Explained by Raymond F. Posa, MBA
Technology Advisor to the
American Academy of Podiatric
Practice Management,
President, R. Francis Associates 

HIPAA: Who's Watching Your Back-up ?
(Volume 64)

Sometimes it almost sounds like a cliché, when a client has a hard drive crash and they proclaim, “Not to worry, we have a backup”.  In almost 75% of cases I find that the back-up is no good.  Backing up your data is so critical, yet most offices never pay it the attention it deserves.  I am often asked “How often should I back up?”  The answer is easy: how much data are you willing to lose?  A day’s worth, a week, a month.  How much does it cost you to back up your data vs. how much would it cost you to recreate your data?

As a matter of daily routine, a backup should be done everyday, with a set being taken off-site at least monthly, if not weekly, in case of a disaster at the office.  But the backup procedure should be more than one person blindly pulling a tape out of the computer and replacing it with a new one.  At this point you have no idea if that tape is any good.  You must look at the back up log and verify that the back up occurred, that the back up size looks proper and that the directories backed up are the ones with your data.

I just ran into a case where a client had a brand new computer system installed and a back-up system put in place and the scheduler set up to do automatic back-ups at night, so the whole procedure is hands-off for the staff.  One day while I was in the office I was asked to take a look at the back-up and check to see that the back-ups were valid.  To my client’s surprise, the back-up had not run in three months.  It turns out that the company that installed and configured the back-up did not realize that there is a glitch in the Microsoft Windows 2000 back-up scheduler: it doesn’t work!  Here is a typical case where the client is going about their businesses thinking that they are protected from data loss.

I have seen similar cases where the tapes themselves are no good, the back-up program is logging the error, but nobody is watching the log and the situation continues until the day comes when they need to restore their data.

Aside from the obvious reason for backing up, to prevent the loss of your data, did you know that back-ups and back-up testing procedures are mandated by HIPAA and will be in effect and enforceable come April 2005?  Under the data integrity requirements of HIPAA you are required to back up your data, verify through measurable means that the back-up is valid, and maintain a back-up set off-site for disaster recovery under your contingency plan.

This all sounds like a lot of work and effort when all we really want to do is treat patients. Now we have to manage a data center as well, or we have to contract out to have a computer company come on-site and perform these tasks.  That gets real expensive.  So, what is a practical solution?

The answer is off-site internet-based back-ups.  With the widespread availability of broadband connections and inexpensive storage, this back-up method is rapidly becoming the back-up method of choice.  The advantages are many.  First, this back-up method is truly hands-off for the staff and requires no time or effort on their part, thus making them more available for your practice.  The increase in staff productivity more than covers the cost of the service.  Second, every back-up is off-site, thus providing the disaster protection that is so important.  Third, the remote back-up service generates a back up log every day giving you all of the back-up statistics your need to be sure your back ups are complete and valid.  Fourth, the logs are E-mailed to you everyday, so you have hard copy proof that you exercised due diligence in protecting your data. 

The big question regarding off-site back-ups is, are they secure?  The answer is yes.  The back-up system uses a client software program that uses a 428-bit blowfish encryption method (that is thus far totally uncrackable).  The file is encrypted and compressed, then transferred off-site.  The back up file is only restorable through the use of a restore key located on the remote server, thus giving you a double redundancy to protect your data.  You back-up logs are also monitored by trained professionals who can spot problems long before they become big problems.

If this back-up method sounds right for your practice and you would like more information, please contact the AAPPM Technology Advisor, Raymond Posa at or call him at 732-919-0944.

By: Raymond F. Posa, MBA
Technology Advisor to the American Academy of Podiatric Practice Management
President, R. Francis Associates

To be continued..........


FAQ Archive

   Previous HIPAA Tips 


Any questions or comments can be addressed to Mr. Posa by E-mail

Or you can go to WWW.NJHIPAA.COM for detailed information on HIPAA


Copyright 2002-2010, Gayle S. Johnson.
All Rights Reserved