Encryption & Decryption
Because it protects data from prying eyes, encryption and decryption were made an essential HIPAA requirement. MedCo Data’s Online Backup Manager’s process compresses and encrypts prior to transmitting over a secure internet channel (SSL), so rest assured your data is safe.
HIPAA Regulations on Data Care:
1. Data
Backup Plan:
164.308(a)(7)(ii)(A)
2. Disaster Recovery Pla:
164.308(a)(7)(II)(B)
3. Emergency Mode Operations
Plan: 164.308(a)(7)(II)(C)
4. Emergency Access
Procedures:
164.312(a)(2)(ii)
5. Data Backup and Storage:
164.310(d)(2)(iv)
6. Contingency Operations:
164.310(a)(2)(i)
7. Encryption & Decryption:
164.312(a)(2)(iv)
Everyone agrees that backing up your data is a good idea. Once your medical records go digital it is paramount that your strategy includes more than making a copy on an external hard drive. A complete solution with redundant onsite and offsite backup, including regular testing of the database validity is the only way to ensure your data is protected.
Off site backup is one of the best ways to protect your practice and reduce your risk from data loss. Your backup plan should include MedCo Data's Easy Online Backup Manager, the most secure, cost-effective choice for data backup… Our backup suite is full service – that means we do it all for you!
Disaster Recovery Plan
In this uncertain world, a disaster recovery plan is worth its weight in gold. After a disaster; secure and immediate access to your practice data is a crucial element of the disaster recovery process. If your servers go down or get damaged, rely on MedCo Data to keep your data safe and accessible whenever and wherever you need it.
The Health Insurance Portability and Accountability Act was formulated in 1996. This law aims towards safeguarding the confidentiality of health information of individuals. Published by Health and Human Services (HHS), the HIPAA laws touch every area of the health industry from a single physician to a multi specialty hospital. An important section of this act deals with the storage and transfer of health related records electronically. They are in effect from April 2003. There are strict civil and criminal penalties levied on non-compliance of this act. The major features are:
- All data related to personal health must be guard against any threat or risks. The Electronic personal health information (EPHI) must be stored in fail-safe systems and protected against any hazard.
- Access to ePHI must be available to authorized personnel only. The data should have a clear date time stamp for supplying a clear audit trail. All the records of access must be maintained. It should be prohibited for all uses and disclosures that are not allowed by the Privacy rule.
- All third parties processing the data must enter a trust partner agreement. The third party must agree safeguard the electronically processed and transmitted data maintaining the privacy of the information exchanged.
The organizations offering offsite data backup facility control and handle sensitive electronic data. Offsite data backup solutions are being used by many organizations in the medical, banking or financial industries. This data may have the confidential information of the clients. Hence, it is necessary that the offsite backup vendors must comply by these regulations. The consequence of non-compliance with these stringent laws is very severe. There are many civil and criminal penalties prescribed for the violators. Hence, a user must confirm that the offsite data backup vendor complies with all the relevant laws and Acts. It is always better to be safe than sorry.
