Skip to main content

HIPAA Compliant Data Backup is About More than Software. Here’s Why.
April 11, 2024
Central Data Storage
hipaa-compliant-data-backup.jpeg

We are experts in HIPAA compliant backup and recovery. You get more than a HIPAA Compliant Backup Service provider-you get a business partner!

Large or small, all healthcare organizations need to spend time thinking about HIPAA compliant data backup for their patients’ health information.

Why? Because the privacy and security of that information is paramount to HIPAA compliance – and fines and penalties for violations are huge.

The costs of non-compliance can be ruinous to an organization – and particularly small practices.

Penalties range from $100 to a massive $50,000 per individual violation – based on the level of perceived negligence within an organization – with a maximum penalty of $1.5 million per calendar year.

In addition, violations can even result in jail time for the individuals responsible.

The list of HIPAA penalties collected by the OCR in 2020 already exceeds $12.2 million – putting the average fine for non-compliance so far this year at nearly $1 million (about $938,000).

Violations range from failures to implement HIPAA Security Rule requirements to data breaches due to inadequate security systems.

One health system had to pay $1,040,000 following the theft of an unencrypted laptop and several organizations have violated the HIPAA Right of Access Initiative – designed to provide individuals with easy access to their health information upon request – under the HIPAA Privacy Rule. These breaches have resulted in fines ranging from $3,500 to $160,000.

What we can see from these violations is that simply backing up your data – even with a HIPAA compliant cloud backup provider – isn’t enough.

Full HIPAA compliance means abiding by all HIPAA Rules and putting policies, practices and procedures in place to ensure your practice is acting in accordance with the legislation and all its parameters.

This is no simple task. HIPAA is as vast as it is stringent.

As such, when looking for a HIPAA compliant backup solution, it’s important to remember that different data backup and recovery solution providers offer different levels of support to help you meet your HIPAA requirements.

What is a HIPAA Compliant Data Backup Service?

Put simply, if you use software solutions only, you need to be a data storage expert on top of your day job to ensure your data backup recovery processes are optimized, regularly updated and work exactly as they need to when you need them.

Some popular data storage solutions are not HIPAA compliant by default and offer little (or nothing) in the way of support for their clients when it comes to configuring the system to comply with the legislation – let alone making sure they have a robust data backup and recovery plan in place.

Dropbox, for example, does not provide out-of-the-box HIPAA compliant cloud storage by design.

Though it is possible to make use of it as a data storage system and avoid HIPAA violations, the onus is on you to configure sharing permissions, two-factor authentication and to regularly monitor user accounts and devices to ensure unauthorized individuals are not accessing PHI.

Similarly, Amazon Web Services (AWS) can be rendered HIPAA compliant – all you need to do is follow the 26-page guide on Architecting for HIPAA Security and Compliance on Amazon Web Services and secure AWS instances yourself.

Sound complicated? It is.

As reported in the HIPAA Journal, AWS misconfigurations are very common.

“On numerous occasions, security researchers have discovered unprotected AWS S3 buckets and have alerted healthcare organizations that PHI has been left unprotected.

However, security researchers are not the only ones checking for unsecured data.

Hackers are always on the prowl. It is far easier for a hacker to steal data from cloud storage services that have had all protections removed than it is to attack organizations in other ways.”

Amazon has even had to email users who had potentially misconfigured their S3 buckets to warn them that data could be accessed by anyone.

Google also offers its own 26-page guide to help health organizations get to grips with securing the solution and setting access controls in line with HIPAA.

Others, such as Apple iCloud, will not sign a Business Associate Agreement (BAA) with HIPAA covered entities and WeTransfer is not HIPAA-compliant at all – and so must be avoided.

UnisonBDR by Central Data Storage – Your Compliant Data Backup Partner

The solution is to utilize the services of a HIPAA compliant backup specialist – and one that provides not only software, but full service and data storage support and ongoing guidance on best practices for HIPAA compliance.

At Central Data Storage, we make support for HIPAA compliance a top priority.

Not only is UnisonBDR a top cloud backup and recovery solutions  in the industry, but we also make it our mission to form true working partnerships with our clients.

We help them develop policies, procedures, training programs and disaster recovery plans so they can be sure that their whole business is in full compliance with HIPAA and always fully recoverable in the event of a data security disaster.

Our clients put it best:

“Thanks again so much Brandon for your conscientiousness and understanding of how crucial this situation was for our office. We are in a small town so access can be very limited and by you going above and beyond ensured that we can take care of many more patients who need to be seen, including those who are in pain” – Dr. Ethelyn Pak, Dover Dental Clinic.

When it comes to HIPAA compliant backup, work with a partner – not just a software provider.

Talk to us here at Central Data Storage. As well as offering backup, disaster recovery and data storage solutions, CDS is also a leading provider of HIPAA compliant encrypted messaging and file sharing solutions. 

Contact our friendly team today – call 1-888-907-1227 or email info@centraldatastorage.com