data is encrypted, a Security Rule requirement a number of practices struggle with.

We at Solution Union understand that “With great power comes great responsibility.”

Hence all of the data is encrypted end to end and even onsite backup is included.

HIPAA Compliant Backup Service



The post HIPAA Compliant Backup Service appeared first on Solution Union Blog.


Published by


http://SolutionUnion.com is a White Label Cloud platform that is the culmination of nearly a decade of SaaS hosting expertise and engineering.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s