|
HIPAA Compliance Checklist, Part 5: Technical Safeguards |
|
|
|
|
Wednesday, 16 July 2008 |
Previously, we have discussed four of HIPAA's requirements and how to choose a data backup vendor to support your HIPAA compliance efforts. Those posts can be found here: 
The last component we'll talk about is technical safeguards. As a health care provider, you are required to implement certain technical safeguards, including measures to limit access to electronic information, to encrypt and decrypt electronic information, and to guard against unauthorized access to that information while it is being transmitted over a network.
What this means is that you should require the following from your data backup vendor:
- All data, including patient and billing records, should be encrypted before it leaves the user’s computer(s) and should never be accessible without the user’s encryption key.
- Encryption is an important step in the process of transmitting data between your location and your provider's remote data centers because it greatly reduces the risk of data loss incidents that plague magnetic tape and prevents man-in-the-middle attacks during transmission. We recommend the 256-bit Advanced Encryption Standard (AES) algorithm because it has never been broken. It is currently considered the gold standard of encryption techniques and renders transmitted data immune to theft.
- Your backup solution should create an independent 256-bit encrypted tunnel and transmit the imaged data to a secure offsite location where it resides in an encrypted, compressed format.
- Your remote site should then replicate again to an alternate data center, creating a total of two copies of the data in two geographically distinct regions.
- Employees of your data backup vendor should not have file-level access to your data at either of the remote data centers.
- For rapid local recovery and even more security, you should have an onsite NAS device, which gives you a third copy of data at your own location. Since the data is encrypted and only you have the pass key, none of your providers' employees have access to the data on the NAS.
HIPAA law can be very confusing. This is why we highly recommend outsourcing many of the required tasks to a professional data backup service. Researching data backup vendors can be a difficult chore, but the folks at Compare Online Backup have already done all the homework for you. Stop by their website and you'll see why Granite Mountain is your clear choice when it comes to data backup and disaster recovery. For your convenience, we've also provided a Fast Quote Form. |
|
(Length: 8 minutes)
At Granite Mountain, we provide True Business Continuity as a core component of our Backup & Disaster Recovery solution. Combine Microsoft Storage Server with our onsite Network Attached Storage (NAS) device and you have full server virtualization. This allows a server which has failed to be restored on the NAS as a virtual image giving you a standby server in less than hour. Since the total image of the server is being restored no configuration changes are needed as the virtual image has the same properties, IP address, NetBIOS name as the failed server and backups continue to happen even when running the virtual image. When new hardware/spares arrive, the virtual image can be shutdown and the latest backup image can be used to perform a bare metal install on the new hardware.
We're Here to Help!
Get the answers you need!
|
