Guidelines - in regards to backups

all information taken from HIPAA guidelines section 142

1. Security guidelines went into effect on April 14, 2003.
2. Data must be backed up on a periodic basis.
3. There must be an 'audit trail' for backed up data that leaves the facility.
4. Access to backup media must be restricted to authorized personnel only.
5. There must be a backup plan and disaster recovery plan in place.
6. Data must be "a retrievable, exact copy".

Compliance

1. Our backup service was fully compliant long before April 14, 2003.
2. Our backups run automatically; every hour, day, week and/or month.
3. Every backup generates a log of what, where, when, how and to whom.
4. There is no media - access to restore data is by password only.
5. We can either generate that plan for you or help you in creating your own.
6. 100% data recovery - very difficult to obtain with tapes & zips.

Benefits

1. We were pro-active with HIPAA; we still are.
2. You don't have to manage, or worry about, your backups.
3. You don't have to track your backups; that's done automatically.
4. Because there is no media, you don't have to worry about compliance.
5. We don't charge HIPAA pricing - we stick to our normal rates.
6. 100% data recovery will also enable you to get back to running your business ASAP.

Non-compliance (how to find yourself in non-compliance)

• Leave your backups to chance or memory.
• Allow someone to take your backups home.
• Lose a backup tape, zip or CD.
• Leave your tapes in an unsecured room to run overnight.
• Leave your tapes in the 'server' to run during the day.
• Leave your backups tapes in a purse or desk drawer to be taken home at night.
• Allow anyone access to your tapes, that is not authorized to have them.
• Not recover 100% of the data (difficult for tapes & zips to achieve 100% recovery).
• Leave your backups on site.