Disaster Recovery for HIPAA Data & Applications

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted to help address concerns regarding health care data security and privacy.  As part of the administrative safeguards of this act, health care facilities are responsible for backing up their data and having a disaster recovery plan in place for responding to emergencies. 

In general, health care facilities are responsible for maintaining the availability, integrity, and confidentiality of their patients’ Protected Health Information (PHI).  If a patient arrives in the Emergency Room in the middle of the night, the physician needs to be able to access the patient’s electronic health records quickly so that they can address their needs effectively. 

Therefore, data backups are imperative and a disaster recovery plan is essential to ensure that Protected Health Information can be recovered and restored in a reasonable amount of time if an unexpected event occurs.  The health care facility’s disaster recovery plan should outline data priority and failure analysis, testing activities, and change control procedures. 

With cloud computing, disaster recovery has become very cost-effective.  Health care data can be backed up off-site or hosted in a highly-available environment that maintains data integrity in the event of a disaster.  Also, redundancy can also be delivered in the cloud server platform to provide failover protection.

Atlantic.Net offers HIPAA Compliant Hosting and is a trusted partner to medical and health care facilities throughout the country.  Atlantic.Net has been recognized by disaster recovery hosting professionals and has been chosen by the Disaster Recovery Journal as their official data center!

The Value of a Disaster Recovery Plan

It is extremely important for businesses to have a Disaster Recovery (DR) plan in place for situations where downtime or data loss may affect the business’ ability to continue operating smoothly and effectively.  To protect your data, it is essential that you know what you’ve got, understand what’s at risk, and then create a Disaster Recovery plan to keep risk at a minimum.

Disaster Recovery ties directly into business continuity because with so many businesses relying on their websites and/or the Internet in general, the loss of data could greatly affect their revenue.  The reality is that if your information system is taken down due to a flood, malware, hack attack, etc., you have both a business continuity and disaster recovery issue on your hands.

When putting together a Disaster Recovery plan, there are several key factors that will need to be considered so that the plan is as effective as possible.  Take the following factors into consideration when creating a DR plan for your business:

  • Recovery Time Objective (RTO) – What is your business’ objective time in which you should be able to restore systems to a point where you can carry out the impacted operations, even perhaps with limited functionality?
  • Maximum Tolerable Downtime (MTD) – How much downtime can your business handle before the impact of this downtime becomes long term and results in substantial loss?
  • Recovery Point Objective (RPO) – At what point can your business cope with data loss?  This will determine whether your business should implement data backup routines consisting of constant synchronization, daily backups, weekly backups, etc.

Having a Disaster Recovery plan in place will allow your business to recover from disaster in a relatively short amount of time because of the protocols in place to restore lost data, as well as to restore hardware resources that have been affected.

Atlantic.Net has been recognized by top disaster recovery hosting professionals throughout the world and has been chosen by the Disaster Recovery Journal as their official data center