A brief history of HIPAA
HIPAA stands for The Health Insurance Portability and Accountability Act of 1996 the act requires that the data related to an individuals health insurance be private and needs to be safeguarded. It requires the entities storing such data to have a strict compliance to guidelines before they are allowed to provide service. It was the result of efforts by the federal government to ensure healthcare data practices allow patients to easily move jobs, insurance, and/or healthcare providers.
The goals and objectives of this legislation are to streamline industry inefficiencies, reduce paperwork, make it easier to detect and prosecute fraud and abuse, while enabling workers of all professions to change jobs easily even if they (or family members) had pre-existing medical conditions.
HIPAA requires the ability to establish and maintain reasonable and appropriate administrative, technical, and physical safeguards to ensure integrity, privacy, security, and availability of information.
What does this mean for entities handling the information
A number of administrative requirements must be observed in order to meet HIPAA compliance. The standards cited in the Security Rule include a provider’s security management process, assigned security responsibilities, workforce security, information access management, security awareness training and contingency planning.
These are related to physical infrastructure such as locks and secure access areas. The Physical Safeguards in the HIPAA Security Rule include standards for facility access controls, workstation use and security and device and media controls.
Controls must govern the introduction and removal of hardware and software from the network. (When equipment is retired it must be disposed of properly to ensure that PHI is not compromised.)
Access to equipment containing health information should be carefully controlled and monitored.
Access to hardware and software must be limited to properly authorized individuals.
A minimum of 128-bit encryption, deletion and destruction of data, which can be done according to the Department of Defense’s standards, set forth in the National Industrial Security Program Operating Manual. And if you don’t encrypt data at rest, then it must be destroyed.
Any backup service that you use should comply to the above mentioned guidelines. For a further understanding of these guidelines please refer this link.
Once you have a clear understanding of all the detailed requirements for compliance you would see that it would make sense to use a backup provider service than implement all of these yourself. Handling an inhouse solution will be both expensive and risky. Would it not be better to rely on someone who has experience in handling these requirements.
How can a Backup Service Provider help you
Advantages to using a data backup service are numerous.
For one, your data is stored off site, which lets you breathe easy in case of blackouts and malware. Automatic data backup is a another feature, seeing as you don’t have to worry about having to backup data periodically on site.
Not to mention, these services normally boast multiple file versioning, so multiple versions of specific documents and files are kept off site. Backup of servers is done overnight, and your data is encrypted, a Security Rule requirement a number of practices struggle with.
We at Solution Union understand that “With great power comes great responsibility.”
Hence all of the data is encrypted end to end and even onsite backup is included.