Tag

Replication

Managed Services

Maintaining HIPAA Compliance with Online Data Storage

By | Backup News | No Comments

Keeping patient records secure and private is the concern of every hospital and health care provider, but they are often overwhelmed with years and years of patient information and the lack of adequate storage space. Destroying these health records in order to make room for more storage is often not an option. Patients want access to all of their health care records, and physicians need them in order to better diagnose patients. Online data storage is a way to satisfy all of these issues.

Using online data storage for these records allows easier access for patients, and offers easier sharing of patient information from hospital to physician, as well as from physician to physician. Storing health records online isn’t, however, without security concerns. Patients, hospitals, and physicians want assurance that these confidential records will remain safe, private, and secure, and will only be accessed by those authorized to do so.

What is HIPAA?

HIPAA or the Health Insurance Portability and Accountability Act of 1996 was created in order to protect health information and give patients certain rights regarding their private health information. It also allows for disclosure of health information necessary for patient care. This act specifies safeguards necessary for administrative, and physical and technical handling of patient health information.

According to the U.S. Department of Health and Human Services (HHS.gov) HIPAA has many requirements and restrictions. It requires safeguards for:

  • Access Control
  • Audit Controls
  • Person or Entity Authentication

Access control is defined in the HIPAA Privacy Rule as “the ability or the means necessary to read, write, modify, or communicate data/information or otherwise use any system resource.” It should allow authorized users to only access the minimum amount of information necessary to complete job functions. The Access Control specification also requires the implementation of an exclusive user identification or user ID, and immediate access in case of an emergency.

What Type of Security is Necessary?

When dealing with patient records in an office, maintaining privacy and security usually involves storing patient files in locked cabinets where the files can be physically secured and visibly monitored at all times. When you are storing patient information online, certain precautions must be met in order to maintain the same security and privacy guaranteed each patient.

While HIPAA permits patient records to be transmitted over the Internet, businesses will want a service that offers file encryption, authentication and password protection in order to secure the information. Although HIPAA does not require online data storage services to have encryption, it does require that patient information be adequately protected and accessible only to authorized persons. Encryption is the best way to protect that information and ensure authorized access to those records. It is also important to offer backup services in case of a virus attack, flood, or fire. Finally, the service must offer a method of tracking any security breach, as well as the ability to lock out former employees after they have left or been terminated.

When storing patient information, it is important to stay HIPAA compliant, as the fines for not doing so are expensive. While online data storage for health care businesses guarantee less worry, work, and expense for health care providers, the service is only as good as the security offered. Remaining HIPAA compliant is vital in order to continue a good business relationship with the health care industry.

3 Tips for Shrinking your RTOs and RPOs

By | Backup News | No Comments

Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two of the most important aspects of a data recovery plan.

A Recovery Point Objective (RPO) determines how much data the business is willing to lose in the event of a failure. A Recovery Time Objective (RTO) determines how much time the business deems acceptable to wait for the recovery process to complete.

Even though these parameters are defined and agreed on together with the business, IT admins are constantly striving to reduce their RTOs and RPOs through technology and process. The shorter the RTOs and RPOs, the less downtime the organization will have to endure, resulting in less productivity loss, less costs incurred and reduced risk of reputational impact. Here are three tips to help shrink your RTOs and RPOs.

1. Increase backup frequency

An immediate gain to reduce your RTOs and RPOs is to increase the frequency of backups. By doing this, you lower your RPO because you have more snapshots of your critical data. Similarly, you lower your RTO because having more recent backups will reduce the time it takes to recover.

2. Use ‘changed block recovery’ solutions

The concept of changed block technology is similar to incremental backups. Only the blocks of data that have changed since the last full backup or, in the case of virtual machines (VMs), those blocks needed to restore the VM to a given point in time are backed up.

Whether for virtual or physical backups, if you use a solution that constantly monitors for changes to data blocks then as soon as the backup kicks in, all the pre-processing has already been done. This means your overall backup time is reduced.

3. Replicate, replicate, replicate!

Having a secondary copy of a live data set that you can switch to instantly in the event of a failure will help lower your RTOs.  If you keep a secondary server off-site, your RTO will be limited to the time it takes to failover from one server to another. The frequency of the replication will determine your RPO – the more often you replicate, the lower the RPO.

Conclusion

With all this in mind, it is clear that the lower your RTOs and RPOs need to be, the more complex and more expensive your infrastructure and data protection strategy will be. This is where your choice of backup solution becomes vitally important. Choose well and not only will you help to reduce your RTOs and RPOs but also your Total Cost of Ownership (TCO).

The new features in KIT CloudBackup aim to reduce RTOs and RPOs from hours to minutes. Here are two features worth mentioning.

  • Standby Image – The ability to backup data at a granular level in the form of a standby recoverable image gives you a more flexible and streamlined approach to recovery. This feature gives you an RTO of less than 5 minutes.
  • Backup Accelerator – By continuously monitoring large files for changes, the backup pre-processing time is cut significantly, thus reducing the overall backup window and helping to meet your RPO.