Blog
Is Third-Party Backup a Violation of HIPAA?
This is one of the most common questions that we get from the medical community.
From what I understand, HIPAA has little or nothing to do with technology, computers, or storage. It simply provides patients with 6 core rights that pertain to how their personal information is handled. These rights mostly have to do with privacy, disclosure, and how the information is used.
I’m not a legal expert, so I won’t go into the specifics of this regulation, or try to give any legal advice in this column. However, I can speak about this from a technology point of view.
There are certain things that you should keep in mind when establishing your HIPAA compliance initiatives
If you have an outsourced IT consultant (as many practices do), your unencrypted patient data is already being accessed by a third party. This puts you at risk of a breach or other violation.
So for the argument, it doesn’t matter whether your data is stored in our secure data center, or if the unencrypted files are handled by your outsourced IT guy. Either way, another external entity is accessing your information.
The only difference is that with unencrypted backup tapes or CDs, you’re exposed to more potential liability.
Online storage can help you simplify the process of maintaining HIPAA compliance
Thrive encrypts your data twice, once from your end using strong AES encryption, and then another time by transferring the data over a secure SSL internet connection. This method is so secure that there is virtually no way for anyone to decipher the message if it’s intercepted.
It’s also important to keep in mind that an automated online backup solution will encrypt the data from your end FIRST before the third-party company ever has access to it. The same can’t be said for traditional manual backup methods.
Not all encryption is created equal
Some online backup companies use a single common encryption key for all of their customers. If someone ever got a hold of this key, they would have access to all data stored on the servers. Instead, try to find a company that lets you create your secret encryption key so that nobody (not even the backup provider), can access your data without your permission.
The technology is also important
Your storage provider can help with your PIPEDA initiative by providing you with access to a high-quality IT infrastructure. As a premier IBM business partner, Thrive stores your patient data on IBM Tivoli servers. This is the same backup system used by governments and multinational corporations. It’s simply the best backup system money can buy.
Online backup is the future of medical records management
The more data you need to handle, the higher your risk of a data breach. With the increased use of digital imaging in the medical field, it’s more important than ever for practitioners to have a simple, centralized method for archiving large amounts of sensitive patient information for long periods.
It’s no longer enough just to back up your patient data. You must also be able to easily protect it from breaches, and quickly access it at your patients’ request. This can be very difficult when you need to sift through 10 Terabytes of digital X-rays to find a single file from 5 years ago.
That’s why a do-it-yourself solution just won’t cut it. You need something more robust.
Whether you’re trying to maintain HIPAA compliance, or you’re simply to improve overall protection for large amounts of sensitive information, an online backup solution will usually be more secure and dependable than an outsourced manual process.
Contact Thrive today…
… and find out if an online backup and recovery solution is right for your practice. We offer a wide range of data protection solutions and can put together a customized application to meet the needs of your HIPAA implementation. We can also provide you with a free trial.