Find Backup Software that Meets HIPAA Requirements
If you’re an IT service provider or MSP who serves healthcare clients, then you’re already pretty familiar with the Health Insurance Portability and Accessibility Act (HIPAA).
When it was passed in 1996, it was meant to protect the privacy of patient records. Of course, the rise of digital records and the Web have changes things considerably. It’s important to know how the rules affect your IT, especially when it comes to your backups.
HIPAA Backup Requirements
When it comes to backup, the key consideration is security. To stay compliant with the regulation requires that you keep all electronic protected health information (ePHI) secure, encrypted, and private.
To review, the HIPAA security rule has key requirements, some of which are listed below along with their key features.
- Incorporating risk analysis and risk management as part of data security management
- Assigning security responsibility and creating a security official for oversight and adherence to security policies and procedures
- Limiting the use and disclosure of protected health information (PHI) to the minimum necessary, also called information access management, which delegates role-based access to electronic PHI consistent with the privacy rule
- Establishing workforce training and management ensuring competency in the workforce surrounding the protection of electronic health documents
- Evaluating the efficiency of storing data and management methods
Physical Safeguards
- Limiting access and control of information based on facility
- Establishing policies and procedures establishing appropriate protections in regard to use and access as well as the transfer, removal, disposal and re-use of electronic media
Technical Safeguards:
- Implementing technical policies and procedures that controls access through authorization
- Overseeing the usage of hardware, software, or procedural mechanisms for data access, and other activity collection and storage
- Implementing policies and procedures that inhibit improper alternation and destruction
- Implementing technical measures that guard against unauthorized access to PHI across an electronic network
Organization Requirements:
- Reviewing entity and organizational responsibilities and business associate contracts under the HITECH Act of 2009
- Curing any material breach or violation of a business associate’s obligation
Policies, Procedures, and Documentation Requirements:
- Reviewing and updating policies and procedures
- Maintaining reasonable and appropriate policies and procedures to comply with the security rule as well as written security policies and procedures and written records of such actions, activities, or assessments for a period of six years
How SolarWinds® MSP Backup & Recovery Helps You with HIPAA
While no software can make you HIPAA compliant, MSP Backup & Recovery helps you move in the right direction. Here are just a few ways:
Strong encryption
Keep medical information secure with strong encryption that helps keep data secure both on-premises and in the cloud. You can choose from AES 256-bit or 448-bit Blowfish encryption. Backups are encrypted at the business’s site and stored securely in the cloud. Data is only decrypted during a recovery at the business’s site.
Access controls
Upon selection by the user, to help with HIPAA’s administrative safeguards, MSP Backup & Recovery has the capability to use a private encryption key that only the backup administrator knows, preventing unauthorized access.
Data center protection
Data is stored in one of our global data centers, all of which are either SSAE-compliant or ISO-certified. Each center has round-the-clock physical security.
Data archiving
One of the important rules around medical records concern retention periods. Even though retention requirements for HIPAA vary based on the type of record, MSP Backup & Recovery provides long-term retention via our data archive, which lets you keep data in secure storage for a long as you may need.
Thinking Beyond HIPAA for Backup
Of course, MSP Backup & Recovery goes beyond HIPAA. It provides a multitude of features to give you powerful backup and recovery that helps you meet your RTOs and RPOs. It includes:
- A hybrid cloud architecture that helps you rapidly restore systems and data via the speed of on-premises hardware, while also giving you the redundancy of secure, cloud-based backups.
- True Delta deep deduplication that tracks changes to files, rather than full files, after the initial backup. This helps to speed up your backup windows, making it easier to back up data more often.
- Bare metal recovery that helps you restore from the BIOS up, providing you with extra protection in the event of a major disaster like a cyber attack.
Start a free trial of MSP Backup & Recovery to see for yourself how it can help you improve your ability to maintain HIPAA compliance.
Source:
HIPAA Security Rule: http://www.hhs.gov/hipaa/for-professionals/security/