Every business in the medical field requires secure and reliable data backup systems. More than that, there are substantial requirements associated with selecting a HIPAA compliant cloud storage provider. This is because HIPAA, by federal mandate, requires healthcare facilities ensure that each individual’s healthcare data remain confidential.
And because the responsibility of medical and patient privacy falls onto the shoulders of individual healthcare entities themselves, selecting an appropriate cloud storage option is even more paramount. As you look for a HIPAA compliant cloud storage option for your medical practice, make sure the options you consider follow these guidelines:
You NEED a HIPAA Compliant Cloud Storage Option If…
HIPAA compliant hosting requirements for health care organizations have very specific storage and backup standards. It is the responsibility of each healthcare entity to meet these standards and upon audit, prove the standards have been met. Healthcare organizations, and their business associates, that are obliged to meet HIPAA requirements include the following:
Health care providers: Medical offices, clinics, pharmacies, dentists, chiropractors, mental health professionals
Health plans: HMOs, health insurance companies, government healthcare programs such as Medicaid, veteran’s facilities and Medicare.
Health care clearinghouses: organizations that manage, process, format or transmit health information into or from standard electronic formats such as HL7 and HITSP.
Medicare prescription drug card sponsors
If you’re business falls into any of these categories, make sure you search for a HIPAA compliant cloud storage option that will comply with the industry guidelines below.
Identifying Features of HIPAA Compliant Cloud Options
A HIPAA compliant hosting company will be able to meet these technical requirements:
Redundant electronic storage both on-site and off-site – A backup redundancy means there are at least 2 secured versions of the electronic health data, in separate locations. If one location is compromised, there remains a second secure copy. Off-site storage can accommodate both disaster recovery and HIPAA compliance requirements.
Minimum of 128 bit encryption – Data must be encrypted, at rest. This means that data residing in your physical data center, in databases, data warehouses, archives and applications, off-site or in back-up, is at rest, and must be encrypted. If the data is not encrypted at rest, then it must be destroyed. This is required so private medical information can only be read by those granted access.
Granular Level Restore – When the data is restored, there must be the ability to drill down to the document level or the message level, for complete data retrieval.
E-mail and PHI (Protected Health Information) archives – Archives generally must be kept for 6 years. Check to see if your state’s requirements differ.
Must meet compliant data deletion requirements – The deletion and destruction of data must follow NSA approved degaussing methods, or via complete physical destruction. A degaussing method uses an electromagnet to wipe data clean from disc media, tape drives and hard drives. The alternative is complete physical destruction of the media. Either method ensures that no one will have access to the health data.
As a rule, electronic medical data must be protected during transmission, in storage, and in backup. The safest way to ensure HIPAA requirements are met, is to engage a HIPAA compliant hosting company that includes all of the features listed above.
Narrowing Down your Cloud Storage Options
While many cloud backup providers may be capable of HIPAA compliance, you should closely examine the company you want to go with before trusting your patients’ personal data with them.
Simply meeting compliant standards does not necessarily make a backup company right for you. Your backup provider can help you achieve HIPAA compliance, but they should be there to support you if you experience any loss of data. Losing medical records can put your practice in a tough position as far as everyday function goes, and it can leave you vulnerable to legal claims.
Make sure the backup provider you consider doesn’t simply store your data, but actually provides swift and complete data recovery services as well so that you can retrieve lost data when you need it.
HIPAA compliant hosting provided by Nordic Backup, exceeds HIPAA requirements, providing 256 bit encryption, offering both cloud-based backup and local backup. More than that, we pride ourselves on customer service and complete data recovery. Takes the pressure off of your healthcare facility, so you can focus on what’s most important: providing top notch health care to your patients. View our Small Business & Server Pro plans now.
Have more questions about your HIPAA requirements? The U.S Department of Health & Services has all of the information you need. This article on privacy, and this one on security are a helpful place to start.
