How to Securely Backup Protected Health Information & Medical Data

Posted on Mon, 11/30/2020 - 4:36pm


emc.com

If you are a medical professional or an insurance provider, your business likely has to comply to federal regulations to secure electronic patient health information (ePHI).

Patient data accumulates greatly, putting tremendous pressure on medical professionals to create safe data backups. In just 2010, it was estimated that the amount of data held by medical centers was nearly "1 billion terabytes of data, or almost 2 trillion file cabinets worth of information." 

This staggering amount of patient data of can seem overwhelming, but it doesn't have to be. Here's how you can easily make secure, affordable HIPAA Compliant data backups:

How can your medical practice keep up with big data? 

Being HIPAA Compliant 

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes the criteria for safely storing sensitive data like patient records or private health information (PHI) and requires these safeguards to prevent hacking intrusions and data loss:

  1. Procedures to prevent security violations on any ePHI
  2. Physical security where ePHI is stored
  3. Organizational structure and tiers of access for anyone who may have access to ePHI
  4. Policies in place for any changes that may affect the security of ePHI

What does this mean for your practice?

If your company manages any protected health information such as medical records, sonograms, MRIs, or health care payments, then your data backups must be HIPAA Compliant. Any business associate or subcontractor must also be in compliance with these security standards. Thankfully, it's easy to make HIPAA Compliant, secure data backups.

How to Make HIPAA Compliant Data Backups

The best way to ensure you have securely stored your patient and medical records is by having multiple compliant backups:

1. Recordable Discs

The benefits: 

  1. Recordable discs such as CD-R (700mb), DVD-R (4.7gb), and BD-R (25gb or 50gb) are DICOM, PACS, and HIPAA Compliant.
  2. Serialization - with variable data or barcodes for easy indexing / filing to help you organize patient information quickly and easily.
  3. Custom CD Printing on your Medical Grade discs. Use your own design, logo, and contact information on your custom printed CD design to make it easy for patients and doctors to reach you.
  4. Security - it is easy to encrypt information on a disc: here's how.
  5. Lifespan and cost - DVDs and Blu-Ray discs are the most affordable physical backup option with the longest lifespan, meaning your data will remain secure for a long time:

lifespan and cost per gigabyte of physical backup solutions such as discs and harddrives

2. HIPAA Compliant cloud hosting

The benefits:
  1. A second backup - the cloud is a great storage choice in addition to hard copy backups.
  2. Security - HIPAA Compliant Clouds store ePHI in maximum-security data centers and use encryption to protect data. Just make sure that the cloud backup you choose is HIPAA Compliant - two options include Carbonite and Carecloud.
  3. Automation - some cloud backup options allow for automatic syncing, so you never have to set aside time to manually upload documents.

No matter what option you choose as your second data backup (external hard drives, USBs, the cloud) note the lifespan and inherent risks. For example, all cloud backups are still susceptible to hacking and corruption as they are accessible over wireless connection. This article shows how one lawyer lost data through cloud storage. Also, cloud storage can be very costly over time: $10-100 per month can add up quickly.

3. Procedure for making data backups

The procedure for your backup solution depends on the size of your practice:

  • If you are a small medical business and you work with about 10 patients each week, you could update each patient's disc that week after their visit, while the cloud automatically syncs each day.
  • If you are a larger medical business with between 10-50 patients each week, it may be more beneficial to backup client data the day they visit or while the patient checks out after their appointment.
  • For larger medical industries such as hospitals, a new disc per patient visit might be most reasonable due to the amount of protected health information you may be processing in that one visit. In your cloud, you may want a similar approach for matching organization - a new folder for the date and patient.

Despite the large amount of data that comes with a medical business, it is actually easy to remain HIPAA Compliant and still have safe, easy data backup solutions. 

back to top