Is Third-Party Backup a Violation of HIPAA?

This is one of the most common questions that we get from the medical community.

From what I understand, HIPAA has little or nothing to do with technology, computers or storage. It simply provides patients with 6 core rights that pertain to how their personal information is handled. These rights mostly have to do with privacy, disclosure, and how the information is used.

I’m not a legal expert, so I won’t go into the specifics of this regulation, or try to give any legal advice in this column. However, I can speak about this from a technology point of view.

There are certain things that you should keep in mind when establishing your HIPAA compliance initiatives

If you have an outsourced IT consultant (as many practices do), your unencrypted patient data is already being accessed by a third-party. This puts you at risk of a breach or other violation.

So for the purposes of the argument, it doesn’t matter whether your data is stored in our secure datacenter, or if the unencrypted files are handled by your outsourced IT guy. Either way, another external entity is accessing your information.

The only difference is that with unencrypted backup tapes or CDs, you’re exposed to more potential liability.

Online storage can help you simplify the process of maintaining HIPAA compliance

Storagepipe encrypts your data twice, once from your end using strong AES encryption, and then another time by transferring the data over a secure SSL internet connection. This method is so secure that there is virtually no way for anyone to decipher the message if it’s intercepted.

It’s also important to keep in mind that an automated online backup solution will encrypt the data from your end FIRST, before the third-party company ever has access to it. The same can’t be said for traditional manual backup methods.

Not all encryption is created equal

Some online backup companies use a single common encryption key for all of their customers. If someone ever got a hold of this key, they would have access to all data stored on the servers. Instead, try to find a company that lets you create your own secret encryption key so that nobody (not even the backup provider), can access your data without your permission.</p>

The technology is also important

Your storage provider can help with your PIPEDA initiative by providing you with access to a high-quality IT infrastructure. As a premier IBM business partner, Storagepipe stores your patient data on IBM Tivoli servers. This is the same backup system used by governments and multinational corporations. It’s simply the best backup system money can buy.

Online backup is the future of medical records management

The more data you need to handle, the higher your risk of a data breach. With the increased use of digital imaging in the medical field, it’s more important than ever for practitioners to have a simple, centralized method for archiving large amounts sensitive patient information for long periods of time.

It’s no longer enough just to back up your patient data. You must also be able to easily protect it from breaches, and quickly access it at your patients’ request. This can be very difficult when you need to sift through 10 Terabytes of digital x-rays to find a single file from 5 years ago.

That’s why a do-it-yourself solution just won’t cut it. You need something more robust.

Whether you’re trying to maintain HIPAA compliance, or you’re simply to improve overall protection for large amounts sensitive information, an online backup solution will usually be more secure and dependable than an outsourced manual process.

Contact Storagepipe today…

… and find out if an online backup and recovery solution is right for your practice. We offer a wide range of data protection solutions and can put together a customized application to meet the needs of your HIPAA implementation. We can also provide you with a free trial.

Join our mailing list

This field is required.
Please enter a valid email address